################################################################
# abuse.ch URLhaus IDS ruleset (Snort / Suricata)              #
# Last updated: 2025-10-22 12:39:15 (UTC)                      #
#                                                              #
# Terms Of Use: https://urlhaus.abuse.ch/api/                  #
# For questions please contact urlhaus [at] abuse.ch           #
################################################################
#
# url
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.85.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683788/; classtype:trojan-activity;sid:84546888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683787/; classtype:trojan-activity;sid:84546887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.236.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683786/; classtype:trojan-activity;sid:84546886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.4.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683785/; classtype:trojan-activity;sid:84546885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683783)"; flow:established,from_client; content:"GET"; http_method; content:"/prbg4w4z9b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"deepo.res4ev7oy1.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683783/; classtype:trojan-activity;sid:84546883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.68.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683781/; classtype:trojan-activity;sid:84546881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683779)"; flow:established,from_client; content:"GET"; http_method; content:"/iemeo490tl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qx2m.97ie88e7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683779/; classtype:trojan-activity;sid:84546879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.5.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683777/; classtype:trojan-activity;sid:84546877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.100.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683776/; classtype:trojan-activity;sid:84546876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.32.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683774/; classtype:trojan-activity;sid:84546874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.113.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683773/; classtype:trojan-activity;sid:84546873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683770)"; flow:established,from_client; content:"GET"; http_method; content:"/q5wsb9mmzl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qx2m.97ie88e7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683770/; classtype:trojan-activity;sid:84546870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.197.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683767/; classtype:trojan-activity;sid:84546867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.4.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683766/; classtype:trojan-activity;sid:84546866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683765)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6382108206/zv8cdrw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683765/; classtype:trojan-activity;sid:84546865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683764/; classtype:trojan-activity;sid:84546864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.197.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683763/; classtype:trojan-activity;sid:84546863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683762/; classtype:trojan-activity;sid:84546862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683761/; classtype:trojan-activity;sid:84546861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.68.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683760/; classtype:trojan-activity;sid:84546860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683759)"; flow:established,from_client; content:"GET"; http_method; content:"/73ox10l394.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a5v9.97ie88e7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683759/; classtype:trojan-activity;sid:84546859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.216.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683757/; classtype:trojan-activity;sid:84546857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683756/; classtype:trojan-activity;sid:84546856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683751)"; flow:established,from_client; content:"GET"; http_method; content:"/z836bacwj0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"7eud.97ie88e7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683751/; classtype:trojan-activity;sid:84546851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683749/; classtype:trojan-activity;sid:84546849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683748)"; flow:established,from_client; content:"GET"; http_method; content:"/4apbatx7zy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lx0c.97ie88e7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683748/; classtype:trojan-activity;sid:84546848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683745)"; flow:established,from_client; content:"GET"; http_method; content:"/6nfsk2glew.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n0.rv6324.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683745/; classtype:trojan-activity;sid:84546845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683744)"; flow:established,from_client; content:"GET"; http_method; content:"/1ggv1oj7gc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lx0c.97ie88e7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683744/; classtype:trojan-activity;sid:84546844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.22.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683742/; classtype:trojan-activity;sid:84546842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683741)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6382108206/cwoabca.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683741/; classtype:trojan-activity;sid:84546841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.10.100.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683740/; classtype:trojan-activity;sid:84546840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683739)"; flow:established,from_client; content:"GET"; http_method; content:"/spn0c53qhb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f1y6.97ie88e7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683739/; classtype:trojan-activity;sid:84546839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683734)"; flow:established,from_client; content:"GET"; http_method; content:"/fugr6y3x5o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"4tqm.28ae00i7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683734/; classtype:trojan-activity;sid:84546834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683731)"; flow:established,from_client; content:"GET"; http_method; content:"/dj8ehs8wdv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"4tqm.28ae00i7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683731/; classtype:trojan-activity;sid:84546831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683727)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683727/; classtype:trojan-activity;sid:84546827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683728)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683728/; classtype:trojan-activity;sid:84546828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683729)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683729/; classtype:trojan-activity;sid:84546829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683722)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683722/; classtype:trojan-activity;sid:84546822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683723)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683723/; classtype:trojan-activity;sid:84546823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683724)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683724/; classtype:trojan-activity;sid:84546824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683716)"; flow:established,from_client; content:"GET"; http_method; content:"/8oyd79wywz.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk8.bl8205.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683716/; classtype:trojan-activity;sid:84546816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683717)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683717/; classtype:trojan-activity;sid:84546817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683718)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683718/; classtype:trojan-activity;sid:84546818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683719)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683719/; classtype:trojan-activity;sid:84546819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683720)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683720/; classtype:trojan-activity;sid:84546820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683721)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.148.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683721/; classtype:trojan-activity;sid:84546821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683715/; classtype:trojan-activity;sid:84546815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683713)"; flow:established,from_client; content:"GET"; http_method; content:"/kza7gv4s9l.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk8.bl8205.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683713/; classtype:trojan-activity;sid:84546813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.199.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683712/; classtype:trojan-activity;sid:84546812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.49.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683710/; classtype:trojan-activity;sid:84546810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.89.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683705/; classtype:trojan-activity;sid:84546805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.5.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683706/; classtype:trojan-activity;sid:84546806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.69.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683702/; classtype:trojan-activity;sid:84546802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.88.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683701/; classtype:trojan-activity;sid:84546801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.199.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683699/; classtype:trojan-activity;sid:84546799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.207.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683698/; classtype:trojan-activity;sid:84546798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.184.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683696/; classtype:trojan-activity;sid:84546796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.211.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683695/; classtype:trojan-activity;sid:84546795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.69.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683693/; classtype:trojan-activity;sid:84546793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683692)"; flow:established,from_client; content:"GET"; http_method; content:"/m9hetyifpe.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.bl8205.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683692/; classtype:trojan-activity;sid:84546792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.184.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683691/; classtype:trojan-activity;sid:84546791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.86.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683690/; classtype:trojan-activity;sid:84546790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.19.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683687/; classtype:trojan-activity;sid:84546787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.28.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683686/; classtype:trojan-activity;sid:84546786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.179.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683685/; classtype:trojan-activity;sid:84546785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.160.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683684/; classtype:trojan-activity;sid:84546784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.89.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683682/; classtype:trojan-activity;sid:84546782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.69.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683679/; classtype:trojan-activity;sid:84546779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683678/; classtype:trojan-activity;sid:84546778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.235.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683677/; classtype:trojan-activity;sid:84546777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.160.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683672/; classtype:trojan-activity;sid:84546772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.179.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683673/; classtype:trojan-activity;sid:84546773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683665)"; flow:established,from_client; content:"GET"; http_method; content:"/cmsjj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"globaltechbilling.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683665/; classtype:trojan-activity;sid:84546765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.65.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683664/; classtype:trojan-activity;sid:84546764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683663/; classtype:trojan-activity;sid:84546763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.35.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683656/; classtype:trojan-activity;sid:84546756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.65.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683653/; classtype:trojan-activity;sid:84546753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683651/; classtype:trojan-activity;sid:84546751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683650/; classtype:trojan-activity;sid:84546750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683648/; classtype:trojan-activity;sid:84546748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.195.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683644/; classtype:trojan-activity;sid:84546744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.36.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683643/; classtype:trojan-activity;sid:84546743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.140.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683642/; classtype:trojan-activity;sid:84546742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.176.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683640/; classtype:trojan-activity;sid:84546740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.79.160.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683639/; classtype:trojan-activity;sid:84546739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.189.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683638/; classtype:trojan-activity;sid:84546738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.148.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683630/; classtype:trojan-activity;sid:84546730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.176.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683629/; classtype:trojan-activity;sid:84546729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.36.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683628/; classtype:trojan-activity;sid:84546728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683625/; classtype:trojan-activity;sid:84546725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.248.152.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683620/; classtype:trojan-activity;sid:84546720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.188.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683615/; classtype:trojan-activity;sid:84546715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683613/; classtype:trojan-activity;sid:84546713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.115.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683612/; classtype:trojan-activity;sid:84546712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.37.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683610/; classtype:trojan-activity;sid:84546710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.215.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683590/; classtype:trojan-activity;sid:84546690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.27.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683589/; classtype:trojan-activity;sid:84546689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.211.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683585/; classtype:trojan-activity;sid:84546685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683584/; classtype:trojan-activity;sid:84546684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.115.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683581/; classtype:trojan-activity;sid:84546681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.3.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683577/; classtype:trojan-activity;sid:84546677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683576)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.46.152.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683576/; classtype:trojan-activity;sid:84546676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683574)"; flow:established,from_client; content:"GET"; http_method; content:"/580/dfg90erhj34h0g0dfg0cvcv00340sfsdf84fdcv9bv0cv03dfiu3200fdsf23sdfvb90cvb90030gdfg0cvb09c0b0.txt"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"198.46.173.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683574/; classtype:trojan-activity;sid:84546674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683573)"; flow:established,from_client; content:"GET"; http_method; content:"/host/ttesttt.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683573/; classtype:trojan-activity;sid:84546673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683567)"; flow:established,from_client; content:"GET"; http_method; content:"/onastroll-2000f5n/5vcye/releases/download/v1.2/launcher.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683567/; classtype:trojan-activity;sid:84546667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683565)"; flow:established,from_client; content:"GET"; http_method; content:"/s5p.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"w1.quakingconfined.digital"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683565/; classtype:trojan-activity;sid:84546665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683554)"; flow:established,from_client; content:"GET"; http_method; content:"/sl/x"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.201.0.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683554/; classtype:trojan-activity;sid:84546654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683557)"; flow:established,from_client; content:"GET"; http_method; content:"/fire/wormb.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683557/; classtype:trojan-activity;sid:84546657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683558)"; flow:established,from_client; content:"GET"; http_method; content:"/sl/y"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.201.0.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683558/; classtype:trojan-activity;sid:84546658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683559)"; flow:established,from_client; content:"GET"; http_method; content:"/424/sd829fsf23fkjjskfdj9vc9d849ffk4jkjsdjf929f94989cxv9x89vv934999g3kj49gdf9g89dg993.txt"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683559/; classtype:trojan-activity;sid:84546659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683560)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683560/; classtype:trojan-activity;sid:84546660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683561)"; flow:established,from_client; content:"GET"; http_method; content:"/img/ksms/sc9ddc73jjhfjsh8cxs0d9xc23hjhj5j6jhj8bh876hfdf90gd900vb90brt90t0yr09asd03sfd0f0sd.txt"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683561/; classtype:trojan-activity;sid:84546661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683551)"; flow:established,from_client; content:"GET"; http_method; content:"/xiobv.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683551/; classtype:trojan-activity;sid:84546651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683552)"; flow:established,from_client; content:"GET"; http_method; content:"/host/ttv.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683552/; classtype:trojan-activity;sid:84546652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683538)"; flow:established,from_client; content:"GET"; http_method; content:"/251/wec34gb433/ssdf0wejir23090dfg909cvbbre00dfg00g009d0fg0cvkbj009g004300dfg4309dg0f90.doc"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"216.9.227.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683538/; classtype:trojan-activity;sid:84546638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.228.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683530/; classtype:trojan-activity;sid:84546630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.2.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683526/; classtype:trojan-activity;sid:84546626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.211.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683527/; classtype:trojan-activity;sid:84546627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683521/; classtype:trojan-activity;sid:84546621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.37.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683519/; classtype:trojan-activity;sid:84546619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.105.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683520/; classtype:trojan-activity;sid:84546620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683516/; classtype:trojan-activity;sid:84546616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.2.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683514/; classtype:trojan-activity;sid:84546614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.174.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683509/; classtype:trojan-activity;sid:84546609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.69.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683508/; classtype:trojan-activity;sid:84546608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683500/; classtype:trojan-activity;sid:84546600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.46.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683498/; classtype:trojan-activity;sid:84546598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.4.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683496/; classtype:trojan-activity;sid:84546596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.134.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683495/; classtype:trojan-activity;sid:84546595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.109.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683489/; classtype:trojan-activity;sid:84546589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.134.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683484/; classtype:trojan-activity;sid:84546584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.165.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683481/; classtype:trojan-activity;sid:84546581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.4.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683478/; classtype:trojan-activity;sid:84546578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.144.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683476/; classtype:trojan-activity;sid:84546576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683473/; classtype:trojan-activity;sid:84546573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.12.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683471/; classtype:trojan-activity;sid:84546571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.165.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683467/; classtype:trojan-activity;sid:84546567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.176.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683466/; classtype:trojan-activity;sid:84546566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.36.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683461/; classtype:trojan-activity;sid:84546561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.17.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683452/; classtype:trojan-activity;sid:84546552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.42.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683448/; classtype:trojan-activity;sid:84546548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.161.173.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683445/; classtype:trojan-activity;sid:84546545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.142.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683444/; classtype:trojan-activity;sid:84546544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.255.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683443/; classtype:trojan-activity;sid:84546543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.91.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683441/; classtype:trojan-activity;sid:84546541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.255.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683435/; classtype:trojan-activity;sid:84546535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.150.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683437/; classtype:trojan-activity;sid:84546537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683433/; classtype:trojan-activity;sid:84546533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.136.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683430/; classtype:trojan-activity;sid:84546530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.72.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683428/; classtype:trojan-activity;sid:84546528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.55.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683426/; classtype:trojan-activity;sid:84546526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683424/; classtype:trojan-activity;sid:84546524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.62.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683419/; classtype:trojan-activity;sid:84546519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.72.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683415/; classtype:trojan-activity;sid:84546515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.108.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683413/; classtype:trojan-activity;sid:84546513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.153.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683412/; classtype:trojan-activity;sid:84546512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.221.203.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683408/; classtype:trojan-activity;sid:84546508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.55.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683407/; classtype:trojan-activity;sid:84546507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.224.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683403/; classtype:trojan-activity;sid:84546503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.47.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683394/; classtype:trojan-activity;sid:84546494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.35.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683392/; classtype:trojan-activity;sid:84546492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.44.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683390/; classtype:trojan-activity;sid:84546490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.47.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683388/; classtype:trojan-activity;sid:84546488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.72.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683386/; classtype:trojan-activity;sid:84546486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683384)"; flow:established,from_client; content:"GET"; http_method; content:"/dibgtlmh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pt.9wb-k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683384/; classtype:trojan-activity;sid:84546484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683383)"; flow:established,from_client; content:"GET"; http_method; content:"/9ms5h20rj7.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g0x8.5m9081.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683383/; classtype:trojan-activity;sid:84546483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.60.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683382/; classtype:trojan-activity;sid:84546482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.117.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683381/; classtype:trojan-activity;sid:84546481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.224.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683380/; classtype:trojan-activity;sid:84546480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683379)"; flow:established,from_client; content:"GET"; http_method; content:"/j2mwpy16"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"z1.9wb-k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683379/; classtype:trojan-activity;sid:84546479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683378)"; flow:established,from_client; content:"GET"; http_method; content:"/9mtp2su0qs.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.5m9081.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683378/; classtype:trojan-activity;sid:84546478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683377)"; flow:established,from_client; content:"GET"; http_method; content:"/5lm9h90e"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4.9wb-k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683377/; classtype:trojan-activity;sid:84546477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683376)"; flow:established,from_client; content:"GET"; http_method; content:"/wl319rpnip.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w4.5m9081.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683376/; classtype:trojan-activity;sid:84546476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683375/; classtype:trojan-activity;sid:84546475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.202.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683374/; classtype:trojan-activity;sid:84546474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.53.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683373/; classtype:trojan-activity;sid:84546473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.162.203.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683372/; classtype:trojan-activity;sid:84546472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683371)"; flow:established,from_client; content:"GET"; http_method; content:"/p6e5z21p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x1.s61y5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683371/; classtype:trojan-activity;sid:84546471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683370)"; flow:established,from_client; content:"GET"; http_method; content:"/ffc9naiecd.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1va.5m9081.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683370/; classtype:trojan-activity;sid:84546470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.162.203.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683369/; classtype:trojan-activity;sid:84546469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.97.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683368/; classtype:trojan-activity;sid:84546468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683367)"; flow:established,from_client; content:"GET"; http_method; content:"/9j8lusbc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a4.s61y5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683367/; classtype:trojan-activity;sid:84546467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683366)"; flow:established,from_client; content:"GET"; http_method; content:"/o7hz8zgdck.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7p.5m9081.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683366/; classtype:trojan-activity;sid:84546466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.22.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683365/; classtype:trojan-activity;sid:84546465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683364)"; flow:established,from_client; content:"GET"; http_method; content:"/jul8udp3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.s61y5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683364/; classtype:trojan-activity;sid:84546464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683363)"; flow:established,from_client; content:"GET"; http_method; content:"/56amp92j2l.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7p.5m9081.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683363/; classtype:trojan-activity;sid:84546463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683362)"; flow:established,from_client; content:"GET"; http_method; content:"/8aexh7tz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2.s61y5.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683362/; classtype:trojan-activity;sid:84546462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683361)"; flow:established,from_client; content:"GET"; http_method; content:"/59db28rqfj.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n9.5m9081.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683361/; classtype:trojan-activity;sid:84546461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683360)"; flow:established,from_client; content:"GET"; http_method; content:"/p.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.160.56.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683360/; classtype:trojan-activity;sid:84546460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.32.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683359/; classtype:trojan-activity;sid:84546459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.204.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683358/; classtype:trojan-activity;sid:84546458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683357)"; flow:established,from_client; content:"GET"; http_method; content:"/d5z4t0j3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"44.d55u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683357/; classtype:trojan-activity;sid:84546457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683356)"; flow:established,from_client; content:"GET"; http_method; content:"/t6is12mefi.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j.5h4553.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683356/; classtype:trojan-activity;sid:84546456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683355/; classtype:trojan-activity;sid:84546455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683354)"; flow:established,from_client; content:"GET"; http_method; content:"/4stsbbnw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"44.d55u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683354/; classtype:trojan-activity;sid:84546454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683353)"; flow:established,from_client; content:"GET"; http_method; content:"/iisw89e53f.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j.5h4553.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683353/; classtype:trojan-activity;sid:84546453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.204.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683352/; classtype:trojan-activity;sid:84546452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.48.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683351/; classtype:trojan-activity;sid:84546451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.237.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683350/; classtype:trojan-activity;sid:84546450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.150.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683349/; classtype:trojan-activity;sid:84546449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683348)"; flow:established,from_client; content:"GET"; http_method; content:"/fbfvdhx8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"g9.d55u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683348/; classtype:trojan-activity;sid:84546448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683347)"; flow:established,from_client; content:"GET"; http_method; content:"/83j7wfkst4.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j.5h4553.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683347/; classtype:trojan-activity;sid:84546447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683346)"; flow:established,from_client; content:"GET"; http_method; content:"/m0q.check|3f|t=l5vcm22s"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x7.d55u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683346/; classtype:trojan-activity;sid:84546446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683345/; classtype:trojan-activity;sid:84546445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683344)"; flow:established,from_client; content:"GET"; http_method; content:"/l2smvqi6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x7.d55u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683344/; classtype:trojan-activity;sid:84546444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683343)"; flow:established,from_client; content:"GET"; http_method; content:"/af0tfp4voq.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xb0n.5h4553.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683343/; classtype:trojan-activity;sid:84546443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.150.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683342/; classtype:trojan-activity;sid:84546442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.3.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683341/; classtype:trojan-activity;sid:84546441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.193.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683340/; classtype:trojan-activity;sid:84546440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.32.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683339/; classtype:trojan-activity;sid:84546439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.174.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683338/; classtype:trojan-activity;sid:84546438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.50.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683337/; classtype:trojan-activity;sid:84546437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.216.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683336/; classtype:trojan-activity;sid:84546436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.174.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683335/; classtype:trojan-activity;sid:84546435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.3.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683334/; classtype:trojan-activity;sid:84546434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.193.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683333/; classtype:trojan-activity;sid:84546433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.130.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683330/; classtype:trojan-activity;sid:84546430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.215.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683331/; classtype:trojan-activity;sid:84546431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.18.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683332/; classtype:trojan-activity;sid:84546432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.255.74.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683329/; classtype:trojan-activity;sid:84546429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683326)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"167.99.70.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683326/; classtype:trojan-activity;sid:84546426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.164.221.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683327/; classtype:trojan-activity;sid:84546427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.251.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683328/; classtype:trojan-activity;sid:84546428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.129.211.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683321/; classtype:trojan-activity;sid:84546421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.186.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683322/; classtype:trojan-activity;sid:84546422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683323/; classtype:trojan-activity;sid:84546423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.193.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683324/; classtype:trojan-activity;sid:84546424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.251.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683325/; classtype:trojan-activity;sid:84546425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683320/; classtype:trojan-activity;sid:84546420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683319)"; flow:established,from_client; content:"GET"; http_method; content:"/ndguos7k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0a.k59ee.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683319/; classtype:trojan-activity;sid:84546419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683318)"; flow:established,from_client; content:"GET"; http_method; content:"/1b5zdfydvq.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d5.5h4553.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683318/; classtype:trojan-activity;sid:84546418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.99.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683317/; classtype:trojan-activity;sid:84546417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.150.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683316/; classtype:trojan-activity;sid:84546416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.106.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683315/; classtype:trojan-activity;sid:84546415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.71.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683313/; classtype:trojan-activity;sid:84546413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.251.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683314/; classtype:trojan-activity;sid:84546414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683312)"; flow:established,from_client; content:"GET"; http_method; content:"/a890uecb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.k59ee.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683312/; classtype:trojan-activity;sid:84546412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683311)"; flow:established,from_client; content:"GET"; http_method; content:"/so630ggmd6.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz1a.5h4553.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683311/; classtype:trojan-activity;sid:84546411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.158.208.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683310/; classtype:trojan-activity;sid:84546410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.158.208.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683309/; classtype:trojan-activity;sid:84546409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683308/; classtype:trojan-activity;sid:84546408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.251.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683307/; classtype:trojan-activity;sid:84546407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683306/; classtype:trojan-activity;sid:84546406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683289)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683289/; classtype:trojan-activity;sid:84546389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683290)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683290/; classtype:trojan-activity;sid:84546390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683291)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683291/; classtype:trojan-activity;sid:84546391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683292)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683292/; classtype:trojan-activity;sid:84546392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683293)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683293/; classtype:trojan-activity;sid:84546393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683294)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683294/; classtype:trojan-activity;sid:84546394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683295)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683295/; classtype:trojan-activity;sid:84546395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683296)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683296/; classtype:trojan-activity;sid:84546396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683297)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683297/; classtype:trojan-activity;sid:84546397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683298)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683298/; classtype:trojan-activity;sid:84546398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683299)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683299/; classtype:trojan-activity;sid:84546399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683300)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683300/; classtype:trojan-activity;sid:84546400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683301)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683301/; classtype:trojan-activity;sid:84546401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683302)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683302/; classtype:trojan-activity;sid:84546402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683303)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683303/; classtype:trojan-activity;sid:84546403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683304)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683304/; classtype:trojan-activity;sid:84546404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.211.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683305/; classtype:trojan-activity;sid:84546405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683283)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683283/; classtype:trojan-activity;sid:84546383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683284)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683284/; classtype:trojan-activity;sid:84546384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683285)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683285/; classtype:trojan-activity;sid:84546385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683286)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683286/; classtype:trojan-activity;sid:84546386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683287)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683287/; classtype:trojan-activity;sid:84546387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683288)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683288/; classtype:trojan-activity;sid:84546388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683282)"; flow:established,from_client; content:"GET"; http_method; content:"/donffyxc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"05.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683282/; classtype:trojan-activity;sid:84546382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683281)"; flow:established,from_client; content:"GET"; http_method; content:"/1d8pkdb1do.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k2.5h4553.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683281/; classtype:trojan-activity;sid:84546381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683280/; classtype:trojan-activity;sid:84546380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683279/; classtype:trojan-activity;sid:84546379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683278/; classtype:trojan-activity;sid:84546378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683277)"; flow:established,from_client; content:"GET"; http_method; content:"/5dgw9wqb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b.c70ye.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683277/; classtype:trojan-activity;sid:84546377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683276)"; flow:established,from_client; content:"GET"; http_method; content:"/yx1b5rt2od.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h2k.4y328.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683276/; classtype:trojan-activity;sid:84546376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.16.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683275/; classtype:trojan-activity;sid:84546375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683274/; classtype:trojan-activity;sid:84546374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.71.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683273/; classtype:trojan-activity;sid:84546373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683272)"; flow:established,from_client; content:"GET"; http_method; content:"/s9lh7fb5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k9.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683272/; classtype:trojan-activity;sid:84546372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683271)"; flow:established,from_client; content:"GET"; http_method; content:"/o1kt65nqay.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p9y3.4y328.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683271/; classtype:trojan-activity;sid:84546371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683270/; classtype:trojan-activity;sid:84546370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.41.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683269/; classtype:trojan-activity;sid:84546369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683268)"; flow:established,from_client; content:"GET"; http_method; content:"/p73qi69u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"22.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683268/; classtype:trojan-activity;sid:84546368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683267)"; flow:established,from_client; content:"GET"; http_method; content:"/x81b6avq24.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.4y328.online"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683267/; classtype:trojan-activity;sid:84546367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.198.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683266/; classtype:trojan-activity;sid:84546366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683265/; classtype:trojan-activity;sid:84546365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683264/; classtype:trojan-activity;sid:84546364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683263)"; flow:established,from_client; content:"GET"; http_method; content:"/obt9glil"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7.c70ye.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683263/; classtype:trojan-activity;sid:84546363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683262)"; flow:established,from_client; content:"GET"; http_method; content:"/84omyglvkn.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x.4y328.online"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683262/; classtype:trojan-activity;sid:84546362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.58.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683261/; classtype:trojan-activity;sid:84546361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.54.29.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683260/; classtype:trojan-activity;sid:84546360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683259)"; flow:established,from_client; content:"GET"; http_method; content:"/mkk2rod9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"99.r46eu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683259/; classtype:trojan-activity;sid:84546359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.89.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683258/; classtype:trojan-activity;sid:84546358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683257)"; flow:established,from_client; content:"GET"; http_method; content:"/nx6zynpm0a.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b0t.4y328.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683257/; classtype:trojan-activity;sid:84546357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.221.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683256/; classtype:trojan-activity;sid:84546356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.43.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683255/; classtype:trojan-activity;sid:84546355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683253)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w64|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683253/; classtype:trojan-activity;sid:84546353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683254)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w32|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683254/; classtype:trojan-activity;sid:84546354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683252)"; flow:established,from_client; content:"GET"; http_method; content:"/20fz42e1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3a.r46eu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683252/; classtype:trojan-activity;sid:84546352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683251)"; flow:established,from_client; content:"GET"; http_method; content:"/jsc1c2hbzh.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm4z.4y328.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683251/; classtype:trojan-activity;sid:84546351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683250)"; flow:established,from_client; content:"GET"; http_method; content:"/swt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683250/; classtype:trojan-activity;sid:84546350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683249)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683249/; classtype:trojan-activity;sid:84546349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.230.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683248/; classtype:trojan-activity;sid:84546348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683247)"; flow:established,from_client; content:"GET"; http_method; content:"/360_install.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.108.28.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683247/; classtype:trojan-activity;sid:84546347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683246)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.108.28.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683246/; classtype:trojan-activity;sid:84546346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683245)"; flow:established,from_client; content:"GET"; http_method; content:"/explorer"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.108.28.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683245/; classtype:trojan-activity;sid:84546345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683244)"; flow:established,from_client; content:"GET"; http_method; content:"/status"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.108.28.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683244/; classtype:trojan-activity;sid:84546344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.52.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683243/; classtype:trojan-activity;sid:84546343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.248.37.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683242/; classtype:trojan-activity;sid:84546342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.58.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683241/; classtype:trojan-activity;sid:84546341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683240)"; flow:established,from_client; content:"GET"; http_method; content:"/a001/items.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.99.197.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683240/; classtype:trojan-activity;sid:84546340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.221.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683239/; classtype:trojan-activity;sid:84546339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683238)"; flow:established,from_client; content:"GET"; http_method; content:"/host/ttv.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683238/; classtype:trojan-activity;sid:84546338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683236)"; flow:established,from_client; content:"GET"; http_method; content:"/host/tt.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683236/; classtype:trojan-activity;sid:84546336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683237)"; flow:established,from_client; content:"GET"; http_method; content:"/host/cash.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683237/; classtype:trojan-activity;sid:84546337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683235)"; flow:established,from_client; content:"GET"; http_method; content:"/host/ttesstttttt.ps1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683235/; classtype:trojan-activity;sid:84546335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683232)"; flow:established,from_client; content:"GET"; http_method; content:"/host/vv.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683232/; classtype:trojan-activity;sid:84546332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683233)"; flow:established,from_client; content:"GET"; http_method; content:"/host/power.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683233/; classtype:trojan-activity;sid:84546333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683234)"; flow:established,from_client; content:"GET"; http_method; content:"/host/kent.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683234/; classtype:trojan-activity;sid:84546334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683231)"; flow:established,from_client; content:"GET"; http_method; content:"/host/sird.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683231/; classtype:trojan-activity;sid:84546331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683230)"; flow:established,from_client; content:"GET"; http_method; content:"/w28e71v9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"08.r46eu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683230/; classtype:trojan-activity;sid:84546330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683229)"; flow:established,from_client; content:"GET"; http_method; content:"/ub7s62v7wv.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w7.4y328.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683229/; classtype:trojan-activity;sid:84546329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.196.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683228/; classtype:trojan-activity;sid:84546328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.173.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683227/; classtype:trojan-activity;sid:84546327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.248.37.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683226/; classtype:trojan-activity;sid:84546326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.222.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683225/; classtype:trojan-activity;sid:84546325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683224)"; flow:established,from_client; content:"GET"; http_method; content:"/ksihsotj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.r46eu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683224/; classtype:trojan-activity;sid:84546324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683223)"; flow:established,from_client; content:"GET"; http_method; content:"/4dnwpo0rxl.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"9s.qcet8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683223/; classtype:trojan-activity;sid:84546323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683222)"; flow:established,from_client; content:"GET"; http_method; content:"/05jcb5ss"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4.r46eu.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683222/; classtype:trojan-activity;sid:84546322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683221)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683221/; classtype:trojan-activity;sid:84546321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.222.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683220/; classtype:trojan-activity;sid:84546320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683219)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683219/; classtype:trojan-activity;sid:84546319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683216)"; flow:established,from_client; content:"GET"; http_method; content:"/buding0/dbghelp.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"125.208.17.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683216/; classtype:trojan-activity;sid:84546316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.183.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683217/; classtype:trojan-activity;sid:84546317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683218/; classtype:trojan-activity;sid:84546318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683215)"; flow:established,from_client; content:"GET"; http_method; content:"/1/items.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.249.192.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683215/; classtype:trojan-activity;sid:84546315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683214)"; flow:established,from_client; content:"GET"; http_method; content:"/xh796dbkw5.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"9s.qcet8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683214/; classtype:trojan-activity;sid:84546314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683212)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.120.89.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683212/; classtype:trojan-activity;sid:84546312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683213)"; flow:established,from_client; content:"GET"; http_method; content:"/buding1/dbghelp.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.163.233.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683213/; classtype:trojan-activity;sid:84546313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683211)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683211/; classtype:trojan-activity;sid:84546311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683208)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683208/; classtype:trojan-activity;sid:84546308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683209)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683209/; classtype:trojan-activity;sid:84546309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683210)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683210/; classtype:trojan-activity;sid:84546310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683194)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683194/; classtype:trojan-activity;sid:84546294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683195)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683195/; classtype:trojan-activity;sid:84546295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683196)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683196/; classtype:trojan-activity;sid:84546296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683197)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683197/; classtype:trojan-activity;sid:84546297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683198)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683198/; classtype:trojan-activity;sid:84546298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683199)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683199/; classtype:trojan-activity;sid:84546299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683200)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683200/; classtype:trojan-activity;sid:84546300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683201)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683201/; classtype:trojan-activity;sid:84546301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683202)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683202/; classtype:trojan-activity;sid:84546302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683203)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683203/; classtype:trojan-activity;sid:84546303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683204)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683204/; classtype:trojan-activity;sid:84546304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683205)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683205/; classtype:trojan-activity;sid:84546305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683206)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683206/; classtype:trojan-activity;sid:84546306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683207)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683207/; classtype:trojan-activity;sid:84546307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683193)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683193/; classtype:trojan-activity;sid:84546293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683192)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683192/; classtype:trojan-activity;sid:84546292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683190)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683190/; classtype:trojan-activity;sid:84546290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683191)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683191/; classtype:trojan-activity;sid:84546291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683189)"; flow:established,from_client; content:"GET"; http_method; content:"/zjwzuv_padded_sign.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683189/; classtype:trojan-activity;sid:84546289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683188)"; flow:established,from_client; content:"GET"; http_method; content:"/gg.aa"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683188/; classtype:trojan-activity;sid:84546288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683187)"; flow:established,from_client; content:"GET"; http_method; content:"/gkfoqb_padded_sign.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683187/; classtype:trojan-activity;sid:84546287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683186)"; flow:established,from_client; content:"GET"; http_method; content:"/good.cc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683186/; classtype:trojan-activity;sid:84546286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683185)"; flow:established,from_client; content:"GET"; http_method; content:"/good.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683185/; classtype:trojan-activity;sid:84546285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683184)"; flow:established,from_client; content:"GET"; http_method; content:"/xl72.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683184/; classtype:trojan-activity;sid:84546284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683183/; classtype:trojan-activity;sid:84546283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683182)"; flow:established,from_client; content:"GET"; http_method; content:"/xl6.cc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683182/; classtype:trojan-activity;sid:84546282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683181)"; flow:established,from_client; content:"GET"; http_method; content:"/222.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683181/; classtype:trojan-activity;sid:84546281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683180)"; flow:established,from_client; content:"GET"; http_method; content:"/xl71.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683180/; classtype:trojan-activity;sid:84546280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683179)"; flow:established,from_client; content:"GET"; http_method; content:"/xl72.cc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683179/; classtype:trojan-activity;sid:84546279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683178)"; flow:established,from_client; content:"GET"; http_method; content:"/xl8.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683178/; classtype:trojan-activity;sid:84546278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683176)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683176/; classtype:trojan-activity;sid:84546276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683177)"; flow:established,from_client; content:"GET"; http_method; content:"/64.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683177/; classtype:trojan-activity;sid:84546277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683172)"; flow:established,from_client; content:"GET"; http_method; content:"/xl6.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683172/; classtype:trojan-activity;sid:84546272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683173)"; flow:established,from_client; content:"GET"; http_method; content:"/xform.war"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683173/; classtype:trojan-activity;sid:84546273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683174)"; flow:established,from_client; content:"GET"; http_method; content:"/pr.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683174/; classtype:trojan-activity;sid:84546274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683175)"; flow:established,from_client; content:"GET"; http_method; content:"/user.cc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683175/; classtype:trojan-activity;sid:84546275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683171)"; flow:established,from_client; content:"GET"; http_method; content:"/system.war"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.96.75.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683171/; classtype:trojan-activity;sid:84546271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.79.168.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683170/; classtype:trojan-activity;sid:84546270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.193.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683169/; classtype:trojan-activity;sid:84546269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683168/; classtype:trojan-activity;sid:84546268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683165)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683165/; classtype:trojan-activity;sid:84546265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683166)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683166/; classtype:trojan-activity;sid:84546266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683167)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"senhosertakessorrowbots2025workingtutorial.fawkingblodibastard.ru"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683167/; classtype:trojan-activity;sid:84546267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683164)"; flow:established,from_client; content:"GET"; http_method; content:"/0a4.google|3f|t=r76nqdqp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"1w.s61y5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683164/; classtype:trojan-activity;sid:84546264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"senhosertakessorrowbots2025workingtutorial.fawkingblodibastard.ru"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683156/; classtype:trojan-activity;sid:84546256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683157)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683157/; classtype:trojan-activity;sid:84546257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683158)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"senhosertakessorrowbots2025workingtutorial.fawkingblodibastard.ru"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683158/; classtype:trojan-activity;sid:84546258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683159)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683159/; classtype:trojan-activity;sid:84546259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683160)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683160/; classtype:trojan-activity;sid:84546260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683161)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683161/; classtype:trojan-activity;sid:84546261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683162)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683162/; classtype:trojan-activity;sid:84546262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683163)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683163/; classtype:trojan-activity;sid:84546263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683155)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683155/; classtype:trojan-activity;sid:84546255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683153)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683153/; classtype:trojan-activity;sid:84546253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683154)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"senhosertakessorrowbots2025workingtutorial.fawkingblodibastard.ru"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683154/; classtype:trojan-activity;sid:84546254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683133)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683133/; classtype:trojan-activity;sid:84546233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683134)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683134/; classtype:trojan-activity;sid:84546234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683135)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683135/; classtype:trojan-activity;sid:84546235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683136)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683136/; classtype:trojan-activity;sid:84546236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683137)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683137/; classtype:trojan-activity;sid:84546237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683138)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683138/; classtype:trojan-activity;sid:84546238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683139)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"senhosertakessorrowbots2025workingtutorial.fawkingblodibastard.ru"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683139/; classtype:trojan-activity;sid:84546239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683140)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683140/; classtype:trojan-activity;sid:84546240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683141)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"senhosertakessorrowbots2025workingtutorial.fawkingblodibastard.ru"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683141/; classtype:trojan-activity;sid:84546241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683142)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683142/; classtype:trojan-activity;sid:84546242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683143)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683143/; classtype:trojan-activity;sid:84546243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683144)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683144/; classtype:trojan-activity;sid:84546244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683145)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683145/; classtype:trojan-activity;sid:84546245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683146)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"senhosertakessorrowbots2025workingtutorial.fawkingblodibastard.ru"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683146/; classtype:trojan-activity;sid:84546246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683147)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683147/; classtype:trojan-activity;sid:84546247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683148)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"senhosertakessorrowbots2025workingtutorial.fawkingblodibastard.ru"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683148/; classtype:trojan-activity;sid:84546248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683149)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"senhosertakessorrowbots2025workingtutorial.fawkingblodibastard.ru"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683149/; classtype:trojan-activity;sid:84546249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683150)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"senhosertakessorrowbots2025workingtutorial.fawkingblodibastard.ru"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683150/; classtype:trojan-activity;sid:84546250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683151)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683151/; classtype:trojan-activity;sid:84546251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683152)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683152/; classtype:trojan-activity;sid:84546252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683131)"; flow:established,from_client; content:"GET"; http_method; content:"/d31qi8qw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5t.s61y5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683131/; classtype:trojan-activity;sid:84546231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683132)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683132/; classtype:trojan-activity;sid:84546232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683129)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683129/; classtype:trojan-activity;sid:84546229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683130)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683130/; classtype:trojan-activity;sid:84546230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683128)"; flow:established,from_client; content:"GET"; http_method; content:"/wgcol4hvbv.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zdj.qcet8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683128/; classtype:trojan-activity;sid:84546228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683127)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683127/; classtype:trojan-activity;sid:84546227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683125)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683125/; classtype:trojan-activity;sid:84546225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683126)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683126/; classtype:trojan-activity;sid:84546226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683122)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683122/; classtype:trojan-activity;sid:84546222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683123)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683123/; classtype:trojan-activity;sid:84546223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683124)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/raw_cbot.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683124/; classtype:trojan-activity;sid:84546224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683121)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/cbot_debug.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683121/; classtype:trojan-activity;sid:84546221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683119)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/cbot.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683119/; classtype:trojan-activity;sid:84546219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683120)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/raw_cbot_debug.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683120/; classtype:trojan-activity;sid:84546220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683113)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683113/; classtype:trojan-activity;sid:84546213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683114)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683114/; classtype:trojan-activity;sid:84546214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683115)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683115/; classtype:trojan-activity;sid:84546215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683116)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683116/; classtype:trojan-activity;sid:84546216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683117)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683117/; classtype:trojan-activity;sid:84546217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683118)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683118/; classtype:trojan-activity;sid:84546218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683106)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683106/; classtype:trojan-activity;sid:84546206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683107)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683107/; classtype:trojan-activity;sid:84546207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683108)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683108/; classtype:trojan-activity;sid:84546208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683109)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683109/; classtype:trojan-activity;sid:84546209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683110)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683110/; classtype:trojan-activity;sid:84546210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683111)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683111/; classtype:trojan-activity;sid:84546211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683112)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160-238-13-201.static.bestidc.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683112/; classtype:trojan-activity;sid:84546212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683104)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/raw_cbot_debug.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683104/; classtype:trojan-activity;sid:84546204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683105)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/cbot.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683105/; classtype:trojan-activity;sid:84546205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683102)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/raw_cbot.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683102/; classtype:trojan-activity;sid:84546202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683103)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/cbot_debug.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683103/; classtype:trojan-activity;sid:84546203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683101/; classtype:trojan-activity;sid:84546201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683100)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"inomp.ci6ef.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683100/; classtype:trojan-activity;sid:84546200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683098)"; flow:established,from_client; content:"GET"; http_method; content:"/build/bin/dropper.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.81.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683098/; classtype:trojan-activity;sid:84546198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.222.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683099/; classtype:trojan-activity;sid:84546199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683096)"; flow:established,from_client; content:"GET"; http_method; content:"/pulsar-client.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.81.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683096/; classtype:trojan-activity;sid:84546196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683097)"; flow:established,from_client; content:"GET"; http_method; content:"/build/bin/filelessdropper.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.81.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683097/; classtype:trojan-activity;sid:84546197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.30.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683095/; classtype:trojan-activity;sid:84546195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683094)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683094/; classtype:trojan-activity;sid:84546194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683091)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683091/; classtype:trojan-activity;sid:84546191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683092)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683092/; classtype:trojan-activity;sid:84546192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683093)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683093/; classtype:trojan-activity;sid:84546193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683086)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683086/; classtype:trojan-activity;sid:84546186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683087)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683087/; classtype:trojan-activity;sid:84546187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683088)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683088/; classtype:trojan-activity;sid:84546188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683089)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683089/; classtype:trojan-activity;sid:84546189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683090)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683090/; classtype:trojan-activity;sid:84546190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683085)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683085/; classtype:trojan-activity;sid:84546185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683084)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%a1%a5%e4%b8%81/client/ijl11.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"110.42.12.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683084/; classtype:trojan-activity;sid:84546184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683083)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%a1%a5%e4%b8%81/client/ijl111.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"110.42.12.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683083/; classtype:trojan-activity;sid:84546183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683082)"; flow:established,from_client; content:"GET"; http_method; content:"/apypb6wx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"84.d55u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683082/; classtype:trojan-activity;sid:84546182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683081)"; flow:established,from_client; content:"GET"; http_method; content:"/r33lj3b0ev.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"uf8.qcet8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683081/; classtype:trojan-activity;sid:84546181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.83.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683080/; classtype:trojan-activity;sid:84546180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.41.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683079/; classtype:trojan-activity;sid:84546179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683078)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/system%20volume%20information/video.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683078/; classtype:trojan-activity;sid:84546178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683077)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683077/; classtype:trojan-activity;sid:84546177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683076)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683076/; classtype:trojan-activity;sid:84546176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683075)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683075/; classtype:trojan-activity;sid:84546175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683074)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/system%20volume%20information/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683074/; classtype:trojan-activity;sid:84546174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683070)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683070/; classtype:trojan-activity;sid:84546170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683071)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/system%20volume%20information/photo.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683071/; classtype:trojan-activity;sid:84546171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683072)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/system%20volume%20information/video.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683072/; classtype:trojan-activity;sid:84546172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683073)"; flow:established,from_client; content:"GET"; http_method; content:"/android.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"145.239.139.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683073/; classtype:trojan-activity;sid:84546173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683067)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683067/; classtype:trojan-activity;sid:84546167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683068)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/system%20volume%20information/av.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683068/; classtype:trojan-activity;sid:84546168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683069)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683069/; classtype:trojan-activity;sid:84546169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683065)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683065/; classtype:trojan-activity;sid:84546165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683066)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/system%20volume%20information/av.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"151.25.164.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683066/; classtype:trojan-activity;sid:84546166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683064)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683064/; classtype:trojan-activity;sid:84546164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683052)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683052/; classtype:trojan-activity;sid:84546152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683053)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683053/; classtype:trojan-activity;sid:84546153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683054)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683054/; classtype:trojan-activity;sid:84546154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683055)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683055/; classtype:trojan-activity;sid:84546155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683056)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683056/; classtype:trojan-activity;sid:84546156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683057)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683057/; classtype:trojan-activity;sid:84546157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.234.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683058/; classtype:trojan-activity;sid:84546158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683059)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683059/; classtype:trojan-activity;sid:84546159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683060)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683060/; classtype:trojan-activity;sid:84546160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683061)"; flow:established,from_client; content:"GET"; http_method; content:"/faith.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683061/; classtype:trojan-activity;sid:84546161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683062)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683062/; classtype:trojan-activity;sid:84546162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683063)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683063/; classtype:trojan-activity;sid:84546163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683050)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683050/; classtype:trojan-activity;sid:84546150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683051)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683051/; classtype:trojan-activity;sid:84546151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683049)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683049/; classtype:trojan-activity;sid:84546149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683048)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683048/; classtype:trojan-activity;sid:84546148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683047)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683047/; classtype:trojan-activity;sid:84546147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683026)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683026/; classtype:trojan-activity;sid:84546126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683027)"; flow:established,from_client; content:"GET"; http_method; content:"/sm"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683027/; classtype:trojan-activity;sid:84546127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683028)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683028/; classtype:trojan-activity;sid:84546128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683029)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683029/; classtype:trojan-activity;sid:84546129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683030)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683030/; classtype:trojan-activity;sid:84546130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683031)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683031/; classtype:trojan-activity;sid:84546131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683032)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683032/; classtype:trojan-activity;sid:84546132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683033)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683033/; classtype:trojan-activity;sid:84546133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683034)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683034/; classtype:trojan-activity;sid:84546134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683035)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683035/; classtype:trojan-activity;sid:84546135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683036)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683036/; classtype:trojan-activity;sid:84546136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683037/; classtype:trojan-activity;sid:84546137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683038)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683038/; classtype:trojan-activity;sid:84546138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683039)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683039/; classtype:trojan-activity;sid:84546139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683040)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683040/; classtype:trojan-activity;sid:84546140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683041)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683041/; classtype:trojan-activity;sid:84546141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683042)"; flow:established,from_client; content:"GET"; http_method; content:"/telnet"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683042/; classtype:trojan-activity;sid:84546142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683043)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683043/; classtype:trojan-activity;sid:84546143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683044)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683044/; classtype:trojan-activity;sid:84546144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683045)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"kiro.forum"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683045/; classtype:trojan-activity;sid:84546145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.59.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683046/; classtype:trojan-activity;sid:84546146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683010)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683010/; classtype:trojan-activity;sid:84546110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683011)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683011/; classtype:trojan-activity;sid:84546111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683012)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683012/; classtype:trojan-activity;sid:84546112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683013)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683013/; classtype:trojan-activity;sid:84546113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683014)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683014/; classtype:trojan-activity;sid:84546114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683015)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683015/; classtype:trojan-activity;sid:84546115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683016)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683016/; classtype:trojan-activity;sid:84546116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683017)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683017/; classtype:trojan-activity;sid:84546117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683018)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683018/; classtype:trojan-activity;sid:84546118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683019)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683019/; classtype:trojan-activity;sid:84546119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683020)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683020/; classtype:trojan-activity;sid:84546120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683021)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683021/; classtype:trojan-activity;sid:84546121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683022)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683022/; classtype:trojan-activity;sid:84546122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683023)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683023/; classtype:trojan-activity;sid:84546123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683024)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683024/; classtype:trojan-activity;sid:84546124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683025)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683025/; classtype:trojan-activity;sid:84546125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683009)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683009/; classtype:trojan-activity;sid:84546109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683008)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683008/; classtype:trojan-activity;sid:84546108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683005)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683005/; classtype:trojan-activity;sid:84546105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683006)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683006/; classtype:trojan-activity;sid:84546106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683007)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683007/; classtype:trojan-activity;sid:84546107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683004)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683004/; classtype:trojan-activity;sid:84546104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683003)"; flow:established,from_client; content:"GET"; http_method; content:"/p5n77lnq2o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p6v3.1397u6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683003/; classtype:trojan-activity;sid:84546103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683002)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683002/; classtype:trojan-activity;sid:84546102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683001)"; flow:established,from_client; content:"GET"; http_method; content:"/z4.google|3f|t=533zvkal"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"01.d55u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683001/; classtype:trojan-activity;sid:84546101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682998)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682998/; classtype:trojan-activity;sid:84546098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682999)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682999/; classtype:trojan-activity;sid:84546099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683000)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683000/; classtype:trojan-activity;sid:84546100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682997)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682997/; classtype:trojan-activity;sid:84546097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682988)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682988/; classtype:trojan-activity;sid:84546088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682989)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682989/; classtype:trojan-activity;sid:84546089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682990)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682990/; classtype:trojan-activity;sid:84546090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682991)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682991/; classtype:trojan-activity;sid:84546091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682992)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682992/; classtype:trojan-activity;sid:84546092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682993)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682993/; classtype:trojan-activity;sid:84546093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682994)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682994/; classtype:trojan-activity;sid:84546094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682995)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682995/; classtype:trojan-activity;sid:84546095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682996)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682996/; classtype:trojan-activity;sid:84546096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682985)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682985/; classtype:trojan-activity;sid:84546085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682986)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682986/; classtype:trojan-activity;sid:84546086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682987)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682987/; classtype:trojan-activity;sid:84546087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682984)"; flow:established,from_client; content:"GET"; http_method; content:"/faj6j6x0cc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h4n0.1397u6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682984/; classtype:trojan-activity;sid:84546084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682983)"; flow:established,from_client; content:"GET"; http_method; content:"/ep.google|3f|t=zfm4kymu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"77.d55u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682983/; classtype:trojan-activity;sid:84546083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.24.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682982/; classtype:trojan-activity;sid:84546082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.46.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682981/; classtype:trojan-activity;sid:84546081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.59.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682980/; classtype:trojan-activity;sid:84546080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682979)"; flow:established,from_client; content:"GET"; http_method; content:"/qm3.google|3f|t=3ls520at"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"04.k59ee.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682979/; classtype:trojan-activity;sid:84546079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682978)"; flow:established,from_client; content:"GET"; http_method; content:"/aor11iopdy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h4n0.1397u6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682978/; classtype:trojan-activity;sid:84546078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.213.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682977/; classtype:trojan-activity;sid:84546077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.153.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682976/; classtype:trojan-activity;sid:84546076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.168.0.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682973/; classtype:trojan-activity;sid:84546073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.21.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682974/; classtype:trojan-activity;sid:84546074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.248.162.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682975/; classtype:trojan-activity;sid:84546075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.219.142.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682972/; classtype:trojan-activity;sid:84546072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.15.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682970/; classtype:trojan-activity;sid:84546070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.237.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682971/; classtype:trojan-activity;sid:84546071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.24.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682969/; classtype:trojan-activity;sid:84546069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.106.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682968/; classtype:trojan-activity;sid:84546068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.24.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682964/; classtype:trojan-activity;sid:84546064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.254.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682965/; classtype:trojan-activity;sid:84546065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.46.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682966/; classtype:trojan-activity;sid:84546066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.220.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682967/; classtype:trojan-activity;sid:84546067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682963)"; flow:established,from_client; content:"GET"; http_method; content:"/u8npi81h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"32.k59ee.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682963/; classtype:trojan-activity;sid:84546063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682962)"; flow:established,from_client; content:"GET"; http_method; content:"/62ysmevad7.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d5r.qcet8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682962/; classtype:trojan-activity;sid:84546062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.213.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682961/; classtype:trojan-activity;sid:84546061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.48.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682960/; classtype:trojan-activity;sid:84546060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682959)"; flow:established,from_client; content:"GET"; http_method; content:"/qrxed14u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.k59ee.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682959/; classtype:trojan-activity;sid:84546059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682958)"; flow:established,from_client; content:"GET"; http_method; content:"/hp3i9v1kzm.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xdv.qcet8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682958/; classtype:trojan-activity;sid:84546058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682957/; classtype:trojan-activity;sid:84546057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.68.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682955/; classtype:trojan-activity;sid:84546055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.63.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682956/; classtype:trojan-activity;sid:84546056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.22.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682954/; classtype:trojan-activity;sid:84546054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682952)"; flow:established,from_client; content:"GET"; http_method; content:"/2m.google|3f|t=qallr85p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"10.k59ee.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682952/; classtype:trojan-activity;sid:84546052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682953)"; flow:established,from_client; content:"GET"; http_method; content:"/tcv7xn8c3h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"shineo.sys7yn0iy5.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682953/; classtype:trojan-activity;sid:84546053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682951)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=62gy2f46"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"93.k59ee.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682951/; classtype:trojan-activity;sid:84546051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682950)"; flow:established,from_client; content:"GET"; http_method; content:"/u4sxwxighb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"shineo.sys7yn0iy5.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682950/; classtype:trojan-activity;sid:84546050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.181.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682949/; classtype:trojan-activity;sid:84546049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.63.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682948/; classtype:trojan-activity;sid:84546048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.181.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682947/; classtype:trojan-activity;sid:84546047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682945)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=unxmmiot"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"41.k59ee.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682945/; classtype:trojan-activity;sid:84546045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682946)"; flow:established,from_client; content:"GET"; http_method; content:"/5zbkzn2fb9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"softs.sys7yn0iy5.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682946/; classtype:trojan-activity;sid:84546046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.35.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682944/; classtype:trojan-activity;sid:84546044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682943)"; flow:established,from_client; content:"GET"; http_method; content:"/6eg0c7jp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682943/; classtype:trojan-activity;sid:84546043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.227.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682941/; classtype:trojan-activity;sid:84546041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.250.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682942/; classtype:trojan-activity;sid:84546042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682939)"; flow:established,from_client; content:"GET"; http_method; content:"/t027ywh7wy.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"uk.1397u6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682939/; classtype:trojan-activity;sid:84546039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682940)"; flow:established,from_client; content:"GET"; http_method; content:"/kja2u5xjq1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"softs.sys7yn0iy5.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682940/; classtype:trojan-activity;sid:84546040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682938)"; flow:established,from_client; content:"GET"; http_method; content:"/2wm.google|3f|t=lvg4w1aw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682938/; classtype:trojan-activity;sid:84546038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682937/; classtype:trojan-activity;sid:84546037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682936/; classtype:trojan-activity;sid:84546036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682935)"; flow:established,from_client; content:"GET"; http_method; content:"/6o24d08b"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a9.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682935/; classtype:trojan-activity;sid:84546035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682934)"; flow:established,from_client; content:"GET"; http_method; content:"/m5d79nfmgq.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"uk.1397u6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682934/; classtype:trojan-activity;sid:84546034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682933/; classtype:trojan-activity;sid:84546033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682932)"; flow:established,from_client; content:"GET"; http_method; content:"/7hbldobqxr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gr0w.sys7yn0iy5.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682932/; classtype:trojan-activity;sid:84546032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682931)"; flow:established,from_client; content:"GET"; http_method; content:"/vp.check|3f|t=v1c9jrl0"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a9.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682931/; classtype:trojan-activity;sid:84546031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.35.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682930/; classtype:trojan-activity;sid:84546030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682929)"; flow:established,from_client; content:"GET"; http_method; content:"/5og9zf6cz5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r1se.sys7yn0iy5.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682929/; classtype:trojan-activity;sid:84546029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682928)"; flow:established,from_client; content:"GET"; http_method; content:"/xa2.google|3f|t=bzpegshu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"30.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682928/; classtype:trojan-activity;sid:84546028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.227.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682927/; classtype:trojan-activity;sid:84546027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682926)"; flow:established,from_client; content:"GET"; http_method; content:"/250/secv56fghgh56n67878700hhhkhjvdgfdfg90fgf6555f56656.vbe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"216.9.227.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682926/; classtype:trojan-activity;sid:84546026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682925)"; flow:established,from_client; content:"GET"; http_method; content:"/rgsjr7rb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"30.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682925/; classtype:trojan-activity;sid:84546025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.31.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682924/; classtype:trojan-activity;sid:84546024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682923)"; flow:established,from_client; content:"GET"; http_method; content:"/0mr4p0i6xb.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"us.1397u6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682923/; classtype:trojan-activity;sid:84546023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.68.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682922/; classtype:trojan-activity;sid:84546022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.24.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682921/; classtype:trojan-activity;sid:84546021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.250.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682920/; classtype:trojan-activity;sid:84546020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682919)"; flow:established,from_client; content:"GET"; http_method; content:"/nqrv51oxp4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r1se.sys7yn0iy5.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682919/; classtype:trojan-activity;sid:84546019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682918)"; flow:established,from_client; content:"GET"; http_method; content:"/h39.check|3f|t=9rhe9i86"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"27.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682918/; classtype:trojan-activity;sid:84546018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682917/; classtype:trojan-activity;sid:84546017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682916)"; flow:established,from_client; content:"GET"; http_method; content:"/n3poljlj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"12.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682916/; classtype:trojan-activity;sid:84546016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682915)"; flow:established,from_client; content:"GET"; http_method; content:"/mwu7wmpakn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s0lar.sys7yn0iy5.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682915/; classtype:trojan-activity;sid:84546015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682914)"; flow:established,from_client; content:"GET"; http_method; content:"/0n.google|3f|t=r7ir8kdm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"12.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682914/; classtype:trojan-activity;sid:84546014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682913)"; flow:established,from_client; content:"GET"; http_method; content:"/r9p3fip7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"12.c70ye.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682913/; classtype:trojan-activity;sid:84546013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682912)"; flow:established,from_client; content:"GET"; http_method; content:"/5zix8gpb9j.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z.1397u6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682912/; classtype:trojan-activity;sid:84546012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.112.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682911/; classtype:trojan-activity;sid:84546011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.2.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682910/; classtype:trojan-activity;sid:84546010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.30.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682909/; classtype:trojan-activity;sid:84546009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.94.17"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682908/; classtype:trojan-activity;sid:84546008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682907)"; flow:established,from_client; content:"GET"; http_method; content:"/ixbip3ig"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60012.c70ye.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682907/; classtype:trojan-activity;sid:84546007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682906)"; flow:established,from_client; content:"GET"; http_method; content:"/0arl0h9tyb.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"1.1397u6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682906/; classtype:trojan-activity;sid:84546006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.56.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682904/; classtype:trojan-activity;sid:84546004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682905)"; flow:established,from_client; content:"GET"; http_method; content:"/0n.google|3f|t=xosgiyu0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"60012.c70ye.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682905/; classtype:trojan-activity;sid:84546005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682903)"; flow:established,from_client; content:"GET"; http_method; content:"/rk4s7pd7es.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mo0n.sys7yn0iy5.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682903/; classtype:trojan-activity;sid:84546003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.58.23.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682902/; classtype:trojan-activity;sid:84546002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.172.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682901/; classtype:trojan-activity;sid:84546001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.78.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682900/; classtype:trojan-activity;sid:84546000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.164.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682898/; classtype:trojan-activity;sid:84545998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682899/; classtype:trojan-activity;sid:84545999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.169.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682897/; classtype:trojan-activity;sid:84545997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.56.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682896/; classtype:trojan-activity;sid:84545996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.58.23.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682895/; classtype:trojan-activity;sid:84545995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.12.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682893/; classtype:trojan-activity;sid:84545993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.78.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682894/; classtype:trojan-activity;sid:84545994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682892)"; flow:established,from_client; content:"GET"; http_method; content:"/sdy0l9kcwr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rose2.tuful32io3.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682892/; classtype:trojan-activity;sid:84545992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682891)"; flow:established,from_client; content:"GET"; http_method; content:"/qd7.check|3f|t=qq8sgci8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2215.c70ye.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682891/; classtype:trojan-activity;sid:84545991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682889)"; flow:established,from_client; content:"GET"; http_method; content:"/r1.google|3f|t=e1962mla"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"740.c70ye.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682889/; classtype:trojan-activity;sid:84545989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682890)"; flow:established,from_client; content:"GET"; http_method; content:"/743s2b4xs2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dream5.tuful32io3.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682890/; classtype:trojan-activity;sid:84545990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682888)"; flow:established,from_client; content:"GET"; http_method; content:"/w904.google|3f|t=wvtne5em"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"06342.r46eu.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682888/; classtype:trojan-activity;sid:84545988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682887)"; flow:established,from_client; content:"GET"; http_method; content:"/azl5k4z9nu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sti11.tuful32io3.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682887/; classtype:trojan-activity;sid:84545987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.36.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682886/; classtype:trojan-activity;sid:84545986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.12.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682885/; classtype:trojan-activity;sid:84545985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.195.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682884/; classtype:trojan-activity;sid:84545984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682883)"; flow:established,from_client; content:"GET"; http_method; content:"/2wofb7i1u0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sk1es.tuful32io3.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682883/; classtype:trojan-activity;sid:84545983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682882)"; flow:established,from_client; content:"GET"; http_method; content:"/bt.check|3f|t=8i6e4b0e"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"719.r46eu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682882/; classtype:trojan-activity;sid:84545982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.195.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682881/; classtype:trojan-activity;sid:84545981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682880)"; flow:established,from_client; content:"GET"; http_method; content:"/kg7jopsmza.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"flame4.tuful32io3.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682880/; classtype:trojan-activity;sid:84545980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682879)"; flow:established,from_client; content:"GET"; http_method; content:"/mx4.google|3f|t=8tzp88bd"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3499013.r46eu.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682879/; classtype:trojan-activity;sid:84545979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.169.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682878/; classtype:trojan-activity;sid:84545978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.36.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682877/; classtype:trojan-activity;sid:84545977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.31.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682876/; classtype:trojan-activity;sid:84545976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.45.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682875/; classtype:trojan-activity;sid:84545975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.60.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682874/; classtype:trojan-activity;sid:84545974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.188.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682873/; classtype:trojan-activity;sid:84545973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682872)"; flow:established,from_client; content:"GET"; http_method; content:"/77ncr5zinw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b7lx.6362o9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682872/; classtype:trojan-activity;sid:84545972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682871)"; flow:established,from_client; content:"GET"; http_method; content:"/k7.google|3f|t=hj89jfko"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"482.r46eu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682871/; classtype:trojan-activity;sid:84545971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.251.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682870/; classtype:trojan-activity;sid:84545970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.251.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682869/; classtype:trojan-activity;sid:84545969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.45.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682868/; classtype:trojan-activity;sid:84545968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682867)"; flow:established,from_client; content:"GET"; http_method; content:"/xopom0x53s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w9r2.6362o9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682867/; classtype:trojan-activity;sid:84545967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682866)"; flow:established,from_client; content:"GET"; http_method; content:"/lbh5.check|3f|t=r2llbg5g"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"drift.1-byhih-05-ey.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682866/; classtype:trojan-activity;sid:84545966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.250.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682865/; classtype:trojan-activity;sid:84545965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.155.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682864/; classtype:trojan-activity;sid:84545964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.104.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682863/; classtype:trojan-activity;sid:84545963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682862)"; flow:established,from_client; content:"GET"; http_method; content:"/3s1px12h9t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w9r2.6362o9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682862/; classtype:trojan-activity;sid:84545962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682861)"; flow:established,from_client; content:"GET"; http_method; content:"/vrckb.google|3f|t=antccrwg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"deb1t.1-byhih-05-ey.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682861/; classtype:trojan-activity;sid:84545961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682860/; classtype:trojan-activity;sid:84545960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.94.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682859/; classtype:trojan-activity;sid:84545959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.250.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682858/; classtype:trojan-activity;sid:84545958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.112.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682857/; classtype:trojan-activity;sid:84545957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682856)"; flow:established,from_client; content:"GET"; http_method; content:"/cltdehzlex.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"3mta.6362o9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682856/; classtype:trojan-activity;sid:84545956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682855)"; flow:established,from_client; content:"GET"; http_method; content:"/5r.check|3f|t=v8utud2o"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"above55.7-nenop-38-oy.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682855/; classtype:trojan-activity;sid:84545955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.155.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682854/; classtype:trojan-activity;sid:84545954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682853)"; flow:established,from_client; content:"GET"; http_method; content:"/u6.google|3f|t=det04ytv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"al1ve.1-mafus-044-e.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682853/; classtype:trojan-activity;sid:84545953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682852)"; flow:established,from_client; content:"GET"; http_method; content:"/yxkwpdius1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"3mta.6362o9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682852/; classtype:trojan-activity;sid:84545952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.92.159.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682851/; classtype:trojan-activity;sid:84545951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.104.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682850/; classtype:trojan-activity;sid:84545950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.112.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682848/; classtype:trojan-activity;sid:84545948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682849/; classtype:trojan-activity;sid:84545949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.140.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682847/; classtype:trojan-activity;sid:84545947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.20.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682846/; classtype:trojan-activity;sid:84545946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.133.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682845/; classtype:trojan-activity;sid:84545945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.33.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682844/; classtype:trojan-activity;sid:84545944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682843/; classtype:trojan-activity;sid:84545943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682834)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.235.216.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682834/; classtype:trojan-activity;sid:84545934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.111.49.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682835/; classtype:trojan-activity;sid:84545935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.217.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682836/; classtype:trojan-activity;sid:84545936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.30.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682837/; classtype:trojan-activity;sid:84545937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682838/; classtype:trojan-activity;sid:84545938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.108.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682839/; classtype:trojan-activity;sid:84545939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.52.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682840/; classtype:trojan-activity;sid:84545940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.142.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682841/; classtype:trojan-activity;sid:84545941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.156.243.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682842/; classtype:trojan-activity;sid:84545942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.163.187.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682829/; classtype:trojan-activity;sid:84545929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.235.147.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682830/; classtype:trojan-activity;sid:84545930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.235.147.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682831/; classtype:trojan-activity;sid:84545931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.10.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682832/; classtype:trojan-activity;sid:84545932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.51.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682833/; classtype:trojan-activity;sid:84545933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.115.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682828/; classtype:trojan-activity;sid:84545928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682826)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"chamjs.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682826/; classtype:trojan-activity;sid:84545926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682827)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/bof.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"chamjs.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682827/; classtype:trojan-activity;sid:84545927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682825)"; flow:established,from_client; content:"GET"; http_method; content:"/barracoksx.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.siegelpigeons.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682825/; classtype:trojan-activity;sid:84545925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682824)"; flow:established,from_client; content:"GET"; http_method; content:"/u4gso20adp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"yk8q.6362o9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682824/; classtype:trojan-activity;sid:84545924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682823)"; flow:established,from_client; content:"GET"; http_method; content:"/tqzu.check|3f|t=vwg7vc7f"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fiber.5-juzeb-0-io.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682823/; classtype:trojan-activity;sid:84545923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.118.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682822/; classtype:trojan-activity;sid:84545922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.53.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682821/; classtype:trojan-activity;sid:84545921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682819)"; flow:established,from_client; content:"GET"; http_method; content:"/f6bp.check|3f|t=wpwrfn4z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"greet4.0-we-fid-707-i.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682819/; classtype:trojan-activity;sid:84545919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682820)"; flow:established,from_client; content:"GET"; http_method; content:"/je9mbsur1n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2d1.6362o9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682820/; classtype:trojan-activity;sid:84545920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682818/; classtype:trojan-activity;sid:84545918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682817/; classtype:trojan-activity;sid:84545917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682816)"; flow:established,from_client; content:"GET"; http_method; content:"/ub3c6.google|3f|t=ac8835fh"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"brlef33.1-byhih-05-ey.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682816/; classtype:trojan-activity;sid:84545916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682815)"; flow:established,from_client; content:"GET"; http_method; content:"/nte9nko72k.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2d1.6362o9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682815/; classtype:trojan-activity;sid:84545915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682814)"; flow:established,from_client; content:"GET"; http_method; content:"/mns1v0ys4c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"me9x.9z2503.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682814/; classtype:trojan-activity;sid:84545914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682813)"; flow:established,from_client; content:"GET"; http_method; content:"/tpaq.check|3f|t=h5tb2y2f"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"death.7-doxok-46-eu.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682813/; classtype:trojan-activity;sid:84545913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682812)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"f9m0.7i091.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682812/; classtype:trojan-activity;sid:84545912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682811)"; flow:established,from_client; content:"GET"; http_method; content:"/domhtnicrh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"me9x.9z2503.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682811/; classtype:trojan-activity;sid:84545911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682809)"; flow:established,from_client; content:"GET"; http_method; content:"/seti83yx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fresh.5-milod-931-o.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682809/; classtype:trojan-activity;sid:84545909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682810)"; flow:established,from_client; content:"GET"; http_method; content:"/cxxfq.google|3f|t=6law9e50"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"fresh.5-milod-931-o.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682810/; classtype:trojan-activity;sid:84545910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682808/; classtype:trojan-activity;sid:84545908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.77.38.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682807/; classtype:trojan-activity;sid:84545907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682806/; classtype:trojan-activity;sid:84545906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.193.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682805/; classtype:trojan-activity;sid:84545905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.231.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682804/; classtype:trojan-activity;sid:84545904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682802)"; flow:established,from_client; content:"GET"; http_method; content:"/vi.google|3f|t=pgcb1uea"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fla5h.2-fyzog-201-e.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682802/; classtype:trojan-activity;sid:84545902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682803)"; flow:established,from_client; content:"GET"; http_method; content:"/axelxfys5u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r4h8.9z2503.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682803/; classtype:trojan-activity;sid:84545903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.214.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682801/; classtype:trojan-activity;sid:84545901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682800)"; flow:established,from_client; content:"GET"; http_method; content:"/z85mll0z3u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r4h8.9z2503.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682800/; classtype:trojan-activity;sid:84545900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682799)"; flow:established,from_client; content:"GET"; http_method; content:"/ccfs.check|3f|t=6bryrvkz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"keeniy8.5-milod-931-o.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682799/; classtype:trojan-activity;sid:84545899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.231.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682798/; classtype:trojan-activity;sid:84545898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682796)"; flow:established,from_client; content:"GET"; http_method; content:"/p4w.google|3f|t=bdxcp0jh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lover.0-we-fid-707-i.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682796/; classtype:trojan-activity;sid:84545896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682797)"; flow:established,from_client; content:"GET"; http_method; content:"/obfz8plrzw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"1gzu.9z2503.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682797/; classtype:trojan-activity;sid:84545897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.153.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682795/; classtype:trojan-activity;sid:84545895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.245.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682794/; classtype:trojan-activity;sid:84545894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.214.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682793/; classtype:trojan-activity;sid:84545893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.10.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682792/; classtype:trojan-activity;sid:84545892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.245.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682791/; classtype:trojan-activity;sid:84545891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682790/; classtype:trojan-activity;sid:84545890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682789)"; flow:established,from_client; content:"GET"; http_method; content:"/l6.google|3f|t=ypiex10z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fa1se4.5-milod-931-o.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682789/; classtype:trojan-activity;sid:84545889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.153.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682788/; classtype:trojan-activity;sid:84545888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.12.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682787/; classtype:trojan-activity;sid:84545887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682786)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"g7k.7i091.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682786/; classtype:trojan-activity;sid:84545886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682785)"; flow:established,from_client; content:"GET"; http_method; content:"/9gr91gck"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"issue.2-fyzog-201-e.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682785/; classtype:trojan-activity;sid:84545885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.179.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682784/; classtype:trojan-activity;sid:84545884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682783)"; flow:established,from_client; content:"GET"; http_method; content:"/zxoiwbz0jk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vj3c.9z2503.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682783/; classtype:trojan-activity;sid:84545883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682782)"; flow:established,from_client; content:"GET"; http_method; content:"/fyk.check|3f|t=d283i1lk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"issue.2-fyzog-201-e.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682782/; classtype:trojan-activity;sid:84545882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.90.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682781/; classtype:trojan-activity;sid:84545881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.8.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682780/; classtype:trojan-activity;sid:84545880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.194.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682779/; classtype:trojan-activity;sid:84545879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.10.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682778/; classtype:trojan-activity;sid:84545878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.1.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682777/; classtype:trojan-activity;sid:84545877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682775)"; flow:established,from_client; content:"GET"; http_method; content:"/xw.google|3f|t=ev0ejbk4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"flour.1-mafus-044-e.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682775/; classtype:trojan-activity;sid:84545875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682776)"; flow:established,from_client; content:"GET"; http_method; content:"/pklztt5e6a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vj3c.9z2503.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682776/; classtype:trojan-activity;sid:84545876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682774/; classtype:trojan-activity;sid:84545874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682773)"; flow:established,from_client; content:"GET"; http_method; content:"/ti2ooxyux6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t5y0.9z2503.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682773/; classtype:trojan-activity;sid:84545873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682772)"; flow:established,from_client; content:"GET"; http_method; content:"/sjq3.google|3f|t=g891khh3"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"bring05.5-milod-931-o.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682772/; classtype:trojan-activity;sid:84545872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.227.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682771/; classtype:trojan-activity;sid:84545871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682770/; classtype:trojan-activity;sid:84545870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.174.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682769/; classtype:trojan-activity;sid:84545869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.8.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682767/; classtype:trojan-activity;sid:84545867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.161.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682768/; classtype:trojan-activity;sid:84545868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682766)"; flow:established,from_client; content:"GET"; http_method; content:"/vilhr2yvvd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t5y0.9z2503.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682766/; classtype:trojan-activity;sid:84545866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682765)"; flow:established,from_client; content:"GET"; http_method; content:"/jf4e.check|3f|t=9hainbmw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"forty.4-pytim-30-ua.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682765/; classtype:trojan-activity;sid:84545865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.190.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682764/; classtype:trojan-activity;sid:84545864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682763)"; flow:established,from_client; content:"GET"; http_method; content:"/o0b5b3k4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"forty.4-pytim-30-ua.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682763/; classtype:trojan-activity;sid:84545863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.98.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682762/; classtype:trojan-activity;sid:84545862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.93.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682761/; classtype:trojan-activity;sid:84545861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.250.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682760/; classtype:trojan-activity;sid:84545860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.227.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682759/; classtype:trojan-activity;sid:84545859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682758)"; flow:established,from_client; content:"GET"; http_method; content:"/file/supp35.pdf"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"shkb-info.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682758/; classtype:trojan-activity;sid:84545858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682757/; classtype:trojan-activity;sid:84545857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682756)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rsayhbah"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"spaste.us"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682756/; classtype:trojan-activity;sid:84545856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.238.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682755/; classtype:trojan-activity;sid:84545855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.185.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682754/; classtype:trojan-activity;sid:84545854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682753)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251015234503.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.92.240.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682753/; classtype:trojan-activity;sid:84545853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682752)"; flow:established,from_client; content:"GET"; http_method; content:"/snk/drivespan.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"85.239.246.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682752/; classtype:trojan-activity;sid:84545852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.161.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682751/; classtype:trojan-activity;sid:84545851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682750)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kmro/kkdi99ew0cv03jdjfsdhj400df04sdxcv0we03220dcxvjs9f930sxcvj322jjsdf0sdf0sfxc0f032jdkfs.hta"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"23.95.117.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682750/; classtype:trojan-activity;sid:84545850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682749/; classtype:trojan-activity;sid:84545849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.98.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682748/; classtype:trojan-activity;sid:84545848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682747)"; flow:established,from_client; content:"GET"; http_method; content:"/0/items/optimized_msi_20251015_0601/optimized_msi.png"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"ia902802.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682747/; classtype:trojan-activity;sid:84545847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682746)"; flow:established,from_client; content:"GET"; http_method; content:"/finance/titus.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"minel-lights.rs"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682746/; classtype:trojan-activity;sid:84545846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682745)"; flow:established,from_client; content:"GET"; http_method; content:"/extra_tool.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682745/; classtype:trojan-activity;sid:84545845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682744)"; flow:established,from_client; content:"GET"; http_method; content:"/cookautofdllopfire.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682744/; classtype:trojan-activity;sid:84545844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682742)"; flow:established,from_client; content:"GET"; http_method; content:"/my_new_dll.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682742/; classtype:trojan-activity;sid:84545842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682743)"; flow:established,from_client; content:"GET"; http_method; content:"/telegram_data_mover.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682743/; classtype:trojan-activity;sid:84545843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682741)"; flow:established,from_client; content:"GET"; http_method; content:"/processes.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682741/; classtype:trojan-activity;sid:84545841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682740)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_decrypt.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682740/; classtype:trojan-activity;sid:84545840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682739)"; flow:established,from_client; content:"GET"; http_method; content:"/additional_tool.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682739/; classtype:trojan-activity;sid:84545839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682738)"; flow:established,from_client; content:"GET"; http_method; content:"/another_tool.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682738/; classtype:trojan-activity;sid:84545838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682728)"; flow:established,from_client; content:"GET"; http_method; content:"/filezilla.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682728/; classtype:trojan-activity;sid:84545828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682729)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_inject.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682729/; classtype:trojan-activity;sid:84545829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682730)"; flow:established,from_client; content:"GET"; http_method; content:"/steam_config_backup.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682730/; classtype:trojan-activity;sid:84545830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682731)"; flow:established,from_client; content:"GET"; http_method; content:"/password_formatter.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682731/; classtype:trojan-activity;sid:84545831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682732)"; flow:established,from_client; content:"GET"; http_method; content:"/walletsorterdll.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682732/; classtype:trojan-activity;sid:84545832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682733)"; flow:established,from_client; content:"GET"; http_method; content:"/info.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682733/; classtype:trojan-activity;sid:84545833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682734)"; flow:established,from_client; content:"GET"; http_method; content:"/screenshot.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682734/; classtype:trojan-activity;sid:84545834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682735)"; flow:established,from_client; content:"GET"; http_method; content:"/extentwallet.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682735/; classtype:trojan-activity;sid:84545835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682736)"; flow:established,from_client; content:"GET"; http_method; content:"/software.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682736/; classtype:trojan-activity;sid:84545836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682737)"; flow:established,from_client; content:"GET"; http_method; content:"/documentgrabber.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682737/; classtype:trojan-activity;sid:84545837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682727)"; flow:established,from_client; content:"GET"; http_method; content:"/cczt7wmnnd29ie"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.219.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682727/; classtype:trojan-activity;sid:84545827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.185.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682726/; classtype:trojan-activity;sid:84545826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.85.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682725/; classtype:trojan-activity;sid:84545825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.72.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682724/; classtype:trojan-activity;sid:84545824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682723/; classtype:trojan-activity;sid:84545823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682722)"; flow:established,from_client; content:"GET"; http_method; content:"/e35680807f224aa98d8d15c5cccf0248_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682722/; classtype:trojan-activity;sid:84545822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682721)"; flow:established,from_client; content:"GET"; http_method; content:"/ivvo.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682721/; classtype:trojan-activity;sid:84545821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.95.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682720/; classtype:trojan-activity;sid:84545820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682719)"; flow:established,from_client; content:"GET"; http_method; content:"/1b59b8e525874a3e836f26345d0d42cb_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682719/; classtype:trojan-activity;sid:84545819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682718)"; flow:established,from_client; content:"GET"; http_method; content:"/71a590d6d4a144a4be1d58b9e919769b_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682718/; classtype:trojan-activity;sid:84545818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682716)"; flow:established,from_client; content:"GET"; http_method; content:"/a5f1c962a5df40249f344ea46e56bfea_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682716/; classtype:trojan-activity;sid:84545816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682717)"; flow:established,from_client; content:"GET"; http_method; content:"/saswa.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682717/; classtype:trojan-activity;sid:84545817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682715)"; flow:established,from_client; content:"GET"; http_method; content:"/bubild.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682715/; classtype:trojan-activity;sid:84545815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682713)"; flow:established,from_client; content:"GET"; http_method; content:"/154c65a53e794aecbd54dc513b4c6a33_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682713/; classtype:trojan-activity;sid:84545813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682714)"; flow:established,from_client; content:"GET"; http_method; content:"/51d15381c5e74b9a8706fa7fd3fea133_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682714/; classtype:trojan-activity;sid:84545814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682707)"; flow:established,from_client; content:"GET"; http_method; content:"/d0ecb0ddeb0b4fbca3b423fb355721ed_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682707/; classtype:trojan-activity;sid:84545807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682708)"; flow:established,from_client; content:"GET"; http_method; content:"/1405f383e97449d388aa69dcc45ab7c2_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682708/; classtype:trojan-activity;sid:84545808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682709)"; flow:established,from_client; content:"GET"; http_method; content:"/e52ccdbdb1bd4e31b80b7ec1f38f9b84_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682709/; classtype:trojan-activity;sid:84545809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682710)"; flow:established,from_client; content:"GET"; http_method; content:"/wilde.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682710/; classtype:trojan-activity;sid:84545810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682711)"; flow:established,from_client; content:"GET"; http_method; content:"/36ac8231d2644a5a83063028eb99c8a4_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682711/; classtype:trojan-activity;sid:84545811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682712)"; flow:established,from_client; content:"GET"; http_method; content:"/bd9d4b5530bf46dfbb287fcfc78d68f6_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682712/; classtype:trojan-activity;sid:84545812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682706/; classtype:trojan-activity;sid:84545806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682703)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnhppaxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682703/; classtype:trojan-activity;sid:84545803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682704)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682704/; classtype:trojan-activity;sid:84545804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682705)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682705/; classtype:trojan-activity;sid:84545805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682697)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682697/; classtype:trojan-activity;sid:84545797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682698)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682698/; classtype:trojan-activity;sid:84545798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682699)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682699/; classtype:trojan-activity;sid:84545799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682700/; classtype:trojan-activity;sid:84545800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682701/; classtype:trojan-activity;sid:84545801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682702/; classtype:trojan-activity;sid:84545802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682684)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682684/; classtype:trojan-activity;sid:84545784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682685)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682685/; classtype:trojan-activity;sid:84545785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682686)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682686/; classtype:trojan-activity;sid:84545786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682687)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682687/; classtype:trojan-activity;sid:84545787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682688)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682688/; classtype:trojan-activity;sid:84545788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682689)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682689/; classtype:trojan-activity;sid:84545789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682690)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682690/; classtype:trojan-activity;sid:84545790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682691)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682691/; classtype:trojan-activity;sid:84545791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682692)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682692/; classtype:trojan-activity;sid:84545792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682693)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682693/; classtype:trojan-activity;sid:84545793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682694)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682694/; classtype:trojan-activity;sid:84545794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682695)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682695/; classtype:trojan-activity;sid:84545795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682696)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682696/; classtype:trojan-activity;sid:84545796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682671)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682671/; classtype:trojan-activity;sid:84545771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682672)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnalphaxnxn"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682672/; classtype:trojan-activity;sid:84545772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682673)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxncskyxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682673/; classtype:trojan-activity;sid:84545773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682674)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnpowerpc64xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682674/; classtype:trojan-activity;sid:84545774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682675)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnsparc64xnxn"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682675/; classtype:trojan-activity;sid:84545775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682676)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarm-gnueabixnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682676/; classtype:trojan-activity;sid:84545776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682677)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682677/; classtype:trojan-activity;sid:84545777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682678/; classtype:trojan-activity;sid:84545778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682679/; classtype:trojan-activity;sid:84545779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682680/; classtype:trojan-activity;sid:84545780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682681/; classtype:trojan-activity;sid:84545781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682682/; classtype:trojan-activity;sid:84545782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682683)"; flow:established,from_client; content:"GET"; http_method; content:"/parm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682683/; classtype:trojan-activity;sid:84545783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682663)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682663/; classtype:trojan-activity;sid:84545763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682664)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682664/; classtype:trojan-activity;sid:84545764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682665)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682665/; classtype:trojan-activity;sid:84545765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682666)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnmips64xnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682666/; classtype:trojan-activity;sid:84545766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682667)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnhppa64xnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682667/; classtype:trojan-activity;sid:84545767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682668)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxns390xnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682668/; classtype:trojan-activity;sid:84545768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682669)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnxtensaxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682669/; classtype:trojan-activity;sid:84545769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682670/; classtype:trojan-activity;sid:84545770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682661)"; flow:established,from_client; content:"GET"; http_method; content:"/little"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682661/; classtype:trojan-activity;sid:84545761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682662)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682662/; classtype:trojan-activity;sid:84545762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682660)"; flow:established,from_client; content:"GET"; http_method; content:"/fs"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682660/; classtype:trojan-activity;sid:84545760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682646)"; flow:established,from_client; content:"GET"; http_method; content:"/qaxsafe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682646/; classtype:trojan-activity;sid:84545746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682647)"; flow:established,from_client; content:"GET"; http_method; content:"/python38.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682647/; classtype:trojan-activity;sid:84545747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682648)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682648/; classtype:trojan-activity;sid:84545748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682649)"; flow:established,from_client; content:"GET"; http_method; content:"/hadoop"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682649/; classtype:trojan-activity;sid:84545749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682650)"; flow:established,from_client; content:"GET"; http_method; content:"/kcp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682650/; classtype:trojan-activity;sid:84545750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682651)"; flow:established,from_client; content:"GET"; http_method; content:"/dubbo"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682651/; classtype:trojan-activity;sid:84545751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682652)"; flow:established,from_client; content:"GET"; http_method; content:"/mac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682652/; classtype:trojan-activity;sid:84545752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682653)"; flow:established,from_client; content:"GET"; http_method; content:"/qaxsafe.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682653/; classtype:trojan-activity;sid:84545753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682654)"; flow:established,from_client; content:"GET"; http_method; content:"/pwd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682654/; classtype:trojan-activity;sid:84545754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682655)"; flow:established,from_client; content:"GET"; http_method; content:"/k8s"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682655/; classtype:trojan-activity;sid:84545755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682656)"; flow:established,from_client; content:"GET"; http_method; content:"/http"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682656/; classtype:trojan-activity;sid:84545756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682657)"; flow:established,from_client; content:"GET"; http_method; content:"/atd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682657/; classtype:trojan-activity;sid:84545757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682658)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682658/; classtype:trojan-activity;sid:84545758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682659)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.57.105.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682659/; classtype:trojan-activity;sid:84545759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682645)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7243644664/jjpvidd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682645/; classtype:trojan-activity;sid:84545745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.18.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682643/; classtype:trojan-activity;sid:84545743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.250.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682644/; classtype:trojan-activity;sid:84545744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.61.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682642/; classtype:trojan-activity;sid:84545742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.89.101.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682641/; classtype:trojan-activity;sid:84545741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.43.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682640/; classtype:trojan-activity;sid:84545740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.158.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682639/; classtype:trojan-activity;sid:84545739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.76.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682638/; classtype:trojan-activity;sid:84545738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.89.101.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682637/; classtype:trojan-activity;sid:84545737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.72.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682636/; classtype:trojan-activity;sid:84545736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682635)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/uuajsee.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682635/; classtype:trojan-activity;sid:84545735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.198.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682634/; classtype:trojan-activity;sid:84545734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.224.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682632/; classtype:trojan-activity;sid:84545732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.121.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682633/; classtype:trojan-activity;sid:84545733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.171.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682631/; classtype:trojan-activity;sid:84545731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682630/; classtype:trojan-activity;sid:84545730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.158.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682629/; classtype:trojan-activity;sid:84545729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.113.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682628/; classtype:trojan-activity;sid:84545728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682627)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"q8z1.7i091.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682627/; classtype:trojan-activity;sid:84545727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682626)"; flow:established,from_client; content:"GET"; http_method; content:"/yarcwox9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"drunk.5-forez-515-o.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682626/; classtype:trojan-activity;sid:84545726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.76.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682625/; classtype:trojan-activity;sid:84545725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682624/; classtype:trojan-activity;sid:84545724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.247.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682623/; classtype:trojan-activity;sid:84545723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.171.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682622/; classtype:trojan-activity;sid:84545722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.224.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682621/; classtype:trojan-activity;sid:84545721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.190.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682620/; classtype:trojan-activity;sid:84545720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682619)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"v2.7i091.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682619/; classtype:trojan-activity;sid:84545719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682618)"; flow:established,from_client; content:"GET"; http_method; content:"/2uz54ki3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"buyer.xiqek-40-ye-8.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682618/; classtype:trojan-activity;sid:84545718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.228.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682617/; classtype:trojan-activity;sid:84545717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.121.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682616/; classtype:trojan-activity;sid:84545716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.154.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682615/; classtype:trojan-activity;sid:84545715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.242.198.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682614/; classtype:trojan-activity;sid:84545714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.247.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682613/; classtype:trojan-activity;sid:84545713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682612)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yh3a.7i091.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682612/; classtype:trojan-activity;sid:84545712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682611)"; flow:established,from_client; content:"GET"; http_method; content:"/docrz15u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coast.2-fyzog-201-e.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682611/; classtype:trojan-activity;sid:84545711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682610/; classtype:trojan-activity;sid:84545710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682609/; classtype:trojan-activity;sid:84545709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682607/; classtype:trojan-activity;sid:84545707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.177.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682608/; classtype:trojan-activity;sid:84545708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.235.147.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682606/; classtype:trojan-activity;sid:84545706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.3.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682605/; classtype:trojan-activity;sid:84545705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.168.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682603/; classtype:trojan-activity;sid:84545703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.200.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682604/; classtype:trojan-activity;sid:84545704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682602)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"c3k9.4y328.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682602/; classtype:trojan-activity;sid:84545702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682601)"; flow:established,from_client; content:"GET"; http_method; content:"/e66y2kmf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"easy57.1-byhih-05-ey.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682601/; classtype:trojan-activity;sid:84545701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.167.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682600/; classtype:trojan-activity;sid:84545700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682599/; classtype:trojan-activity;sid:84545699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.252.168.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682598/; classtype:trojan-activity;sid:84545698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.154.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682597/; classtype:trojan-activity;sid:84545697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.234.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682596/; classtype:trojan-activity;sid:84545696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.15.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682595/; classtype:trojan-activity;sid:84545695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.132.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682594/; classtype:trojan-activity;sid:84545694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682593)"; flow:established,from_client; content:"GET"; http_method; content:"/hbebixwk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jumpy.5-forez-515-o.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682593/; classtype:trojan-activity;sid:84545693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682592)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"r8.4y328.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682592/; classtype:trojan-activity;sid:84545692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.167.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682591/; classtype:trojan-activity;sid:84545691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.119.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682590/; classtype:trojan-activity;sid:84545690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.214.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682588/; classtype:trojan-activity;sid:84545688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.101.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682589/; classtype:trojan-activity;sid:84545689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.177.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682587/; classtype:trojan-activity;sid:84545687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.50.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682586/; classtype:trojan-activity;sid:84545686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.129.1.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682585/; classtype:trojan-activity;sid:84545685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.15.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682584/; classtype:trojan-activity;sid:84545684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682583)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"m01a.4y328.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682583/; classtype:trojan-activity;sid:84545683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682582)"; flow:established,from_client; content:"GET"; http_method; content:"/18uxq3bm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eager.7-nenop-38-oy.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682582/; classtype:trojan-activity;sid:84545682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.167.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682581/; classtype:trojan-activity;sid:84545681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.101.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682580/; classtype:trojan-activity;sid:84545680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.50.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682579/; classtype:trojan-activity;sid:84545679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.238.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682578/; classtype:trojan-activity;sid:84545678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682577)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tz6.4y328.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682577/; classtype:trojan-activity;sid:84545677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682576)"; flow:established,from_client; content:"GET"; http_method; content:"/z5qgb0xk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"biame.7-doxok-46-eu.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682576/; classtype:trojan-activity;sid:84545676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.116.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682574/; classtype:trojan-activity;sid:84545674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.48.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682575/; classtype:trojan-activity;sid:84545675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.11.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682573/; classtype:trojan-activity;sid:84545673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.237.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682572/; classtype:trojan-activity;sid:84545672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.96.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682571/; classtype:trojan-activity;sid:84545671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.48.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682570/; classtype:trojan-activity;sid:84545670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.116.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682569/; classtype:trojan-activity;sid:84545669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.238.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682568/; classtype:trojan-activity;sid:84545668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682566)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"b7q.4y328.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682566/; classtype:trojan-activity;sid:84545666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682567)"; flow:established,from_client; content:"GET"; http_method; content:"/m6hazq9i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"board73.0-we-fid-707-i.ru"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682567/; classtype:trojan-activity;sid:84545667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.93.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682565/; classtype:trojan-activity;sid:84545665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.177.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682563/; classtype:trojan-activity;sid:84545663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682564)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"n4y2.4y328.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682564/; classtype:trojan-activity;sid:84545664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682562)"; flow:established,from_client; content:"GET"; http_method; content:"/ivbwy7mu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"essay8.5-forez-515-o.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682562/; classtype:trojan-activity;sid:84545662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682561)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.226.207.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682561/; classtype:trojan-activity;sid:84545661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.219.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682560/; classtype:trojan-activity;sid:84545660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682558)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"x7.9e466.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682558/; classtype:trojan-activity;sid:84545658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682559)"; flow:established,from_client; content:"GET"; http_method; content:"/4cmeyomm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a5ide.1-mafus-044-e.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682559/; classtype:trojan-activity;sid:84545659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.104.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682557/; classtype:trojan-activity;sid:84545657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.219.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682556/; classtype:trojan-activity;sid:84545656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682555/; classtype:trojan-activity;sid:84545655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.95.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682554/; classtype:trojan-activity;sid:84545654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.192.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682553/; classtype:trojan-activity;sid:84545653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682552)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"p9t.9e466.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682552/; classtype:trojan-activity;sid:84545652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682551)"; flow:established,from_client; content:"GET"; http_method; content:"/3a0kvxoz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"enjoy.2-wafij-3-ue.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682551/; classtype:trojan-activity;sid:84545651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.61.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682550/; classtype:trojan-activity;sid:84545650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.175.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682549/; classtype:trojan-activity;sid:84545649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.11.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682548/; classtype:trojan-activity;sid:84545648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682547)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"k3v7.9e466.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682547/; classtype:trojan-activity;sid:84545647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682546)"; flow:established,from_client; content:"GET"; http_method; content:"/8edie12u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"album.0-rohyp-5-yu.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682546/; classtype:trojan-activity;sid:84545646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682545/; classtype:trojan-activity;sid:84545645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.200.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682544/; classtype:trojan-activity;sid:84545644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682543/; classtype:trojan-activity;sid:84545643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.123.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682542/; classtype:trojan-activity;sid:84545642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.14.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682541/; classtype:trojan-activity;sid:84545641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.38.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682540/; classtype:trojan-activity;sid:84545640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682539/; classtype:trojan-activity;sid:84545639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.159.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682538/; classtype:trojan-activity;sid:84545638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.38.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682537/; classtype:trojan-activity;sid:84545637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.14.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682536/; classtype:trojan-activity;sid:84545636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682535/; classtype:trojan-activity;sid:84545635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.249.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682534/; classtype:trojan-activity;sid:84545634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.60.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682533/; classtype:trojan-activity;sid:84545633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.158.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682532/; classtype:trojan-activity;sid:84545632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682531/; classtype:trojan-activity;sid:84545631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.101.59.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682530/; classtype:trojan-activity;sid:84545630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.83.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682529/; classtype:trojan-activity;sid:84545629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.249.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682528/; classtype:trojan-activity;sid:84545628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.134.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682527/; classtype:trojan-activity;sid:84545627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.23.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682526/; classtype:trojan-activity;sid:84545626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.171.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682525/; classtype:trojan-activity;sid:84545625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.63.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682524/; classtype:trojan-activity;sid:84545624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.147.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682523/; classtype:trojan-activity;sid:84545623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.83.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682522/; classtype:trojan-activity;sid:84545622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.87.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682521/; classtype:trojan-activity;sid:84545621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.197.157.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682520/; classtype:trojan-activity;sid:84545620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.83.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682519/; classtype:trojan-activity;sid:84545619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.34.242.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682518/; classtype:trojan-activity;sid:84545618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.151.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682517/; classtype:trojan-activity;sid:84545617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.159.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682516/; classtype:trojan-activity;sid:84545616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682515/; classtype:trojan-activity;sid:84545615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.169.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682514/; classtype:trojan-activity;sid:84545614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.123.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682512/; classtype:trojan-activity;sid:84545612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.169.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682513/; classtype:trojan-activity;sid:84545613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.83.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682510/; classtype:trojan-activity;sid:84545610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.147.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682511/; classtype:trojan-activity;sid:84545611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.34.242.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682509/; classtype:trojan-activity;sid:84545609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.49.158.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682508/; classtype:trojan-activity;sid:84545608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.151.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682507/; classtype:trojan-activity;sid:84545607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.150.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682506/; classtype:trojan-activity;sid:84545606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.250.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682505/; classtype:trojan-activity;sid:84545605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.198.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682504/; classtype:trojan-activity;sid:84545604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.150.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682503/; classtype:trojan-activity;sid:84545603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.62.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682502/; classtype:trojan-activity;sid:84545602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.87.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682501/; classtype:trojan-activity;sid:84545601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.250.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682500/; classtype:trojan-activity;sid:84545600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682499/; classtype:trojan-activity;sid:84545599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.104.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682498/; classtype:trojan-activity;sid:84545598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.86.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682492/; classtype:trojan-activity;sid:84545592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.108.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682493/; classtype:trojan-activity;sid:84545593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.59.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682494/; classtype:trojan-activity;sid:84545594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.234.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682495/; classtype:trojan-activity;sid:84545595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.132.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682496/; classtype:trojan-activity;sid:84545596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.49.158.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682497/; classtype:trojan-activity;sid:84545597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.235.147.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682489/; classtype:trojan-activity;sid:84545589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.102.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682490/; classtype:trojan-activity;sid:84545590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682491/; classtype:trojan-activity;sid:84545591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.235.147.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682488/; classtype:trojan-activity;sid:84545588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.53.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682487/; classtype:trojan-activity;sid:84545587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.62.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682486/; classtype:trojan-activity;sid:84545586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682483)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682483/; classtype:trojan-activity;sid:84545583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682484)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682484/; classtype:trojan-activity;sid:84545584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682485)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682485/; classtype:trojan-activity;sid:84545585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682476)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682476/; classtype:trojan-activity;sid:84545576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682477)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682477/; classtype:trojan-activity;sid:84545577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682478)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682478/; classtype:trojan-activity;sid:84545578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682479)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682479/; classtype:trojan-activity;sid:84545579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682480)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682480/; classtype:trojan-activity;sid:84545580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682481)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682481/; classtype:trojan-activity;sid:84545581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682482)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682482/; classtype:trojan-activity;sid:84545582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682475)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682475/; classtype:trojan-activity;sid:84545575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682473)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682473/; classtype:trojan-activity;sid:84545573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682474)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv1068676.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682474/; classtype:trojan-activity;sid:84545574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.198.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682472/; classtype:trojan-activity;sid:84545572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.115.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682471/; classtype:trojan-activity;sid:84545571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.54.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682470/; classtype:trojan-activity;sid:84545570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682469)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"q2x8.4a8u6.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682469/; classtype:trojan-activity;sid:84545569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682468)"; flow:established,from_client; content:"GET"; http_method; content:"/1bf7powf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"anger.2-pukeg-36-oy.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682468/; classtype:trojan-activity;sid:84545568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.71.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682467/; classtype:trojan-activity;sid:84545567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682464)"; flow:established,from_client; content:"GET"; http_method; content:"/kla.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682464/; classtype:trojan-activity;sid:84545564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682465)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682465/; classtype:trojan-activity;sid:84545565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682466)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682466/; classtype:trojan-activity;sid:84545566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.1.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682463/; classtype:trojan-activity;sid:84545563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682462/; classtype:trojan-activity;sid:84545562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.168.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682461/; classtype:trojan-activity;sid:84545561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682460)"; flow:established,from_client; content:"GET"; http_method; content:"/4igkultf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"brown6.1-mafus-044-e.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682460/; classtype:trojan-activity;sid:84545560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682459)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"7m1a.4a8u6.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682459/; classtype:trojan-activity;sid:84545559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.240.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682458/; classtype:trojan-activity;sid:84545558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.159.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682457/; classtype:trojan-activity;sid:84545557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682456)"; flow:established,from_client; content:"GET"; http_method; content:"/xurx9oik"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fairy.2-pukeg-36-oy.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682456/; classtype:trojan-activity;sid:84545556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682455)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"z9kq.4a8u6.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682455/; classtype:trojan-activity;sid:84545555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682448)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.107.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682448/; classtype:trojan-activity;sid:84545548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682449)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.107.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682449/; classtype:trojan-activity;sid:84545549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682450)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.62.107.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682450/; classtype:trojan-activity;sid:84545550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682451)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"69.62.107.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682451/; classtype:trojan-activity;sid:84545551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682452)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.107.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682452/; classtype:trojan-activity;sid:84545552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682453)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.107.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682453/; classtype:trojan-activity;sid:84545553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682454)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.107.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682454/; classtype:trojan-activity;sid:84545554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682445)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.107.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682445/; classtype:trojan-activity;sid:84545545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682446)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.62.107.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682446/; classtype:trojan-activity;sid:84545546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682447)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.62.107.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682447/; classtype:trojan-activity;sid:84545547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682444)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"angle.hop-g-3.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682444/; classtype:trojan-activity;sid:84545544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682443)"; flow:established,from_client; content:"GET"; http_method; content:"/0c90kdeh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"event53.5-juzeb-0-io.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682443/; classtype:trojan-activity;sid:84545543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.43.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682442/; classtype:trojan-activity;sid:84545542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.159.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682441/; classtype:trojan-activity;sid:84545541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.240.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682440/; classtype:trojan-activity;sid:84545540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.49.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682439/; classtype:trojan-activity;sid:84545539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.71.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682438/; classtype:trojan-activity;sid:84545538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682437)"; flow:established,from_client; content:"GET"; http_method; content:"/gwq3zqxa"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"begun.7-nenop-38-oy.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682437/; classtype:trojan-activity;sid:84545537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682436)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"amber3.run-c-you.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682436/; classtype:trojan-activity;sid:84545536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.43.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682435/; classtype:trojan-activity;sid:84545535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"165.220.189.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682434/; classtype:trojan-activity;sid:84545534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682433)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"oxy7.joy-2-way.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682433/; classtype:trojan-activity;sid:84545533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682432)"; flow:established,from_client; content:"GET"; http_method; content:"/fycvdxqb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cross.xiqek-40-ye-8.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682432/; classtype:trojan-activity;sid:84545532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.49.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682431/; classtype:trojan-activity;sid:84545531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.193.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682430/; classtype:trojan-activity;sid:84545530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.236.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682429/; classtype:trojan-activity;sid:84545529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.44.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682428/; classtype:trojan-activity;sid:84545528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.159.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682427/; classtype:trojan-activity;sid:84545527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682426)"; flow:established,from_client; content:"GET"; http_method; content:"/o57qpl2b"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coast0.5-forez-515-o.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682426/; classtype:trojan-activity;sid:84545526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682424)"; flow:established,from_client; content:"GET"; http_method; content:"/2n37awqd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"delay.5-ninet-1-ou.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682424/; classtype:trojan-activity;sid:84545524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682425)"; flow:established,from_client; content:"GET"; http_method; content:"/sinkers"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ox.fix-fg.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682425/; classtype:trojan-activity;sid:84545525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"165.220.189.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682423/; classtype:trojan-activity;sid:84545523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682422)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.152.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682422/; classtype:trojan-activity;sid:84545522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.236.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682421/; classtype:trojan-activity;sid:84545521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.44.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682420/; classtype:trojan-activity;sid:84545520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.136.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682419/; classtype:trojan-activity;sid:84545519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.136.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682418/; classtype:trojan-activity;sid:84545518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.28.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682417/; classtype:trojan-activity;sid:84545517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.78.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682416/; classtype:trojan-activity;sid:84545516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682415/; classtype:trojan-activity;sid:84545515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.77.38.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682414/; classtype:trojan-activity;sid:84545514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682413/; classtype:trojan-activity;sid:84545513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.28.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682412/; classtype:trojan-activity;sid:84545512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.218.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682411/; classtype:trojan-activity;sid:84545511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.67.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682410/; classtype:trojan-activity;sid:84545510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.76.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682409/; classtype:trojan-activity;sid:84545509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.60.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682408/; classtype:trojan-activity;sid:84545508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.237.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682407/; classtype:trojan-activity;sid:84545507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.69.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682405/; classtype:trojan-activity;sid:84545505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.119.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682406/; classtype:trojan-activity;sid:84545506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682404/; classtype:trojan-activity;sid:84545504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682402/; classtype:trojan-activity;sid:84545502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.69.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682403/; classtype:trojan-activity;sid:84545503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.119.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682401/; classtype:trojan-activity;sid:84545501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.108.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682400/; classtype:trojan-activity;sid:84545500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.98.118.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682399/; classtype:trojan-activity;sid:84545499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682398/; classtype:trojan-activity;sid:84545498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.41.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682397/; classtype:trojan-activity;sid:84545497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.237.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682396/; classtype:trojan-activity;sid:84545496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.221.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682395/; classtype:trojan-activity;sid:84545495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.41.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682394/; classtype:trojan-activity;sid:84545494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.22.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682393/; classtype:trojan-activity;sid:84545493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.119.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682392/; classtype:trojan-activity;sid:84545492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.5.115"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682391/; classtype:trojan-activity;sid:84545491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.80.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682390/; classtype:trojan-activity;sid:84545490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682389)"; flow:established,from_client; content:"GET"; http_method; content:"/xia0w91goy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dawn3.syc0aq8uy1.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682389/; classtype:trojan-activity;sid:84545489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682388)"; flow:established,from_client; content:"GET"; http_method; content:"/by1x.check|3f|t=gfdwbquw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"actor.1-byhih-05-ey.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682388/; classtype:trojan-activity;sid:84545488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.47.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682387/; classtype:trojan-activity;sid:84545487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.146.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682385/; classtype:trojan-activity;sid:84545485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.221.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682386/; classtype:trojan-activity;sid:84545486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.208.203.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682384/; classtype:trojan-activity;sid:84545484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.45.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682383/; classtype:trojan-activity;sid:84545483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.72.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682379/; classtype:trojan-activity;sid:84545479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.6.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682380/; classtype:trojan-activity;sid:84545480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.45.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682381/; classtype:trojan-activity;sid:84545481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.45.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682382/; classtype:trojan-activity;sid:84545482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.220.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682377/; classtype:trojan-activity;sid:84545477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.244.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682378/; classtype:trojan-activity;sid:84545478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.189.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682376/; classtype:trojan-activity;sid:84545476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.167.2.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682375/; classtype:trojan-activity;sid:84545475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.79.129.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682374/; classtype:trojan-activity;sid:84545474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.169.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682370/; classtype:trojan-activity;sid:84545470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.63.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682371/; classtype:trojan-activity;sid:84545471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.168.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682372/; classtype:trojan-activity;sid:84545472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.28.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682373/; classtype:trojan-activity;sid:84545473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.217.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682363/; classtype:trojan-activity;sid:84545463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.150.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682364/; classtype:trojan-activity;sid:84545464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682365/; classtype:trojan-activity;sid:84545465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.22.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682366/; classtype:trojan-activity;sid:84545466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.107.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682367/; classtype:trojan-activity;sid:84545467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.26.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682368/; classtype:trojan-activity;sid:84545468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.94.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682369/; classtype:trojan-activity;sid:84545469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682362)"; flow:established,from_client; content:"GET"; http_method; content:"/fu.google|3f|t=n3arntfa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"focus.7-doxok-46-eu.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682362/; classtype:trojan-activity;sid:84545462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682361)"; flow:established,from_client; content:"GET"; http_method; content:"/0hfclnjbq9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"shine0.syc0aq8uy1.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682361/; classtype:trojan-activity;sid:84545461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.204.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682360/; classtype:trojan-activity;sid:84545460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.5.115"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682359/; classtype:trojan-activity;sid:84545459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682358)"; flow:established,from_client; content:"GET"; http_method; content:"/0qpymao2hf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wi1low.syc0aq8uy1.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682358/; classtype:trojan-activity;sid:84545458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682357)"; flow:established,from_client; content:"GET"; http_method; content:"/a9r3.google|3f|t=tf7mcl9i"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"began.5-forez-515-o.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682357/; classtype:trojan-activity;sid:84545457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.168.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682356/; classtype:trojan-activity;sid:84545456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.218.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682355/; classtype:trojan-activity;sid:84545455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682354/; classtype:trojan-activity;sid:84545454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.208.203.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682353/; classtype:trojan-activity;sid:84545453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682352)"; flow:established,from_client; content:"GET"; http_method; content:"/7m04.google|3f|t=5mitcy2b"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"851.rv6324.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682352/; classtype:trojan-activity;sid:84545452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.6.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682351/; classtype:trojan-activity;sid:84545451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682350)"; flow:established,from_client; content:"GET"; http_method; content:"/vb.check|3f|t=zpqwes1f"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"061.rv6324.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682350/; classtype:trojan-activity;sid:84545450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.250.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682349/; classtype:trojan-activity;sid:84545449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.7.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682348/; classtype:trojan-activity;sid:84545448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.192.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682347/; classtype:trojan-activity;sid:84545447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682345)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251016085750.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"activegroup-bd.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682345/; classtype:trojan-activity;sid:84545445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682346)"; flow:established,from_client; content:"GET"; http_method; content:"/9q1.google|3f|t=2xw12eph"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7436901.rv6324.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682346/; classtype:trojan-activity;sid:84545446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682344)"; flow:established,from_client; content:"GET"; http_method; content:"/333/sdof9do4ier9dfd9g3ggiuidf9fd9gcv934jjghdf93d9cxvxc93jjgjdgf9c99vcb89rrtbc99.hta"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"96.44.159.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682344/; classtype:trojan-activity;sid:84545444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682343)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kkn/sd99w090xcvjijsei000sdf09w0ef0cdf3iiuif920fs0f0sdf032fisidufiu0v0x9v090diudfg00909dfg00df.hta"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"23.95.117.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682343/; classtype:trojan-activity;sid:84545443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.251.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682342/; classtype:trojan-activity;sid:84545442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682341)"; flow:established,from_client; content:"GET"; http_method; content:"/glasskaaret.xsn"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91126069-0-20221021003910.webstarterz.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682341/; classtype:trojan-activity;sid:84545441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682340)"; flow:established,from_client; content:"GET"; http_method; content:"/yspun219.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91126069-0-20221021003910.webstarterz.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682340/; classtype:trojan-activity;sid:84545440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682339)"; flow:established,from_client; content:"GET"; http_method; content:"/fastsatte.dwp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91126069-0-20221021003910.webstarterz.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682339/; classtype:trojan-activity;sid:84545439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682338)"; flow:established,from_client; content:"GET"; http_method; content:"/ylbbjxwunbygjeg93.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"kociszew.webd.pl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682338/; classtype:trojan-activity;sid:84545438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682336)"; flow:established,from_client; content:"GET"; http_method; content:"/fondsvedtgtens.aca"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kociszew.webd.pl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682336/; classtype:trojan-activity;sid:84545436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682337)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fnewdll.txt|3f|alt=media|7c|26|7c|token=2a7619df-4ea7-43d3-9c6e-b74be01ff67f"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682337/; classtype:trojan-activity;sid:84545437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682335)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20250918232447.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"kokolau.free.nf"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682335/; classtype:trojan-activity;sid:84545435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682334)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251012222801.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"aye2103.lovestoblog.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682334/; classtype:trojan-activity;sid:84545434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682333)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_33f5a49017024ccdaaa13e21af585a07.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"vanjaar.lovestoblog.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682333/; classtype:trojan-activity;sid:84545433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682331)"; flow:established,from_client; content:"GET"; http_method; content:"/host/sea.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682331/; classtype:trojan-activity;sid:84545431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682332)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_9f69016cf85947838bb1261f63317176.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"aye2103.lovestoblog.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682332/; classtype:trojan-activity;sid:84545432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.2.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682330/; classtype:trojan-activity;sid:84545430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682328)"; flow:established,from_client; content:"GET"; http_method; content:"/host/cashhhh.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682328/; classtype:trojan-activity;sid:84545428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682329)"; flow:established,from_client; content:"GET"; http_method; content:"/host/ttesttt.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682329/; classtype:trojan-activity;sid:84545429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682327)"; flow:established,from_client; content:"GET"; http_method; content:"/host/fore.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682327/; classtype:trojan-activity;sid:84545427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682323)"; flow:established,from_client; content:"GET"; http_method; content:"/host/stein.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682323/; classtype:trojan-activity;sid:84545423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682324)"; flow:established,from_client; content:"GET"; http_method; content:"/host/sirdee.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682324/; classtype:trojan-activity;sid:84545424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682325)"; flow:established,from_client; content:"GET"; http_method; content:"/host/slyxx.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682325/; classtype:trojan-activity;sid:84545425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682326)"; flow:established,from_client; content:"GET"; http_method; content:"/host/air.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.157.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682326/; classtype:trojan-activity;sid:84545426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682322)"; flow:established,from_client; content:"GET"; http_method; content:"/download/msi-pro-with-b-64_20251009/msi_pro_with_b64.png"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682322/; classtype:trojan-activity;sid:84545422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682321)"; flow:established,from_client; content:"GET"; http_method; content:"/download/wp4055032-l-wallpapers_with_b64/wp4055032-l-wallpapers_with_b64.jpg"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682321/; classtype:trojan-activity;sid:84545421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682320)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_pro_with_b64_202509/optimized_msi_pro_with_b64.png"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682320/; classtype:trojan-activity;sid:84545420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682318)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=o67wewh1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"160287.rv6324.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682318/; classtype:trojan-activity;sid:84545418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682319)"; flow:established,from_client; content:"GET"; http_method; content:"/download/msi-pro-with-b-64_20251015_1424/msi_pro_with_b64.png"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682319/; classtype:trojan-activity;sid:84545419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682316)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682316/; classtype:trojan-activity;sid:84545416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682317)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682317/; classtype:trojan-activity;sid:84545417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.202.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682315/; classtype:trojan-activity;sid:84545415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.6.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682314/; classtype:trojan-activity;sid:84545414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682313)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=stzgzx1l"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"93055.rv6324.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682313/; classtype:trojan-activity;sid:84545413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.248.37.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682312/; classtype:trojan-activity;sid:84545412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.51.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682311/; classtype:trojan-activity;sid:84545411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682310)"; flow:established,from_client; content:"GET"; http_method; content:"/1kz.check|3f|t=gdbalvee"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4084.rv6324.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682310/; classtype:trojan-activity;sid:84545410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.90.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682309/; classtype:trojan-activity;sid:84545409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682308)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.google|3f|t=mf6yu1iz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"219.rv6324.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682308/; classtype:trojan-activity;sid:84545408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.67.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682306/; classtype:trojan-activity;sid:84545406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682307/; classtype:trojan-activity;sid:84545407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.202.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682305/; classtype:trojan-activity;sid:84545405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.165.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682304/; classtype:trojan-activity;sid:84545404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682303)"; flow:established,from_client; content:"GET"; http_method; content:"/cem.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.43.143.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682303/; classtype:trojan-activity;sid:84545403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682302/; classtype:trojan-activity;sid:84545402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682300)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=ia5nrja3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"034d2.bl8205.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682300/; classtype:trojan-activity;sid:84545400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682301)"; flow:established,from_client; content:"GET"; http_method; content:"/88gpq7qmvk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"force5.syc0aq8uy1.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682301/; classtype:trojan-activity;sid:84545401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682299)"; flow:established,from_client; content:"GET"; http_method; content:"/getdllv2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vaew-varen-investment.sbs"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682299/; classtype:trojan-activity;sid:84545399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.5.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682298/; classtype:trojan-activity;sid:84545398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682297)"; flow:established,from_client; content:"GET"; http_method; content:"/xfxkhbzl6l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"force5.syc0aq8uy1.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682297/; classtype:trojan-activity;sid:84545397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682296)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=5bvbihh3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"118.bl8205.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682296/; classtype:trojan-activity;sid:84545396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682295)"; flow:established,from_client; content:"GET"; http_method; content:"/424/sd829fsf23fkjjskfdj9vc9d849ffk4jkjsdjf929f94989cxv9x89vv934999g3kj49gdf9g89dg993.txt"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682295/; classtype:trojan-activity;sid:84545395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682294)"; flow:established,from_client; content:"GET"; http_method; content:"/346/we9d8dsf3er34kjer433j4j4d9s9cv03kds929fd93tj4h34kfkg43d9cv9349fdf04k4j4nk455n.txt"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682294/; classtype:trojan-activity;sid:84545394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682293)"; flow:established,from_client; content:"GET"; http_method; content:"/img/ksms/sc9ddc73jjhfjsh8cxs0d9xc23hjhj5j6jhj8bh876hfdf90gd900vb90brt90t0yr09asd03sfd0f0sd.txt"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682293/; classtype:trojan-activity;sid:84545393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682292)"; flow:established,from_client; content:"GET"; http_method; content:"/346/e9d8dsf3er34kjer433j4j4d9s9cv03kds929fd93tj4h34kfkg43d9cv9349fdf04k4j4nk455n.hta"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682292/; classtype:trojan-activity;sid:84545392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682291)"; flow:established,from_client; content:"GET"; http_method; content:"/080521.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682291/; classtype:trojan-activity;sid:84545391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.5.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682290/; classtype:trojan-activity;sid:84545390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682289)"; flow:established,from_client; content:"GET"; http_method; content:"/engineer.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"84.200.80.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682289/; classtype:trojan-activity;sid:84545389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682288)"; flow:established,from_client; content:"GET"; http_method; content:"/omphaloncus.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.sharmanshawls.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682288/; classtype:trojan-activity;sid:84545388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682287)"; flow:established,from_client; content:"GET"; http_method; content:"/17.mp4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.sharmanshawls.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682287/; classtype:trojan-activity;sid:84545387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682286)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=dwx67ylh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6901420.bl8205.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682286/; classtype:trojan-activity;sid:84545386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682285)"; flow:established,from_client; content:"GET"; http_method; content:"/ggcam5y5or.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"spark7.syc0aq8uy1.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682285/; classtype:trojan-activity;sid:84545385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.2.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682284/; classtype:trojan-activity;sid:84545384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682283)"; flow:established,from_client; content:"GET"; http_method; content:"/uyy.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spinmaha.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682283/; classtype:trojan-activity;sid:84545383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682282)"; flow:established,from_client; content:"GET"; http_method; content:"/436ipyay7s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"spark7.syc0aq8uy1.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682282/; classtype:trojan-activity;sid:84545382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682281)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=rdw5o651"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"777012.bl8205.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682281/; classtype:trojan-activity;sid:84545381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682280)"; flow:established,from_client; content:"GET"; http_method; content:"/580/dfg90erhj34h0g0dfg0cvcv00340sfsdf84fdcv9bv0cv03dfiu3200fdsf23sdfvb90cvb90030gdfg0cvb09c0b0.txt"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"198.46.173.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682280/; classtype:trojan-activity;sid:84545380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682279)"; flow:established,from_client; content:"GET"; http_method; content:"/580/dfg90erhj34h0g0dfg0cvcv00340sfsdf84fdcv9bv0cv03dfiu3200fdsf23sdfvb90cvb90030gdfg0cvb09c0b0.hta"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"198.46.173.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682279/; classtype:trojan-activity;sid:84545379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682278/; classtype:trojan-activity;sid:84545378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682276)"; flow:established,from_client; content:"GET"; http_method; content:"/mojocumserver_encrypted.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.245.246.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682276/; classtype:trojan-activity;sid:84545376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682277)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fn-7pq-q9eizpjzkff_lnmsbjgj0qi74"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682277/; classtype:trojan-activity;sid:84545377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682274)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tykh9symcw4qlhz5qhkw5q5g2vcxfhlb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682274/; classtype:trojan-activity;sid:84545374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682275)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dqlhek9tgp1nzspbodfdh9cku_efw9fe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682275/; classtype:trojan-activity;sid:84545375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682273)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sfuydhrmm2ypseejq0w3xuwt2ndt6zt8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682273/; classtype:trojan-activity;sid:84545373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682272)"; flow:established,from_client; content:"GET"; http_method; content:"/1019.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pub-3df3bd0a00214b4f9102f645511ab7ad.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682272/; classtype:trojan-activity;sid:84545372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682271)"; flow:established,from_client; content:"GET"; http_method; content:"/5/items/msi-pro-with-b-64_20251015_1424/msi_pro_with_b64.png"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"ia801000.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682271/; classtype:trojan-activity;sid:84545371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682270)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/xxblessingsnow.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"katyache.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682270/; classtype:trojan-activity;sid:84545370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682269)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=g82ees8o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"30951.bl8205.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682269/; classtype:trojan-activity;sid:84545369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682265)"; flow:established,from_client; content:"GET"; http_method; content:"/mjazyzbcdvy.mp3"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.115.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682265/; classtype:trojan-activity;sid:84545365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682266)"; flow:established,from_client; content:"GET"; http_method; content:"/jnpgn.mp3"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.115.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682266/; classtype:trojan-activity;sid:84545366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682267)"; flow:established,from_client; content:"GET"; http_method; content:"/evsep.wav"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.115.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682267/; classtype:trojan-activity;sid:84545367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682268)"; flow:established,from_client; content:"GET"; http_method; content:"/sqyckizlatz.mp3"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.115.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682268/; classtype:trojan-activity;sid:84545368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682263)"; flow:established,from_client; content:"GET"; http_method; content:"/yjwteskq.mp3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.115.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682263/; classtype:trojan-activity;sid:84545363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682264)"; flow:established,from_client; content:"GET"; http_method; content:"/oqgqpuqb.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.115.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682264/; classtype:trojan-activity;sid:84545364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682261)"; flow:established,from_client; content:"GET"; http_method; content:"/xrpsdqyiazi.wav"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.115.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682261/; classtype:trojan-activity;sid:84545361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682262)"; flow:established,from_client; content:"GET"; http_method; content:"/blyagypsnzy.mp3"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.115.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682262/; classtype:trojan-activity;sid:84545362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682260)"; flow:established,from_client; content:"GET"; http_method; content:"/vtwhpvycw.mp3"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.115.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682260/; classtype:trojan-activity;sid:84545360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.119.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682259/; classtype:trojan-activity;sid:84545359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.28.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682258/; classtype:trojan-activity;sid:84545358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682256)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=75b24uqj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8427.bl8205.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682256/; classtype:trojan-activity;sid:84545356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682257)"; flow:established,from_client; content:"GET"; http_method; content:"/tahpfa188n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"clears.syc0aq8uy1.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682257/; classtype:trojan-activity;sid:84545357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.119.110.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682255/; classtype:trojan-activity;sid:84545355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.21.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682254/; classtype:trojan-activity;sid:84545354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682253)"; flow:established,from_client; content:"GET"; http_method; content:"/08ag7rpmdq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"clears.syc0aq8uy1.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682253/; classtype:trojan-activity;sid:84545353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682252)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=8l8o2d35"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"501.bl8205.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682252/; classtype:trojan-activity;sid:84545352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.28.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682251/; classtype:trojan-activity;sid:84545351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.226.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682250/; classtype:trojan-activity;sid:84545350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.119.110.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682249/; classtype:trojan-activity;sid:84545349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.27.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682248/; classtype:trojan-activity;sid:84545348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.86.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682247/; classtype:trojan-activity;sid:84545347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.97.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682246/; classtype:trojan-activity;sid:84545346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.21.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682245/; classtype:trojan-activity;sid:84545345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.158.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682244/; classtype:trojan-activity;sid:84545344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682243)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.247.185.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682243/; classtype:trojan-activity;sid:84545343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.129.1.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682242/; classtype:trojan-activity;sid:84545342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.97.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682241/; classtype:trojan-activity;sid:84545341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.126.86.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682240/; classtype:trojan-activity;sid:84545340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.115.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682239/; classtype:trojan-activity;sid:84545339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.158.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682238/; classtype:trojan-activity;sid:84545338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682237/; classtype:trojan-activity;sid:84545337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.253.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682236/; classtype:trojan-activity;sid:84545336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.226.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682235/; classtype:trojan-activity;sid:84545335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.27.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682234/; classtype:trojan-activity;sid:84545334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.115.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682233/; classtype:trojan-activity;sid:84545333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.221.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682232/; classtype:trojan-activity;sid:84545332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.12.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682231/; classtype:trojan-activity;sid:84545331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.157.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682230/; classtype:trojan-activity;sid:84545330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682229/; classtype:trojan-activity;sid:84545329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.93.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682228/; classtype:trojan-activity;sid:84545328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.12.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682227/; classtype:trojan-activity;sid:84545327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.168.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682226/; classtype:trojan-activity;sid:84545326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.85.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682225/; classtype:trojan-activity;sid:84545325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.250.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682224/; classtype:trojan-activity;sid:84545324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.164.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682223/; classtype:trojan-activity;sid:84545323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.4.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682222/; classtype:trojan-activity;sid:84545322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.73.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682221/; classtype:trojan-activity;sid:84545321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.142.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682220/; classtype:trojan-activity;sid:84545320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.106.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682219/; classtype:trojan-activity;sid:84545319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682218/; classtype:trojan-activity;sid:84545318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.253.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682217/; classtype:trojan-activity;sid:84545317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.73.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682216/; classtype:trojan-activity;sid:84545316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.83.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682213/; classtype:trojan-activity;sid:84545313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.168.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682214/; classtype:trojan-activity;sid:84545314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682215/; classtype:trojan-activity;sid:84545315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.197.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682211/; classtype:trojan-activity;sid:84545311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682212/; classtype:trojan-activity;sid:84545312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.142.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682210/; classtype:trojan-activity;sid:84545310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.168.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682209/; classtype:trojan-activity;sid:84545309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.83.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682208/; classtype:trojan-activity;sid:84545308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.151.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682207/; classtype:trojan-activity;sid:84545307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.251.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682205/; classtype:trojan-activity;sid:84545305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.142.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682206/; classtype:trojan-activity;sid:84545306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.59.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682204/; classtype:trojan-activity;sid:84545304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.84.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682203/; classtype:trojan-activity;sid:84545303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.137.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682199/; classtype:trojan-activity;sid:84545299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.42.19.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682200/; classtype:trojan-activity;sid:84545300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.194.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682201/; classtype:trojan-activity;sid:84545301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682202/; classtype:trojan-activity;sid:84545302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rutube.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"partner-rutube.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682198/; classtype:trojan-activity;sid:84545298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682197)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6384715690/eecafmy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682197/; classtype:trojan-activity;sid:84545297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.113.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682196/; classtype:trojan-activity;sid:84545296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.2.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682195/; classtype:trojan-activity;sid:84545295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.151.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682194/; classtype:trojan-activity;sid:84545294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.128.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682193/; classtype:trojan-activity;sid:84545293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.146.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682192/; classtype:trojan-activity;sid:84545292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.59.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682191/; classtype:trojan-activity;sid:84545291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.12.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682190/; classtype:trojan-activity;sid:84545290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.113.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682189/; classtype:trojan-activity;sid:84545289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682187/; classtype:trojan-activity;sid:84545287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.86.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682188/; classtype:trojan-activity;sid:84545288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.41.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682186/; classtype:trojan-activity;sid:84545286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.64.250.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682185/; classtype:trojan-activity;sid:84545285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682184/; classtype:trojan-activity;sid:84545284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.165.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682183/; classtype:trojan-activity;sid:84545283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.151.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682182/; classtype:trojan-activity;sid:84545282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.86.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682181/; classtype:trojan-activity;sid:84545281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.4.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682180/; classtype:trojan-activity;sid:84545280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.64.250.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682179/; classtype:trojan-activity;sid:84545279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.41.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682178/; classtype:trojan-activity;sid:84545278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.212.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682177/; classtype:trojan-activity;sid:84545277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.236.184.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682176/; classtype:trojan-activity;sid:84545276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.81.99.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682175/; classtype:trojan-activity;sid:84545275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.146.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682174/; classtype:trojan-activity;sid:84545274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.246.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682173/; classtype:trojan-activity;sid:84545273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.81.99.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682172/; classtype:trojan-activity;sid:84545272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.245.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682171/; classtype:trojan-activity;sid:84545271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.151.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682170/; classtype:trojan-activity;sid:84545270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682169/; classtype:trojan-activity;sid:84545269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682166)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682166/; classtype:trojan-activity;sid:84545266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682167)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682167/; classtype:trojan-activity;sid:84545267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682168)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.132.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682168/; classtype:trojan-activity;sid:84545268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682165)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682165/; classtype:trojan-activity;sid:84545265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682163)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682163/; classtype:trojan-activity;sid:84545263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682164)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682164/; classtype:trojan-activity;sid:84545264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682160)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.x86_64"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682160/; classtype:trojan-activity;sid:84545260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682161)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.i686"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682161/; classtype:trojan-activity;sid:84545261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682162)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682162/; classtype:trojan-activity;sid:84545262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682159)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682159/; classtype:trojan-activity;sid:84545259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682157)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682157/; classtype:trojan-activity;sid:84545257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682158)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682158/; classtype:trojan-activity;sid:84545258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682155)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682155/; classtype:trojan-activity;sid:84545255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682156)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682156/; classtype:trojan-activity;sid:84545256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682152)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682152/; classtype:trojan-activity;sid:84545252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682153)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682153/; classtype:trojan-activity;sid:84545253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682154)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682154/; classtype:trojan-activity;sid:84545254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682150)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682150/; classtype:trojan-activity;sid:84545250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682151)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.arm5"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682151/; classtype:trojan-activity;sid:84545251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682144)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.m68k"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682144/; classtype:trojan-activity;sid:84545244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682145)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.arm6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682145/; classtype:trojan-activity;sid:84545245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682146)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682146/; classtype:trojan-activity;sid:84545246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682147)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.arm7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682147/; classtype:trojan-activity;sid:84545247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682148)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682148/; classtype:trojan-activity;sid:84545248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682149)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682149/; classtype:trojan-activity;sid:84545249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682138)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.i468"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682138/; classtype:trojan-activity;sid:84545238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682139)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682139/; classtype:trojan-activity;sid:84545239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682140)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682140/; classtype:trojan-activity;sid:84545240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682141)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682141/; classtype:trojan-activity;sid:84545241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682142)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.x86"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682142/; classtype:trojan-activity;sid:84545242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682143)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682143/; classtype:trojan-activity;sid:84545243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682133)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.spc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682133/; classtype:trojan-activity;sid:84545233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682134)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.i686"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682134/; classtype:trojan-activity;sid:84545234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682135)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682135/; classtype:trojan-activity;sid:84545235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682136)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.i468"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682136/; classtype:trojan-activity;sid:84545236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682137)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.arm"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682137/; classtype:trojan-activity;sid:84545237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682125)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682125/; classtype:trojan-activity;sid:84545225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682126)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.arm5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682126/; classtype:trojan-activity;sid:84545226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682127)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682127/; classtype:trojan-activity;sid:84545227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682128)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682128/; classtype:trojan-activity;sid:84545228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682129)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682129/; classtype:trojan-activity;sid:84545229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682130)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682130/; classtype:trojan-activity;sid:84545230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682131)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682131/; classtype:trojan-activity;sid:84545231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682132)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682132/; classtype:trojan-activity;sid:84545232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682124)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.132.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682124/; classtype:trojan-activity;sid:84545224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682123)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.arc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682123/; classtype:trojan-activity;sid:84545223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682122)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.mpsl"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682122/; classtype:trojan-activity;sid:84545222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682104)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.x86"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682104/; classtype:trojan-activity;sid:84545204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682105)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682105/; classtype:trojan-activity;sid:84545205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682106)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682106/; classtype:trojan-activity;sid:84545206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682107)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682107/; classtype:trojan-activity;sid:84545207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682108)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682108/; classtype:trojan-activity;sid:84545208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682109)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682109/; classtype:trojan-activity;sid:84545209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682110)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682110/; classtype:trojan-activity;sid:84545210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682111)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682111/; classtype:trojan-activity;sid:84545211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682112)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.spc"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682112/; classtype:trojan-activity;sid:84545212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682113)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.sh4"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682113/; classtype:trojan-activity;sid:84545213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682114)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682114/; classtype:trojan-activity;sid:84545214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682115)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.arm"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682115/; classtype:trojan-activity;sid:84545215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682116)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682116/; classtype:trojan-activity;sid:84545216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682117)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682117/; classtype:trojan-activity;sid:84545217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682118)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682118/; classtype:trojan-activity;sid:84545218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682119)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682119/; classtype:trojan-activity;sid:84545219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682120)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.ppc"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682120/; classtype:trojan-activity;sid:84545220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682121)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.mips"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682121/; classtype:trojan-activity;sid:84545221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682102)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.arc"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682102/; classtype:trojan-activity;sid:84545202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682103)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.i468"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682103/; classtype:trojan-activity;sid:84545203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682100)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.sh4"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682100/; classtype:trojan-activity;sid:84545200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682101)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.mpsl"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682101/; classtype:trojan-activity;sid:84545201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682089)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sparc"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682089/; classtype:trojan-activity;sid:84545189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682090)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.arm7"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682090/; classtype:trojan-activity;sid:84545190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682091)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.m68k"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682091/; classtype:trojan-activity;sid:84545191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682092)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.x86_64"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682092/; classtype:trojan-activity;sid:84545192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682093)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.arm6"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682093/; classtype:trojan-activity;sid:84545193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682094)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682094/; classtype:trojan-activity;sid:84545194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682095)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.i468"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682095/; classtype:trojan-activity;sid:84545195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682096)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.ppc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682096/; classtype:trojan-activity;sid:84545196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682097)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus.i468"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682097/; classtype:trojan-activity;sid:84545197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682098)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/i468"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682098/; classtype:trojan-activity;sid:84545198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682099)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682099/; classtype:trojan-activity;sid:84545199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682088)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/check0spamhaus0org.mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682088/; classtype:trojan-activity;sid:84545188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.246.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682087/; classtype:trojan-activity;sid:84545187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.58.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682086/; classtype:trojan-activity;sid:84545186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.245.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682085/; classtype:trojan-activity;sid:84545185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682084/; classtype:trojan-activity;sid:84545184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682083)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost46quasarlightbuz/musical-palm-tree/releases/download/asas/launcher.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682083/; classtype:trojan-activity;sid:84545183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682082)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682082/; classtype:trojan-activity;sid:84545182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682081)"; flow:established,from_client; content:"GET"; http_method; content:"/fusk007htznroff/clag29awmss39p62iytc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.155.69.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682081/; classtype:trojan-activity;sid:84545181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682074)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682074/; classtype:trojan-activity;sid:84545174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682075)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682075/; classtype:trojan-activity;sid:84545175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682076/; classtype:trojan-activity;sid:84545176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682077)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682077/; classtype:trojan-activity;sid:84545177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682078)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682078/; classtype:trojan-activity;sid:84545178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682079)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682079/; classtype:trojan-activity;sid:84545179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682080)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682080/; classtype:trojan-activity;sid:84545180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682073)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682073/; classtype:trojan-activity;sid:84545173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682069)"; flow:established,from_client; content:"GET"; http_method; content:"/fusk007htznroff/gopqu3gba8nu3cwqsgvh"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.155.69.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682069/; classtype:trojan-activity;sid:84545169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682070)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682070/; classtype:trojan-activity;sid:84545170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682071)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682071/; classtype:trojan-activity;sid:84545171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682072)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682072/; classtype:trojan-activity;sid:84545172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682066)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8157715441/fwjptd5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682066/; classtype:trojan-activity;sid:84545166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682067)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7243644664/d36txlx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682067/; classtype:trojan-activity;sid:84545167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682065)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7269512085/04meffx.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682065/; classtype:trojan-activity;sid:84545165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682062)"; flow:established,from_client; content:"GET"; http_method; content:"/fusk007htznroff/gopqu3gba8nu3cwqsgvh"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bla.backloghelme.digital"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682062/; classtype:trojan-activity;sid:84545162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682063)"; flow:established,from_client; content:"GET"; http_method; content:"/download/838c6d81-d61b-4a27-8862-486af361f6a8.bat"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"tytbit.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682063/; classtype:trojan-activity;sid:84545163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682064)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682064/; classtype:trojan-activity;sid:84545164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682056)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682056/; classtype:trojan-activity;sid:84545156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682057)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682057/; classtype:trojan-activity;sid:84545157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682058)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682058/; classtype:trojan-activity;sid:84545158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682059)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682059/; classtype:trojan-activity;sid:84545159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682060)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682060/; classtype:trojan-activity;sid:84545160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682061)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682061/; classtype:trojan-activity;sid:84545161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682048)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682048/; classtype:trojan-activity;sid:84545148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682049)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682049/; classtype:trojan-activity;sid:84545149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682050)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682050/; classtype:trojan-activity;sid:84545150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682051)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682051/; classtype:trojan-activity;sid:84545151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682052)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682052/; classtype:trojan-activity;sid:84545152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682053)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682053/; classtype:trojan-activity;sid:84545153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682054)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682054/; classtype:trojan-activity;sid:84545154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682055)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682055/; classtype:trojan-activity;sid:84545155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682041)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/lummac2.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.melonity.gg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682041/; classtype:trojan-activity;sid:84545141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682042)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682042/; classtype:trojan-activity;sid:84545142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682040)"; flow:established,from_client; content:"GET"; http_method; content:"/fusk007htznroff/clag29awmss39p62iytc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bla.backloghelme.digital"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682040/; classtype:trojan-activity;sid:84545140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.218.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682039/; classtype:trojan-activity;sid:84545139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.0.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682038/; classtype:trojan-activity;sid:84545138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.197.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682037/; classtype:trojan-activity;sid:84545137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.169.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682036/; classtype:trojan-activity;sid:84545136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682035)"; flow:established,from_client; content:"GET"; http_method; content:"/nnrwi0cj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"324.5m9081.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682035/; classtype:trojan-activity;sid:84545135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.105.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682034/; classtype:trojan-activity;sid:84545134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.200.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682033/; classtype:trojan-activity;sid:84545133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682032/; classtype:trojan-activity;sid:84545132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.200.122.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682031/; classtype:trojan-activity;sid:84545131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.20.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682030/; classtype:trojan-activity;sid:84545130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.41.213.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682029/; classtype:trojan-activity;sid:84545129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.98.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682028/; classtype:trojan-activity;sid:84545128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.196.78.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682027/; classtype:trojan-activity;sid:84545127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.0.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682026/; classtype:trojan-activity;sid:84545126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.237.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682025/; classtype:trojan-activity;sid:84545125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.200.122.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682024/; classtype:trojan-activity;sid:84545124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.41.213.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682023/; classtype:trojan-activity;sid:84545123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.98.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682022/; classtype:trojan-activity;sid:84545122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.212.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682021/; classtype:trojan-activity;sid:84545121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.102.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682020/; classtype:trojan-activity;sid:84545120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.212.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682019/; classtype:trojan-activity;sid:84545119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.14.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682018/; classtype:trojan-activity;sid:84545118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.227.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682017/; classtype:trojan-activity;sid:84545117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.157.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682016/; classtype:trojan-activity;sid:84545116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.216.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682015/; classtype:trojan-activity;sid:84545115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.178.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682014/; classtype:trojan-activity;sid:84545114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.252.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682012/; classtype:trojan-activity;sid:84545112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.227.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682013/; classtype:trojan-activity;sid:84545113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.216.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682011/; classtype:trojan-activity;sid:84545111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.60.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682010/; classtype:trojan-activity;sid:84545110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.227.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682009/; classtype:trojan-activity;sid:84545109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.14.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682008/; classtype:trojan-activity;sid:84545108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682007)"; flow:established,from_client; content:"GET"; http_method; content:"/crypted.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682007/; classtype:trojan-activity;sid:84545107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682006)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5418417533/mba3nkv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682006/; classtype:trojan-activity;sid:84545106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682005)"; flow:established,from_client; content:"GET"; http_method; content:"/files/emmaruiz238/random.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682005/; classtype:trojan-activity;sid:84545105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682004)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6260444824/2scqqw9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682004/; classtype:trojan-activity;sid:84545104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682003)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1242384682/xazrt5l.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682003/; classtype:trojan-activity;sid:84545103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682002)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/vwzwum3.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682002/; classtype:trojan-activity;sid:84545102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682001)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1918352027/fodm6ct.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682001/; classtype:trojan-activity;sid:84545101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.244.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682000/; classtype:trojan-activity;sid:84545100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681998)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6231240258/xnmxr27.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681998/; classtype:trojan-activity;sid:84545098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681999)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7080596861/fmqn2zm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681999/; classtype:trojan-activity;sid:84545099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681997)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/yrsgdtx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681997/; classtype:trojan-activity;sid:84545097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681996)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8350398681/kb6mhzw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681996/; classtype:trojan-activity;sid:84545096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.254.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681995/; classtype:trojan-activity;sid:84545095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681994/; classtype:trojan-activity;sid:84545094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.252.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681993/; classtype:trojan-activity;sid:84545093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.60.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681992/; classtype:trojan-activity;sid:84545092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.110.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681991/; classtype:trojan-activity;sid:84545091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.245.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681990/; classtype:trojan-activity;sid:84545090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.78.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681989/; classtype:trojan-activity;sid:84545089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.254.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681988/; classtype:trojan-activity;sid:84545088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.53.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681986/; classtype:trojan-activity;sid:84545086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681987/; classtype:trojan-activity;sid:84545087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681985/; classtype:trojan-activity;sid:84545085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.78.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681984/; classtype:trojan-activity;sid:84545084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.96.108.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681983/; classtype:trojan-activity;sid:84545083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.110.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681982/; classtype:trojan-activity;sid:84545082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.78.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681981/; classtype:trojan-activity;sid:84545081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681980)"; flow:established,from_client; content:"GET"; http_method; content:"/0/items/optimized_msi_20251017_0233/optimized_msi.png"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"dn721508.ca.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681980/; classtype:trojan-activity;sid:84545080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.243.214.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681979/; classtype:trojan-activity;sid:84545079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.151.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681977/; classtype:trojan-activity;sid:84545077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.227.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681978/; classtype:trojan-activity;sid:84545078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681973)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681973/; classtype:trojan-activity;sid:84545073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681974)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681974/; classtype:trojan-activity;sid:84545074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.100.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681975/; classtype:trojan-activity;sid:84545075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.189.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681976/; classtype:trojan-activity;sid:84545076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681968)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681968/; classtype:trojan-activity;sid:84545068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681969)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681969/; classtype:trojan-activity;sid:84545069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681970)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681970/; classtype:trojan-activity;sid:84545070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681971)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681971/; classtype:trojan-activity;sid:84545071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681972)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681972/; classtype:trojan-activity;sid:84545072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681964)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681964/; classtype:trojan-activity;sid:84545064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681965)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681965/; classtype:trojan-activity;sid:84545065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681966)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681966/; classtype:trojan-activity;sid:84545066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681967)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681967/; classtype:trojan-activity;sid:84545067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.5.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681963/; classtype:trojan-activity;sid:84545063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.119.237.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681962/; classtype:trojan-activity;sid:84545062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681961/; classtype:trojan-activity;sid:84545061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.163.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681960/; classtype:trojan-activity;sid:84545060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.242.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681959/; classtype:trojan-activity;sid:84545059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.55.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681958/; classtype:trojan-activity;sid:84545058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.51.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681957/; classtype:trojan-activity;sid:84545057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.244.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681956/; classtype:trojan-activity;sid:84545056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.245.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681955/; classtype:trojan-activity;sid:84545055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.244.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681954/; classtype:trojan-activity;sid:84545054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.85.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681953/; classtype:trojan-activity;sid:84545053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681952/; classtype:trojan-activity;sid:84545052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681951/; classtype:trojan-activity;sid:84545051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681950/; classtype:trojan-activity;sid:84545050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.51.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681949/; classtype:trojan-activity;sid:84545049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.135.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681948/; classtype:trojan-activity;sid:84545048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.179.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681947/; classtype:trojan-activity;sid:84545047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.187.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681946/; classtype:trojan-activity;sid:84545046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681945/; classtype:trojan-activity;sid:84545045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.213.132.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681944/; classtype:trojan-activity;sid:84545044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.135.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681943/; classtype:trojan-activity;sid:84545043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681940)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681940/; classtype:trojan-activity;sid:84545040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681941)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681941/; classtype:trojan-activity;sid:84545041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681942)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681942/; classtype:trojan-activity;sid:84545042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681938)"; flow:established,from_client; content:"GET"; http_method; content:"/load.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681938/; classtype:trojan-activity;sid:84545038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681939)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681939/; classtype:trojan-activity;sid:84545039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.242.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681937/; classtype:trojan-activity;sid:84545037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.189.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681935/; classtype:trojan-activity;sid:84545035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681936/; classtype:trojan-activity;sid:84545036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.50.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681934/; classtype:trojan-activity;sid:84545034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.143.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681933/; classtype:trojan-activity;sid:84545033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681932/; classtype:trojan-activity;sid:84545032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.212.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681931/; classtype:trojan-activity;sid:84545031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.173.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681930/; classtype:trojan-activity;sid:84545030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.143.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681929/; classtype:trojan-activity;sid:84545029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.173.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681928/; classtype:trojan-activity;sid:84545028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.31.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681927/; classtype:trojan-activity;sid:84545027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681926/; classtype:trojan-activity;sid:84545026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.151.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681925/; classtype:trojan-activity;sid:84545025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.59.186.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681924/; classtype:trojan-activity;sid:84545024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681923/; classtype:trojan-activity;sid:84545023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.151.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681922/; classtype:trojan-activity;sid:84545022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.252.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681921/; classtype:trojan-activity;sid:84545021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.109.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681920/; classtype:trojan-activity;sid:84545020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.45.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681919/; classtype:trojan-activity;sid:84545019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.188.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681918/; classtype:trojan-activity;sid:84545018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681917/; classtype:trojan-activity;sid:84545017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681916/; classtype:trojan-activity;sid:84545016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.246.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681915/; classtype:trojan-activity;sid:84545015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681914/; classtype:trojan-activity;sid:84545014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.109.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681913/; classtype:trojan-activity;sid:84545013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.252.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681912/; classtype:trojan-activity;sid:84545012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.45.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681911/; classtype:trojan-activity;sid:84545011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.196.78.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681910/; classtype:trojan-activity;sid:84545010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.58.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681908/; classtype:trojan-activity;sid:84545008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.225.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681909/; classtype:trojan-activity;sid:84545009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.117.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681907/; classtype:trojan-activity;sid:84545007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681906/; classtype:trojan-activity;sid:84545006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681905/; classtype:trojan-activity;sid:84545005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.116.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681904/; classtype:trojan-activity;sid:84545004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.246.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681903/; classtype:trojan-activity;sid:84545003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.58.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681902/; classtype:trojan-activity;sid:84545002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.117.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681901/; classtype:trojan-activity;sid:84545001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.4.39"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681900/; classtype:trojan-activity;sid:84545000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.76.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681899/; classtype:trojan-activity;sid:84544999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681898/; classtype:trojan-activity;sid:84544998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.207.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681897/; classtype:trojan-activity;sid:84544997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.149.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681896/; classtype:trojan-activity;sid:84544996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.180.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681895/; classtype:trojan-activity;sid:84544995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.168.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681894/; classtype:trojan-activity;sid:84544994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.34.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681893/; classtype:trojan-activity;sid:84544993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.89.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681892/; classtype:trojan-activity;sid:84544992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.76.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681891/; classtype:trojan-activity;sid:84544991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.77.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681890/; classtype:trojan-activity;sid:84544990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681889/; classtype:trojan-activity;sid:84544989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.149.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681888/; classtype:trojan-activity;sid:84544988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.244.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681887/; classtype:trojan-activity;sid:84544987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.12.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681886/; classtype:trojan-activity;sid:84544986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.77.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681885/; classtype:trojan-activity;sid:84544985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.18.208.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681884/; classtype:trojan-activity;sid:84544984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.45.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681883/; classtype:trojan-activity;sid:84544983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.77.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681881/; classtype:trojan-activity;sid:84544981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.34.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681882/; classtype:trojan-activity;sid:84544982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.129.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681880/; classtype:trojan-activity;sid:84544980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.103.0.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681879/; classtype:trojan-activity;sid:84544979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.31.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681877/; classtype:trojan-activity;sid:84544977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.168.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681878/; classtype:trojan-activity;sid:84544978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.241.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681871/; classtype:trojan-activity;sid:84544971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.66.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681872/; classtype:trojan-activity;sid:84544972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.112.44.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681873/; classtype:trojan-activity;sid:84544973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.242.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681874/; classtype:trojan-activity;sid:84544974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681875/; classtype:trojan-activity;sid:84544975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.240.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681876/; classtype:trojan-activity;sid:84544976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.188.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681867/; classtype:trojan-activity;sid:84544967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681868)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681868/; classtype:trojan-activity;sid:84544968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681869)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681869/; classtype:trojan-activity;sid:84544969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681870)"; flow:established,from_client; content:"GET"; http_method; content:"/133709/mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681870/; classtype:trojan-activity;sid:84544970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681866/; classtype:trojan-activity;sid:84544966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.103.0.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681865/; classtype:trojan-activity;sid:84544965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.230.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681864/; classtype:trojan-activity;sid:84544964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681863)"; flow:established,from_client; content:"GET"; http_method; content:"/die.x86_84"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681863/; classtype:trojan-activity;sid:84544963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681861)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.x86_84"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681861/; classtype:trojan-activity;sid:84544961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681862)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.x86_84"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681862/; classtype:trojan-activity;sid:84544962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.12.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681860/; classtype:trojan-activity;sid:84544960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681859)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_84"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681859/; classtype:trojan-activity;sid:84544959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681851)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.x86_84"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681851/; classtype:trojan-activity;sid:84544951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681852)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.x86_84"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681852/; classtype:trojan-activity;sid:84544952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681853)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_84"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681853/; classtype:trojan-activity;sid:84544953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681854)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.x86_84"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681854/; classtype:trojan-activity;sid:84544954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681855)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.x86_84"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681855/; classtype:trojan-activity;sid:84544955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681856)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.x86_84"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681856/; classtype:trojan-activity;sid:84544956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681857)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.x86_84"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681857/; classtype:trojan-activity;sid:84544957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681858)"; flow:established,from_client; content:"GET"; http_method; content:"/system.x86_84"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681858/; classtype:trojan-activity;sid:84544958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.216.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681850/; classtype:trojan-activity;sid:84544950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.176.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681849/; classtype:trojan-activity;sid:84544949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681846)"; flow:established,from_client; content:"GET"; http_method; content:"/px86_32"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681846/; classtype:trojan-activity;sid:84544946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681847)"; flow:established,from_client; content:"GET"; http_method; content:"/china.x86_84"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681847/; classtype:trojan-activity;sid:84544947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681848)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.x86_84"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681848/; classtype:trojan-activity;sid:84544948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.174.62.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681845/; classtype:trojan-activity;sid:84544945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.244.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681844/; classtype:trojan-activity;sid:84544944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.4.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681843/; classtype:trojan-activity;sid:84544943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.174.62.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681842/; classtype:trojan-activity;sid:84544942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681841)"; flow:established,from_client; content:"GET"; http_method; content:"/anapjqaf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sit.ngiz5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681841/; classtype:trojan-activity;sid:84544941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.176.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681840/; classtype:trojan-activity;sid:84544940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.168.0.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681839/; classtype:trojan-activity;sid:84544939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.148.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681838/; classtype:trojan-activity;sid:84544938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681837)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.mips"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681837/; classtype:trojan-activity;sid:84544937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681836)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.ppc"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681836/; classtype:trojan-activity;sid:84544936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.161.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681835/; classtype:trojan-activity;sid:84544935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.80.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681834/; classtype:trojan-activity;sid:84544934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.4.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681833/; classtype:trojan-activity;sid:84544933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.84.134.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681832/; classtype:trojan-activity;sid:84544932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681830/; classtype:trojan-activity;sid:84544930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.161.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681831/; classtype:trojan-activity;sid:84544931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681829/; classtype:trojan-activity;sid:84544929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.84.134.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681828/; classtype:trojan-activity;sid:84544928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.232.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681827/; classtype:trojan-activity;sid:84544927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.89.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681826/; classtype:trojan-activity;sid:84544926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681825)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.spc"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681825/; classtype:trojan-activity;sid:84544925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681819)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.arm6"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681819/; classtype:trojan-activity;sid:84544919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681820)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.arm5"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681820/; classtype:trojan-activity;sid:84544920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681821)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.x86"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681821/; classtype:trojan-activity;sid:84544921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681822)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.arc"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681822/; classtype:trojan-activity;sid:84544922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681823)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.m68k"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681823/; classtype:trojan-activity;sid:84544923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681824)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681824/; classtype:trojan-activity;sid:84544924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681818)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.arm7"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681818/; classtype:trojan-activity;sid:84544918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681815)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.i686"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681815/; classtype:trojan-activity;sid:84544915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681816)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.x86_64"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681816/; classtype:trojan-activity;sid:84544916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681817)"; flow:established,from_client; content:"GET"; http_method; content:"/golden/deploy0check0spamxnxhaus0orgxnxdefense.sh4"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"196.251.115.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681817/; classtype:trojan-activity;sid:84544917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681814/; classtype:trojan-activity;sid:84544914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.188.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681813/; classtype:trojan-activity;sid:84544913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681812/; classtype:trojan-activity;sid:84544912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.188.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681811/; classtype:trojan-activity;sid:84544911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.60.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681810/; classtype:trojan-activity;sid:84544910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681809/; classtype:trojan-activity;sid:84544909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.94.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681808/; classtype:trojan-activity;sid:84544908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.173.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681807/; classtype:trojan-activity;sid:84544907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681806/; classtype:trojan-activity;sid:84544906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681805/; classtype:trojan-activity;sid:84544905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.105.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681803/; classtype:trojan-activity;sid:84544903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681804/; classtype:trojan-activity;sid:84544904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.15.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681802/; classtype:trojan-activity;sid:84544902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.94.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681801/; classtype:trojan-activity;sid:84544901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.43.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681800/; classtype:trojan-activity;sid:84544900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.18.132.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681799/; classtype:trojan-activity;sid:84544899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.173.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681798/; classtype:trojan-activity;sid:84544898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681797/; classtype:trojan-activity;sid:84544897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.229.174.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681796/; classtype:trojan-activity;sid:84544896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.105.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681795/; classtype:trojan-activity;sid:84544895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.34.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681793/; classtype:trojan-activity;sid:84544893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681794/; classtype:trojan-activity;sid:84544894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.228.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681792/; classtype:trojan-activity;sid:84544892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.18.132.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681791/; classtype:trojan-activity;sid:84544891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.37.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681790/; classtype:trojan-activity;sid:84544890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.105.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681789/; classtype:trojan-activity;sid:84544889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681788/; classtype:trojan-activity;sid:84544888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681787/; classtype:trojan-activity;sid:84544887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.29.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681786/; classtype:trojan-activity;sid:84544886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.13.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681785/; classtype:trojan-activity;sid:84544885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.251.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681784/; classtype:trojan-activity;sid:84544884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.228.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681783/; classtype:trojan-activity;sid:84544883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.129.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681782/; classtype:trojan-activity;sid:84544882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.202.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681781/; classtype:trojan-activity;sid:84544881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681780/; classtype:trojan-activity;sid:84544880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681779)"; flow:established,from_client; content:"GET"; http_method; content:"/04zdfp2z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bit.bkud4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681779/; classtype:trojan-activity;sid:84544879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.159.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681778/; classtype:trojan-activity;sid:84544878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.29.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681777/; classtype:trojan-activity;sid:84544877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.214.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681776/; classtype:trojan-activity;sid:84544876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.202.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681775/; classtype:trojan-activity;sid:84544875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.251.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681774/; classtype:trojan-activity;sid:84544874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.13.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681773/; classtype:trojan-activity;sid:84544873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.153.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681772/; classtype:trojan-activity;sid:84544872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.159.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681771/; classtype:trojan-activity;sid:84544871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.193.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681770/; classtype:trojan-activity;sid:84544870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.242.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681769/; classtype:trojan-activity;sid:84544869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.169.226.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681768/; classtype:trojan-activity;sid:84544868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681767)"; flow:established,from_client; content:"GET"; http_method; content:"/crc5qjv2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"see.ckon0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681767/; classtype:trojan-activity;sid:84544867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681766/; classtype:trojan-activity;sid:84544866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.214.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681765/; classtype:trojan-activity;sid:84544865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.124.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681764/; classtype:trojan-activity;sid:84544864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.238.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681763/; classtype:trojan-activity;sid:84544863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.218.147.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681762/; classtype:trojan-activity;sid:84544862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681761/; classtype:trojan-activity;sid:84544861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.154.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681760/; classtype:trojan-activity;sid:84544860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.238.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681759/; classtype:trojan-activity;sid:84544859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.3.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681758/; classtype:trojan-activity;sid:84544858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681757/; classtype:trojan-activity;sid:84544857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.243.214.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681755/; classtype:trojan-activity;sid:84544855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.243.214.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681756/; classtype:trojan-activity;sid:84544856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.37.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681754/; classtype:trojan-activity;sid:84544854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.32.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681753/; classtype:trojan-activity;sid:84544853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.179.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681749/; classtype:trojan-activity;sid:84544849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.22.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681750/; classtype:trojan-activity;sid:84544850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.10.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681751/; classtype:trojan-activity;sid:84544851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.93.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681752/; classtype:trojan-activity;sid:84544852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681747/; classtype:trojan-activity;sid:84544847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.69.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681748/; classtype:trojan-activity;sid:84544848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.31.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681746/; classtype:trojan-activity;sid:84544846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.200.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681745/; classtype:trojan-activity;sid:84544845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681744)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.qyz.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681744/; classtype:trojan-activity;sid:84544844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681742)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.rwx.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681742/; classtype:trojan-activity;sid:84544842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681743)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.uzz.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681743/; classtype:trojan-activity;sid:84544843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.147.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681741/; classtype:trojan-activity;sid:84544841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.255.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681740/; classtype:trojan-activity;sid:84544840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.217.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681739/; classtype:trojan-activity;sid:84544839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681738/; classtype:trojan-activity;sid:84544838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.78.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681737/; classtype:trojan-activity;sid:84544837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681736/; classtype:trojan-activity;sid:84544836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.3.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681735/; classtype:trojan-activity;sid:84544835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.40.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681734/; classtype:trojan-activity;sid:84544834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.194.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681733/; classtype:trojan-activity;sid:84544833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.66.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681732/; classtype:trojan-activity;sid:84544832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.185.93.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681731/; classtype:trojan-activity;sid:84544831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681730/; classtype:trojan-activity;sid:84544830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.130.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681729/; classtype:trojan-activity;sid:84544829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.66.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681728/; classtype:trojan-activity;sid:84544828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.185.93.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681727/; classtype:trojan-activity;sid:84544827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.130.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681726/; classtype:trojan-activity;sid:84544826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.241.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681725/; classtype:trojan-activity;sid:84544825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.157.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681724/; classtype:trojan-activity;sid:84544824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.229.54.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681723/; classtype:trojan-activity;sid:84544823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681722)"; flow:established,from_client; content:"GET"; http_method; content:"/x51vkbm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tap.cpak0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681722/; classtype:trojan-activity;sid:84544822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.4.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681721/; classtype:trojan-activity;sid:84544821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.229.54.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681720/; classtype:trojan-activity;sid:84544820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.113.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681719/; classtype:trojan-activity;sid:84544819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.122.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681718/; classtype:trojan-activity;sid:84544818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681717)"; flow:established,from_client; content:"GET"; http_method; content:"/i5x9okpo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dad.kpyb0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681717/; classtype:trojan-activity;sid:84544817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681716/; classtype:trojan-activity;sid:84544816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.214.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681715/; classtype:trojan-activity;sid:84544815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.213.34.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681714/; classtype:trojan-activity;sid:84544814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.194.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681713/; classtype:trojan-activity;sid:84544813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.72.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681712/; classtype:trojan-activity;sid:84544812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.14.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681711/; classtype:trojan-activity;sid:84544811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.14.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681710/; classtype:trojan-activity;sid:84544810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.172.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681709/; classtype:trojan-activity;sid:84544809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.213.34.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681708/; classtype:trojan-activity;sid:84544808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.238.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681707/; classtype:trojan-activity;sid:84544807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.154.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681706/; classtype:trojan-activity;sid:84544806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.37.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681705/; classtype:trojan-activity;sid:84544805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.190.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681704/; classtype:trojan-activity;sid:84544804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681703)"; flow:established,from_client; content:"GET"; http_method; content:"/whh0ndfgk0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"blackstar.bid5.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681703/; classtype:trojan-activity;sid:84544803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681702)"; flow:established,from_client; content:"GET"; http_method; content:"/lmm.check|3f|t=wwhvnbab"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hip.kduk8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681702/; classtype:trojan-activity;sid:84544802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.157.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681701/; classtype:trojan-activity;sid:84544801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681700)"; flow:established,from_client; content:"GET"; http_method; content:"/kqedli8l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dip.hxit8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681700/; classtype:trojan-activity;sid:84544800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.153.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681699/; classtype:trojan-activity;sid:84544799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.132.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681698/; classtype:trojan-activity;sid:84544798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.72.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681697/; classtype:trojan-activity;sid:84544797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.85.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681696/; classtype:trojan-activity;sid:84544796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.171.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681695/; classtype:trojan-activity;sid:84544795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.128.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681694/; classtype:trojan-activity;sid:84544794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.214.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681693/; classtype:trojan-activity;sid:84544793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.255.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681692/; classtype:trojan-activity;sid:84544792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681691/; classtype:trojan-activity;sid:84544791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.29.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681689/; classtype:trojan-activity;sid:84544789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681690/; classtype:trojan-activity;sid:84544790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681685/; classtype:trojan-activity;sid:84544785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681686/; classtype:trojan-activity;sid:84544786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681687/; classtype:trojan-activity;sid:84544787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681688/; classtype:trojan-activity;sid:84544788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681684/; classtype:trojan-activity;sid:84544784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681680/; classtype:trojan-activity;sid:84544780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681681/; classtype:trojan-activity;sid:84544781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681682/; classtype:trojan-activity;sid:84544782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681683/; classtype:trojan-activity;sid:84544783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681679/; classtype:trojan-activity;sid:84544779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.132.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681678/; classtype:trojan-activity;sid:84544778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681677)"; flow:established,from_client; content:"GET"; http_method; content:"/q2n41a09jl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lace.bid5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681677/; classtype:trojan-activity;sid:84544777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681676)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=ao3wqho2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"160287.u521483.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681676/; classtype:trojan-activity;sid:84544776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.2.213"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681675/; classtype:trojan-activity;sid:84544775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.149.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681674/; classtype:trojan-activity;sid:84544774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681672)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=061tq9d5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"93055.u521483.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681672/; classtype:trojan-activity;sid:84544772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681673)"; flow:established,from_client; content:"GET"; http_method; content:"/sixb0kejta.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dim.bid5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681673/; classtype:trojan-activity;sid:84544773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681670/; classtype:trojan-activity;sid:84544770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.128.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681671/; classtype:trojan-activity;sid:84544771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681669/; classtype:trojan-activity;sid:84544769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.214.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681668/; classtype:trojan-activity;sid:84544768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681666/; classtype:trojan-activity;sid:84544766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681667/; classtype:trojan-activity;sid:84544767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681657)"; flow:established,from_client; content:"GET"; http_method; content:"/pi586"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681657/; classtype:trojan-activity;sid:84544757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681658)"; flow:established,from_client; content:"GET"; http_method; content:"/px86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681658/; classtype:trojan-activity;sid:84544758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681659)"; flow:established,from_client; content:"GET"; http_method; content:"/pppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681659/; classtype:trojan-activity;sid:84544759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681660)"; flow:established,from_client; content:"GET"; http_method; content:"/pmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681660/; classtype:trojan-activity;sid:84544760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681661)"; flow:established,from_client; content:"GET"; http_method; content:"/pmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681661/; classtype:trojan-activity;sid:84544761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681662)"; flow:established,from_client; content:"GET"; http_method; content:"/pm68k"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681662/; classtype:trojan-activity;sid:84544762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681663)"; flow:established,from_client; content:"GET"; http_method; content:"/psh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681663/; classtype:trojan-activity;sid:84544763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681664)"; flow:established,from_client; content:"GET"; http_method; content:"/parm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681664/; classtype:trojan-activity;sid:84544764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681665)"; flow:established,from_client; content:"GET"; http_method; content:"/parm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681665/; classtype:trojan-activity;sid:84544765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681652)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681652/; classtype:trojan-activity;sid:84544752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681653)"; flow:established,from_client; content:"GET"; http_method; content:"/parm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681653/; classtype:trojan-activity;sid:84544753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681654)"; flow:established,from_client; content:"GET"; http_method; content:"/parm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681654/; classtype:trojan-activity;sid:84544754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681655)"; flow:established,from_client; content:"GET"; http_method; content:"/pspc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681655/; classtype:trojan-activity;sid:84544755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681656)"; flow:established,from_client; content:"GET"; http_method; content:"/px86_64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681656/; classtype:trojan-activity;sid:84544756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.159.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681651/; classtype:trojan-activity;sid:84544751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.101.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681650/; classtype:trojan-activity;sid:84544750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.249.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681649/; classtype:trojan-activity;sid:84544749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681648)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=saqfmk0f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"034d2.u069653.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681648/; classtype:trojan-activity;sid:84544748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681647)"; flow:established,from_client; content:"GET"; http_method; content:"/3ojam8vi59.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pond.bid5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681647/; classtype:trojan-activity;sid:84544747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681646/; classtype:trojan-activity;sid:84544746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.110.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681645/; classtype:trojan-activity;sid:84544745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.5.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681644/; classtype:trojan-activity;sid:84544744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.12.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681641/; classtype:trojan-activity;sid:84544741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.119.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681642/; classtype:trojan-activity;sid:84544742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.234.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681643/; classtype:trojan-activity;sid:84544743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681640/; classtype:trojan-activity;sid:84544740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.200.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681639/; classtype:trojan-activity;sid:84544739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.193.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681638/; classtype:trojan-activity;sid:84544738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.96.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681637/; classtype:trojan-activity;sid:84544737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681636)"; flow:established,from_client; content:"GET"; http_method; content:"/r67wa878g5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"spark.bid5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681636/; classtype:trojan-activity;sid:84544736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681635)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=fo4gvvmf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"30951.u069653.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681635/; classtype:trojan-activity;sid:84544735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681634)"; flow:established,from_client; content:"GET"; http_method; content:"/1eg7fwejjn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"spark.bid5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681634/; classtype:trojan-activity;sid:84544734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681633)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=49800y7t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8427.u069653.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681633/; classtype:trojan-activity;sid:84544733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.110.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681632/; classtype:trojan-activity;sid:84544732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.174.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681631/; classtype:trojan-activity;sid:84544731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.197.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681630/; classtype:trojan-activity;sid:84544730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.108.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681629/; classtype:trojan-activity;sid:84544729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681627)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=1053vpk5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"501.u069653.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681627/; classtype:trojan-activity;sid:84544727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681628)"; flow:established,from_client; content:"GET"; http_method; content:"/tt5ps2i23n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"oak.bid5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681628/; classtype:trojan-activity;sid:84544728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.96.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681626/; classtype:trojan-activity;sid:84544726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.201.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681625/; classtype:trojan-activity;sid:84544725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.149.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681624/; classtype:trojan-activity;sid:84544724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681623)"; flow:established,from_client; content:"GET"; http_method; content:"/qlodca0d0i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"brim.bid5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681623/; classtype:trojan-activity;sid:84544723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681622)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=s21fmwfg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"581.y438414.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681622/; classtype:trojan-activity;sid:84544722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.197.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681621/; classtype:trojan-activity;sid:84544721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.182.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681620/; classtype:trojan-activity;sid:84544720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.108.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681619/; classtype:trojan-activity;sid:84544719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.33.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681618/; classtype:trojan-activity;sid:84544718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.101.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681617/; classtype:trojan-activity;sid:84544717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.63.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681616/; classtype:trojan-activity;sid:84544716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681615)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=k672czve"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"706391.y438414.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681615/; classtype:trojan-activity;sid:84544715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681614)"; flow:established,from_client; content:"GET"; http_method; content:"/j3kgp84mw6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nap.wir2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681614/; classtype:trojan-activity;sid:84544714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.188.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681613/; classtype:trojan-activity;sid:84544713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.36.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681612/; classtype:trojan-activity;sid:84544712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681611)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=k7p70y4e"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3135.y438414.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681611/; classtype:trojan-activity;sid:84544711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681610)"; flow:established,from_client; content:"GET"; http_method; content:"/zcibuz0h5b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"twig.wir2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681610/; classtype:trojan-activity;sid:84544710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.110.95.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681609/; classtype:trojan-activity;sid:84544709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681595)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681595/; classtype:trojan-activity;sid:84544695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681596)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681596/; classtype:trojan-activity;sid:84544696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681597)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681597/; classtype:trojan-activity;sid:84544697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681598)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681598/; classtype:trojan-activity;sid:84544698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681599)"; flow:established,from_client; content:"GET"; http_method; content:"/system.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681599/; classtype:trojan-activity;sid:84544699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681600)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681600/; classtype:trojan-activity;sid:84544700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681601)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681601/; classtype:trojan-activity;sid:84544701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681602)"; flow:established,from_client; content:"GET"; http_method; content:"/system.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681602/; classtype:trojan-activity;sid:84544702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681603)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681603/; classtype:trojan-activity;sid:84544703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681604)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681604/; classtype:trojan-activity;sid:84544704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681605)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681605/; classtype:trojan-activity;sid:84544705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681606)"; flow:established,from_client; content:"GET"; http_method; content:"/china.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681606/; classtype:trojan-activity;sid:84544706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681607)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681607/; classtype:trojan-activity;sid:84544707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681608)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681608/; classtype:trojan-activity;sid:84544708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681594)"; flow:established,from_client; content:"GET"; http_method; content:"/system.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681594/; classtype:trojan-activity;sid:84544694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681593)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681593/; classtype:trojan-activity;sid:84544693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681592)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681592/; classtype:trojan-activity;sid:84544692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681591)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681591/; classtype:trojan-activity;sid:84544691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681590)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681590/; classtype:trojan-activity;sid:84544690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681581)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681581/; classtype:trojan-activity;sid:84544681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681582)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681582/; classtype:trojan-activity;sid:84544682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681583)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681583/; classtype:trojan-activity;sid:84544683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681584)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681584/; classtype:trojan-activity;sid:84544684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681585)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681585/; classtype:trojan-activity;sid:84544685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681586)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681586/; classtype:trojan-activity;sid:84544686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681587)"; flow:established,from_client; content:"GET"; http_method; content:"/die.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681587/; classtype:trojan-activity;sid:84544687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681588)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681588/; classtype:trojan-activity;sid:84544688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681589)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681589/; classtype:trojan-activity;sid:84544689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681571)"; flow:established,from_client; content:"GET"; http_method; content:"/china.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681571/; classtype:trojan-activity;sid:84544671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681572)"; flow:established,from_client; content:"GET"; http_method; content:"/system.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681572/; classtype:trojan-activity;sid:84544672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681573)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681573/; classtype:trojan-activity;sid:84544673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681574)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681574/; classtype:trojan-activity;sid:84544674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681575)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681575/; classtype:trojan-activity;sid:84544675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681576)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681576/; classtype:trojan-activity;sid:84544676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681577)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681577/; classtype:trojan-activity;sid:84544677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681578)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681578/; classtype:trojan-activity;sid:84544678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681579)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681579/; classtype:trojan-activity;sid:84544679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681580)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681580/; classtype:trojan-activity;sid:84544680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681568)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681568/; classtype:trojan-activity;sid:84544668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681569)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681569/; classtype:trojan-activity;sid:84544669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681570)"; flow:established,from_client; content:"GET"; http_method; content:"/system.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681570/; classtype:trojan-activity;sid:84544670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681567)"; flow:established,from_client; content:"GET"; http_method; content:"/china.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681567/; classtype:trojan-activity;sid:84544667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681547)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681547/; classtype:trojan-activity;sid:84544647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681548)"; flow:established,from_client; content:"GET"; http_method; content:"/china.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681548/; classtype:trojan-activity;sid:84544648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681549)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681549/; classtype:trojan-activity;sid:84544649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681550)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681550/; classtype:trojan-activity;sid:84544650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681551)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681551/; classtype:trojan-activity;sid:84544651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681552)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681552/; classtype:trojan-activity;sid:84544652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681553)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681553/; classtype:trojan-activity;sid:84544653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681554)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681554/; classtype:trojan-activity;sid:84544654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681555)"; flow:established,from_client; content:"GET"; http_method; content:"/china.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681555/; classtype:trojan-activity;sid:84544655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681556)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681556/; classtype:trojan-activity;sid:84544656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681557)"; flow:established,from_client; content:"GET"; http_method; content:"/die.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681557/; classtype:trojan-activity;sid:84544657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681558)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681558/; classtype:trojan-activity;sid:84544658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681559)"; flow:established,from_client; content:"GET"; http_method; content:"/system.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681559/; classtype:trojan-activity;sid:84544659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681560)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681560/; classtype:trojan-activity;sid:84544660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681561)"; flow:established,from_client; content:"GET"; http_method; content:"/china.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681561/; classtype:trojan-activity;sid:84544661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681562)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681562/; classtype:trojan-activity;sid:84544662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681563)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681563/; classtype:trojan-activity;sid:84544663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681564)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681564/; classtype:trojan-activity;sid:84544664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681565)"; flow:established,from_client; content:"GET"; http_method; content:"/die.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681565/; classtype:trojan-activity;sid:84544665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681566)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681566/; classtype:trojan-activity;sid:84544666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681539)"; flow:established,from_client; content:"GET"; http_method; content:"/system.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681539/; classtype:trojan-activity;sid:84544639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681540)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681540/; classtype:trojan-activity;sid:84544640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681541)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681541/; classtype:trojan-activity;sid:84544641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681542)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681542/; classtype:trojan-activity;sid:84544642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681543)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681543/; classtype:trojan-activity;sid:84544643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681544)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681544/; classtype:trojan-activity;sid:84544644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681545)"; flow:established,from_client; content:"GET"; http_method; content:"/system.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681545/; classtype:trojan-activity;sid:84544645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681546)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681546/; classtype:trojan-activity;sid:84544646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681535)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681535/; classtype:trojan-activity;sid:84544635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681536)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681536/; classtype:trojan-activity;sid:84544636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681537)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681537/; classtype:trojan-activity;sid:84544637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681538)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681538/; classtype:trojan-activity;sid:84544638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681533)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681533/; classtype:trojan-activity;sid:84544633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681534)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681534/; classtype:trojan-activity;sid:84544634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681532)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681532/; classtype:trojan-activity;sid:84544632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681531)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681531/; classtype:trojan-activity;sid:84544631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681528)"; flow:established,from_client; content:"GET"; http_method; content:"/system.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681528/; classtype:trojan-activity;sid:84544628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681529)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681529/; classtype:trojan-activity;sid:84544629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681530)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681530/; classtype:trojan-activity;sid:84544630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681516)"; flow:established,from_client; content:"GET"; http_method; content:"/die.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681516/; classtype:trojan-activity;sid:84544616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681517)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681517/; classtype:trojan-activity;sid:84544617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681518)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681518/; classtype:trojan-activity;sid:84544618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681519)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681519/; classtype:trojan-activity;sid:84544619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681520)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681520/; classtype:trojan-activity;sid:84544620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681521)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681521/; classtype:trojan-activity;sid:84544621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681522)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681522/; classtype:trojan-activity;sid:84544622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681523)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681523/; classtype:trojan-activity;sid:84544623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681524)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681524/; classtype:trojan-activity;sid:84544624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681525)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681525/; classtype:trojan-activity;sid:84544625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681526)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681526/; classtype:trojan-activity;sid:84544626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681527)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681527/; classtype:trojan-activity;sid:84544627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681512)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681512/; classtype:trojan-activity;sid:84544612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681513)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681513/; classtype:trojan-activity;sid:84544613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681514)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681514/; classtype:trojan-activity;sid:84544614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681515)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681515/; classtype:trojan-activity;sid:84544615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681510)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681510/; classtype:trojan-activity;sid:84544610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681511)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681511/; classtype:trojan-activity;sid:84544611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681507)"; flow:established,from_client; content:"GET"; http_method; content:"/system.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681507/; classtype:trojan-activity;sid:84544607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681508)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681508/; classtype:trojan-activity;sid:84544608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681509)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681509/; classtype:trojan-activity;sid:84544609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681501)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681501/; classtype:trojan-activity;sid:84544601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681502)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681502/; classtype:trojan-activity;sid:84544602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681503)"; flow:established,from_client; content:"GET"; http_method; content:"/china.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681503/; classtype:trojan-activity;sid:84544603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681504)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681504/; classtype:trojan-activity;sid:84544604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681505)"; flow:established,from_client; content:"GET"; http_method; content:"/china.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681505/; classtype:trojan-activity;sid:84544605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681506)"; flow:established,from_client; content:"GET"; http_method; content:"/niga.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681506/; classtype:trojan-activity;sid:84544606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681475)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681475/; classtype:trojan-activity;sid:84544575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681476)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681476/; classtype:trojan-activity;sid:84544576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681477)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681477/; classtype:trojan-activity;sid:84544577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681478)"; flow:established,from_client; content:"GET"; http_method; content:"/die.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681478/; classtype:trojan-activity;sid:84544578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681479)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681479/; classtype:trojan-activity;sid:84544579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681480)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681480/; classtype:trojan-activity;sid:84544580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681481)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681481/; classtype:trojan-activity;sid:84544581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681482)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681482/; classtype:trojan-activity;sid:84544582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681483)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681483/; classtype:trojan-activity;sid:84544583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681484)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681484/; classtype:trojan-activity;sid:84544584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681485)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681485/; classtype:trojan-activity;sid:84544585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681486)"; flow:established,from_client; content:"GET"; http_method; content:"/die.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681486/; classtype:trojan-activity;sid:84544586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681487)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681487/; classtype:trojan-activity;sid:84544587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681488)"; flow:established,from_client; content:"GET"; http_method; content:"/prosig.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681488/; classtype:trojan-activity;sid:84544588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681489)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681489/; classtype:trojan-activity;sid:84544589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681490)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681490/; classtype:trojan-activity;sid:84544590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681491)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681491/; classtype:trojan-activity;sid:84544591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681492)"; flow:established,from_client; content:"GET"; http_method; content:"/majure.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681492/; classtype:trojan-activity;sid:84544592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681493)"; flow:established,from_client; content:"GET"; http_method; content:"/china.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681493/; classtype:trojan-activity;sid:84544593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681494)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681494/; classtype:trojan-activity;sid:84544594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681495)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681495/; classtype:trojan-activity;sid:84544595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681496)"; flow:established,from_client; content:"GET"; http_method; content:"/die.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681496/; classtype:trojan-activity;sid:84544596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681497)"; flow:established,from_client; content:"GET"; http_method; content:"/agac.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681497/; classtype:trojan-activity;sid:84544597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681498)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681498/; classtype:trojan-activity;sid:84544598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681499)"; flow:established,from_client; content:"GET"; http_method; content:"/china.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681499/; classtype:trojan-activity;sid:84544599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681500)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681500/; classtype:trojan-activity;sid:84544600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681472)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681472/; classtype:trojan-activity;sid:84544572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681473)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681473/; classtype:trojan-activity;sid:84544573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681474)"; flow:established,from_client; content:"GET"; http_method; content:"/reborn.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681474/; classtype:trojan-activity;sid:84544574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681471)"; flow:established,from_client; content:"GET"; http_method; content:"/die.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681471/; classtype:trojan-activity;sid:84544571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681469)"; flow:established,from_client; content:"GET"; http_method; content:"/die.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681469/; classtype:trojan-activity;sid:84544569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681470)"; flow:established,from_client; content:"GET"; http_method; content:"/die.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681470/; classtype:trojan-activity;sid:84544570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681468)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.google|3f|t=xq86i2q2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"925.y438414.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681468/; classtype:trojan-activity;sid:84544568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681467)"; flow:established,from_client; content:"GET"; http_method; content:"/86bwtk0cln.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"curl.wir2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681467/; classtype:trojan-activity;sid:84544567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.197.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681466/; classtype:trojan-activity;sid:84544566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681465/; classtype:trojan-activity;sid:84544565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681464/; classtype:trojan-activity;sid:84544564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.197.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681462/; classtype:trojan-activity;sid:84544562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.101.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681463/; classtype:trojan-activity;sid:84544563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681461)"; flow:established,from_client; content:"GET"; http_method; content:"/1e4shxcz7j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"curl.wir2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681461/; classtype:trojan-activity;sid:84544561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681460)"; flow:established,from_client; content:"GET"; http_method; content:"/pq14.google|3f|t=0qb3ez11"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"72563.i327147.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681460/; classtype:trojan-activity;sid:84544560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681459/; classtype:trojan-activity;sid:84544559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681458/; classtype:trojan-activity;sid:84544558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.36.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681457/; classtype:trojan-activity;sid:84544557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.63.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681456/; classtype:trojan-activity;sid:84544556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.110.42.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681455/; classtype:trojan-activity;sid:84544555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.91.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681454/; classtype:trojan-activity;sid:84544554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681453)"; flow:established,from_client; content:"GET"; http_method; content:"/5rd86vdawp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"beam.wir2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681453/; classtype:trojan-activity;sid:84544553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681452)"; flow:established,from_client; content:"GET"; http_method; content:"/3r.check|3f|t=og42seso"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"080.i327147.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681452/; classtype:trojan-activity;sid:84544552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.218.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681451/; classtype:trojan-activity;sid:84544551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.104.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681450/; classtype:trojan-activity;sid:84544550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681448)"; flow:established,from_client; content:"GET"; http_method; content:"/zz7.google|3f|t=7ys33qk2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3998107.i327147.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681448/; classtype:trojan-activity;sid:84544548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681449)"; flow:established,from_client; content:"GET"; http_method; content:"/615rrzk2cy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"beam.wir2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681449/; classtype:trojan-activity;sid:84544549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681447/; classtype:trojan-activity;sid:84544547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.123.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681446/; classtype:trojan-activity;sid:84544546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.56.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681445/; classtype:trojan-activity;sid:84544545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681444)"; flow:established,from_client; content:"GET"; http_method; content:"/file/tsbrksujekx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"workupload.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681444/; classtype:trojan-activity;sid:84544544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681443)"; flow:established,from_client; content:"GET"; http_method; content:"/bupkz2rnqywria5yzbtsiqcl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"615162.freedomandchance.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681443/; classtype:trojan-activity;sid:84544543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681441)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/mjobebi.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681441/; classtype:trojan-activity;sid:84544541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681442)"; flow:established,from_client; content:"GET"; http_method; content:"/eg7gpv3pdkvcrdmkrs3nwtsoc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"615162.freedomandchance.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681442/; classtype:trojan-activity;sid:84544542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681440)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7105629793/mi3z958.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681440/; classtype:trojan-activity;sid:84544540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681438)"; flow:established,from_client; content:"GET"; http_method; content:"/d/upbs3n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gofile.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681438/; classtype:trojan-activity;sid:84544538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681439)"; flow:established,from_client; content:"GET"; http_method; content:"/ssd.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.159.113.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681439/; classtype:trojan-activity;sid:84544539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681437)"; flow:established,from_client; content:"GET"; http_method; content:"/4a9qho1a6j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"loft.wir2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681437/; classtype:trojan-activity;sid:84544537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681436)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=tsthwk34"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"610294.i327147.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681436/; classtype:trojan-activity;sid:84544536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.252.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681435/; classtype:trojan-activity;sid:84544535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681434)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681434/; classtype:trojan-activity;sid:84544534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681424)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681424/; classtype:trojan-activity;sid:84544524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681425)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681425/; classtype:trojan-activity;sid:84544525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681426)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681426/; classtype:trojan-activity;sid:84544526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681427)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681427/; classtype:trojan-activity;sid:84544527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681428)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681428/; classtype:trojan-activity;sid:84544528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681429)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681429/; classtype:trojan-activity;sid:84544529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681430)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681430/; classtype:trojan-activity;sid:84544530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681431)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681431/; classtype:trojan-activity;sid:84544531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681432)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681432/; classtype:trojan-activity;sid:84544532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681433)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681433/; classtype:trojan-activity;sid:84544533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681422)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681422/; classtype:trojan-activity;sid:84544522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681423)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681423/; classtype:trojan-activity;sid:84544523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681419)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681419/; classtype:trojan-activity;sid:84544519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681420)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681420/; classtype:trojan-activity;sid:84544520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681421)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681421/; classtype:trojan-activity;sid:84544521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681418)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681418/; classtype:trojan-activity;sid:84544518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681416)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681416/; classtype:trojan-activity;sid:84544516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681417)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681417/; classtype:trojan-activity;sid:84544517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681414)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.62.73.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681414/; classtype:trojan-activity;sid:84544514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681415)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681415/; classtype:trojan-activity;sid:84544515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681411)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681411/; classtype:trojan-activity;sid:84544511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681412)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681412/; classtype:trojan-activity;sid:84544512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681413)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv773999.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681413/; classtype:trojan-activity;sid:84544513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.104.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681410/; classtype:trojan-activity;sid:84544510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.110.42.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681409/; classtype:trojan-activity;sid:84544509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681408)"; flow:established,from_client; content:"GET"; http_method; content:"/0am.check|3f|t=u6nxbm48"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4920.i327147.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681408/; classtype:trojan-activity;sid:84544508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681407)"; flow:established,from_client; content:"GET"; http_method; content:"/mf4qg9eld2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gem.wir2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681407/; classtype:trojan-activity;sid:84544507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.121.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681406/; classtype:trojan-activity;sid:84544506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.238.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681405/; classtype:trojan-activity;sid:84544505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681404)"; flow:established,from_client; content:"GET"; http_method; content:"/30ch4hqqm5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gem.wir2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681404/; classtype:trojan-activity;sid:84544504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681403)"; flow:established,from_client; content:"GET"; http_method; content:"/q6.google|3f|t=15hadyjd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"333.i327147.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681403/; classtype:trojan-activity;sid:84544503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.44.201.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681402/; classtype:trojan-activity;sid:84544502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.181.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681401/; classtype:trojan-activity;sid:84544501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.252.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681400/; classtype:trojan-activity;sid:84544500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.217.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681399/; classtype:trojan-activity;sid:84544499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.43.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681398/; classtype:trojan-activity;sid:84544498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.44.201.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681397/; classtype:trojan-activity;sid:84544497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.81.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681396/; classtype:trojan-activity;sid:84544496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.28.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681395/; classtype:trojan-activity;sid:84544495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.207.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681394/; classtype:trojan-activity;sid:84544494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681393)"; flow:established,from_client; content:"GET"; http_method; content:"/1kqta76p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77950.i554000.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681393/; classtype:trojan-activity;sid:84544493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681392)"; flow:established,from_client; content:"GET"; http_method; content:"/0z4.google|3f|t=a7h2xq4w"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"77950.i554000.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681392/; classtype:trojan-activity;sid:84544492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.188.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681391/; classtype:trojan-activity;sid:84544491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.142.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681390/; classtype:trojan-activity;sid:84544490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.100.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681389/; classtype:trojan-activity;sid:84544489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.28.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681388/; classtype:trojan-activity;sid:84544488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.195.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681387/; classtype:trojan-activity;sid:84544487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681386/; classtype:trojan-activity;sid:84544486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.37.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681385/; classtype:trojan-activity;sid:84544485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.148.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681384/; classtype:trojan-activity;sid:84544484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681383/; classtype:trojan-activity;sid:84544483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.195.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681382/; classtype:trojan-activity;sid:84544482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.255.45.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681381/; classtype:trojan-activity;sid:84544481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681380/; classtype:trojan-activity;sid:84544480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681378)"; flow:established,from_client; content:"GET"; http_method; content:"/clipper.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681378/; classtype:trojan-activity;sid:84544478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681379)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8173016258/b0hphfe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681379/; classtype:trojan-activity;sid:84544479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.149.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681377/; classtype:trojan-activity;sid:84544477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681376)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6260444824/ajftrrr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681376/; classtype:trojan-activity;sid:84544476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681375)"; flow:established,from_client; content:"GET"; http_method; content:"/ra3.google|3f|t=v6fgzcxj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"55027.i373582.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681375/; classtype:trojan-activity;sid:84544475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681373)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5876317150/1dqgjsb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681373/; classtype:trojan-activity;sid:84544473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681374)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6393041478/34mmazl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681374/; classtype:trojan-activity;sid:84544474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681372)"; flow:established,from_client; content:"GET"; http_method; content:"/~sgtatham/putty/latest/wa64/putty.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"the.earth.li"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681372/; classtype:trojan-activity;sid:84544472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681371/; classtype:trojan-activity;sid:84544471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681370)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/logger.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.92.242.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681370/; classtype:trojan-activity;sid:84544470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681369/; classtype:trojan-activity;sid:84544469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.17.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681368/; classtype:trojan-activity;sid:84544468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.117.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681367/; classtype:trojan-activity;sid:84544467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681366/; classtype:trojan-activity;sid:84544466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.246.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681365/; classtype:trojan-activity;sid:84544465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681364/; classtype:trojan-activity;sid:84544464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.183.139.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681363/; classtype:trojan-activity;sid:84544463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.104.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681362/; classtype:trojan-activity;sid:84544462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681361)"; flow:established,from_client; content:"GET"; http_method; content:"/toot"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681361/; classtype:trojan-activity;sid:84544461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.79.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681360/; classtype:trojan-activity;sid:84544460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.61.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681359/; classtype:trojan-activity;sid:84544459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.249.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681358/; classtype:trojan-activity;sid:84544458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.117.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681357/; classtype:trojan-activity;sid:84544457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.114.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681356/; classtype:trojan-activity;sid:84544456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.186.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681355/; classtype:trojan-activity;sid:84544455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681354/; classtype:trojan-activity;sid:84544454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.80.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681353/; classtype:trojan-activity;sid:84544453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.239.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681352/; classtype:trojan-activity;sid:84544452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.71.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681351/; classtype:trojan-activity;sid:84544451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.82.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681350/; classtype:trojan-activity;sid:84544450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.46.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681349/; classtype:trojan-activity;sid:84544449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.39.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681348/; classtype:trojan-activity;sid:84544448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.164.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681346/; classtype:trojan-activity;sid:84544446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.17.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681347/; classtype:trojan-activity;sid:84544447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681345)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.93.62.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681345/; classtype:trojan-activity;sid:84544445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.80.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681343/; classtype:trojan-activity;sid:84544443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.218.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681344/; classtype:trojan-activity;sid:84544444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681340/; classtype:trojan-activity;sid:84544440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681341/; classtype:trojan-activity;sid:84544441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.230.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681342/; classtype:trojan-activity;sid:84544442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681337)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.62.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681337/; classtype:trojan-activity;sid:84544437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681338)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.62.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681338/; classtype:trojan-activity;sid:84544438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681339)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.149.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681339/; classtype:trojan-activity;sid:84544439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.186.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681336/; classtype:trojan-activity;sid:84544436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.88.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681335/; classtype:trojan-activity;sid:84544435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681334/; classtype:trojan-activity;sid:84544434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.50.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681333/; classtype:trojan-activity;sid:84544433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.71.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681332/; classtype:trojan-activity;sid:84544432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.240.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681331/; classtype:trojan-activity;sid:84544431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.82.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681330/; classtype:trojan-activity;sid:84544430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681329/; classtype:trojan-activity;sid:84544429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.235.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681328/; classtype:trojan-activity;sid:84544428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.221.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681327/; classtype:trojan-activity;sid:84544427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.140.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681326/; classtype:trojan-activity;sid:84544426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681325)"; flow:established,from_client; content:"GET"; http_method; content:"/kx9.check|3f|t=1wo17yqe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7652190.o303024.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681325/; classtype:trojan-activity;sid:84544425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.240.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681324/; classtype:trojan-activity;sid:84544424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.246.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681323/; classtype:trojan-activity;sid:84544423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681322)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.3.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681322/; classtype:trojan-activity;sid:84544422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.168.77.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681321/; classtype:trojan-activity;sid:84544421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681320/; classtype:trojan-activity;sid:84544420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.11.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681319/; classtype:trojan-activity;sid:84544419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.133.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681318/; classtype:trojan-activity;sid:84544418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.140.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681317/; classtype:trojan-activity;sid:84544417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681316/; classtype:trojan-activity;sid:84544416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.133.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681315/; classtype:trojan-activity;sid:84544415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.147.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681314/; classtype:trojan-activity;sid:84544414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681313/; classtype:trojan-activity;sid:84544413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.48.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681312/; classtype:trojan-activity;sid:84544412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.21.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681311/; classtype:trojan-activity;sid:84544411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.178.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681310/; classtype:trojan-activity;sid:84544410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.11.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681309/; classtype:trojan-activity;sid:84544409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.84.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681308/; classtype:trojan-activity;sid:84544408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.246.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681307/; classtype:trojan-activity;sid:84544407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.2.60"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681306/; classtype:trojan-activity;sid:84544406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681305)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681305/; classtype:trojan-activity;sid:84544405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.178.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681304/; classtype:trojan-activity;sid:84544404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.21.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681303/; classtype:trojan-activity;sid:84544403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.84.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681302/; classtype:trojan-activity;sid:84544402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681301/; classtype:trojan-activity;sid:84544401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.82.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681300/; classtype:trojan-activity;sid:84544400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681299)"; flow:established,from_client; content:"GET"; http_method; content:"/7860pfnz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"719.o411213.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681299/; classtype:trojan-activity;sid:84544399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.109.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681298/; classtype:trojan-activity;sid:84544398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.82.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681297/; classtype:trojan-activity;sid:84544397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.187.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681296/; classtype:trojan-activity;sid:84544396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.46.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681295/; classtype:trojan-activity;sid:84544395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.47.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681294/; classtype:trojan-activity;sid:84544394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.171.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681293/; classtype:trojan-activity;sid:84544393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.16.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681292/; classtype:trojan-activity;sid:84544392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.109.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681291/; classtype:trojan-activity;sid:84544391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.136.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681289/; classtype:trojan-activity;sid:84544389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.46.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681290/; classtype:trojan-activity;sid:84544390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.86.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681288/; classtype:trojan-activity;sid:84544388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.175.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681287/; classtype:trojan-activity;sid:84544387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681286)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.89.75.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681286/; classtype:trojan-activity;sid:84544386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.16.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681285/; classtype:trojan-activity;sid:84544385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.59.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681284/; classtype:trojan-activity;sid:84544384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.242.198.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681283/; classtype:trojan-activity;sid:84544383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681282)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681282/; classtype:trojan-activity;sid:84544382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681281)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681281/; classtype:trojan-activity;sid:84544381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681280)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681280/; classtype:trojan-activity;sid:84544380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681279)"; flow:established,from_client; content:"GET"; http_method; content:"/yukari.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681279/; classtype:trojan-activity;sid:84544379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681278)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681278/; classtype:trojan-activity;sid:84544378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681277)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.142.10.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681277/; classtype:trojan-activity;sid:84544377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.175.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681276/; classtype:trojan-activity;sid:84544376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.88.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681275/; classtype:trojan-activity;sid:84544375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.86.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681274/; classtype:trojan-activity;sid:84544374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.80.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681273/; classtype:trojan-activity;sid:84544373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681272)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=yet0v3ww"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.5e8y8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681272/; classtype:trojan-activity;sid:84544372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.241.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681271/; classtype:trojan-activity;sid:84544371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.96.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681270/; classtype:trojan-activity;sid:84544370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681269/; classtype:trojan-activity;sid:84544369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681268/; classtype:trojan-activity;sid:84544368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681267)"; flow:established,from_client; content:"GET"; http_method; content:"/p.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.160.56.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681267/; classtype:trojan-activity;sid:84544367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681266)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.102.202.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681266/; classtype:trojan-activity;sid:84544366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681265)"; flow:established,from_client; content:"GET"; http_method; content:"/massload.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681265/; classtype:trojan-activity;sid:84544365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.250.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681264/; classtype:trojan-activity;sid:84544364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681263)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=7xhhtj4w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.5e8y8.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681263/; classtype:trojan-activity;sid:84544363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681262)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681262/; classtype:trojan-activity;sid:84544362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.37.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681261/; classtype:trojan-activity;sid:84544361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.104.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681260/; classtype:trojan-activity;sid:84544360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.148.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681259/; classtype:trojan-activity;sid:84544359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.80.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681258/; classtype:trojan-activity;sid:84544358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.4.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681257/; classtype:trojan-activity;sid:84544357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.37.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681256/; classtype:trojan-activity;sid:84544356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.189.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681255/; classtype:trojan-activity;sid:84544355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681254/; classtype:trojan-activity;sid:84544354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681253/; classtype:trojan-activity;sid:84544353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.49.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681252/; classtype:trojan-activity;sid:84544352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.231.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681247/; classtype:trojan-activity;sid:84544347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681248/; classtype:trojan-activity;sid:84544348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681249/; classtype:trojan-activity;sid:84544349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.139.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681250/; classtype:trojan-activity;sid:84544350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.13.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681251/; classtype:trojan-activity;sid:84544351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.234.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681246/; classtype:trojan-activity;sid:84544346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.46.197.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681245/; classtype:trojan-activity;sid:84544345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681223)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681223/; classtype:trojan-activity;sid:84544323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681224)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681224/; classtype:trojan-activity;sid:84544324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681225)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681225/; classtype:trojan-activity;sid:84544325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681226)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681226/; classtype:trojan-activity;sid:84544326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681227)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681227/; classtype:trojan-activity;sid:84544327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681228)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681228/; classtype:trojan-activity;sid:84544328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681229)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681229/; classtype:trojan-activity;sid:84544329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681230)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681230/; classtype:trojan-activity;sid:84544330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681231)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681231/; classtype:trojan-activity;sid:84544331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681232)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681232/; classtype:trojan-activity;sid:84544332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681233)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681233/; classtype:trojan-activity;sid:84544333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681234)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681234/; classtype:trojan-activity;sid:84544334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681235)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681235/; classtype:trojan-activity;sid:84544335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681236)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681236/; classtype:trojan-activity;sid:84544336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681237)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681237/; classtype:trojan-activity;sid:84544337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681238)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681238/; classtype:trojan-activity;sid:84544338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681239)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681239/; classtype:trojan-activity;sid:84544339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681240)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681240/; classtype:trojan-activity;sid:84544340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681241)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681241/; classtype:trojan-activity;sid:84544341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681242)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681242/; classtype:trojan-activity;sid:84544342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681243)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681243/; classtype:trojan-activity;sid:84544343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681244)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681244/; classtype:trojan-activity;sid:84544344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681222)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.3.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681222/; classtype:trojan-activity;sid:84544322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681221/; classtype:trojan-activity;sid:84544321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681220)"; flow:established,from_client; content:"GET"; http_method; content:"/rxm.check|3f|t=nh4x18tg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yo.mzas7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681220/; classtype:trojan-activity;sid:84544320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.160.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681219/; classtype:trojan-activity;sid:84544319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.46.197.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681218/; classtype:trojan-activity;sid:84544318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.219.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681217/; classtype:trojan-activity;sid:84544317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.74.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681216/; classtype:trojan-activity;sid:84544316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.120.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681215/; classtype:trojan-activity;sid:84544315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.6.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681214/; classtype:trojan-activity;sid:84544314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.219.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681213/; classtype:trojan-activity;sid:84544313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681212)"; flow:established,from_client; content:"GET"; http_method; content:"/6q2.check|3f|t=yud0sda3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gab.qvik5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681212/; classtype:trojan-activity;sid:84544312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.120.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681211/; classtype:trojan-activity;sid:84544311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.6.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681210/; classtype:trojan-activity;sid:84544310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.18.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681209/; classtype:trojan-activity;sid:84544309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.92.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681208/; classtype:trojan-activity;sid:84544308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681207/; classtype:trojan-activity;sid:84544307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.238.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681206/; classtype:trojan-activity;sid:84544306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.154.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681205/; classtype:trojan-activity;sid:84544305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.164.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681204/; classtype:trojan-activity;sid:84544304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.18.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681203/; classtype:trojan-activity;sid:84544303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.66.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681202/; classtype:trojan-activity;sid:84544302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.169.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681201/; classtype:trojan-activity;sid:84544301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.37.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681200/; classtype:trojan-activity;sid:84544300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.181.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681199/; classtype:trojan-activity;sid:84544299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.154.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681198/; classtype:trojan-activity;sid:84544298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.238.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681197/; classtype:trojan-activity;sid:84544297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681196/; classtype:trojan-activity;sid:84544296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.169.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681195/; classtype:trojan-activity;sid:84544295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681194/; classtype:trojan-activity;sid:84544294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.1.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681193/; classtype:trojan-activity;sid:84544293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.181.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681192/; classtype:trojan-activity;sid:84544292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.213.103.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681191/; classtype:trojan-activity;sid:84544291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.11.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681190/; classtype:trojan-activity;sid:84544290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.190.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681189/; classtype:trojan-activity;sid:84544289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681188/; classtype:trojan-activity;sid:84544288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.11.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681187/; classtype:trojan-activity;sid:84544287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681185)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681185/; classtype:trojan-activity;sid:84544285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681186)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681186/; classtype:trojan-activity;sid:84544286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681184)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681184/; classtype:trojan-activity;sid:84544284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681181)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681181/; classtype:trojan-activity;sid:84544281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681182)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681182/; classtype:trojan-activity;sid:84544282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681183)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681183/; classtype:trojan-activity;sid:84544283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681176)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681176/; classtype:trojan-activity;sid:84544276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681177)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681177/; classtype:trojan-activity;sid:84544277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681178)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681178/; classtype:trojan-activity;sid:84544278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681179)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681179/; classtype:trojan-activity;sid:84544279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681180)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681180/; classtype:trojan-activity;sid:84544280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681174)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681174/; classtype:trojan-activity;sid:84544274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681175)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1067286.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681175/; classtype:trojan-activity;sid:84544275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.69.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681172/; classtype:trojan-activity;sid:84544272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681173/; classtype:trojan-activity;sid:84544273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.139.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681171/; classtype:trojan-activity;sid:84544271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.127.227.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681170/; classtype:trojan-activity;sid:84544270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.73.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681169/; classtype:trojan-activity;sid:84544269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.139.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681168/; classtype:trojan-activity;sid:84544268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.235.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681167/; classtype:trojan-activity;sid:84544267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681156)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681156/; classtype:trojan-activity;sid:84544256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681157)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681157/; classtype:trojan-activity;sid:84544257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681158)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681158/; classtype:trojan-activity;sid:84544258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681159)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681159/; classtype:trojan-activity;sid:84544259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681160)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681160/; classtype:trojan-activity;sid:84544260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681161)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681161/; classtype:trojan-activity;sid:84544261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681162)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681162/; classtype:trojan-activity;sid:84544262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681163)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681163/; classtype:trojan-activity;sid:84544263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681164)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681164/; classtype:trojan-activity;sid:84544264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681165)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681165/; classtype:trojan-activity;sid:84544265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681166)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681166/; classtype:trojan-activity;sid:84544266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.73.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681155/; classtype:trojan-activity;sid:84544255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681154)"; flow:established,from_client; content:"GET"; http_method; content:"/ust.google|3f|t=fickel29"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tic.jsuv0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681154/; classtype:trojan-activity;sid:84544254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.132.225.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681153/; classtype:trojan-activity;sid:84544253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.235.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681152/; classtype:trojan-activity;sid:84544252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681151)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681151/; classtype:trojan-activity;sid:84544251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681148)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681148/; classtype:trojan-activity;sid:84544248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681149)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681149/; classtype:trojan-activity;sid:84544249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681150)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681150/; classtype:trojan-activity;sid:84544250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681145)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681145/; classtype:trojan-activity;sid:84544245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681146)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681146/; classtype:trojan-activity;sid:84544246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681147)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681147/; classtype:trojan-activity;sid:84544247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681144)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.90.98.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681144/; classtype:trojan-activity;sid:84544244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681119)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681119/; classtype:trojan-activity;sid:84544219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681120)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681120/; classtype:trojan-activity;sid:84544220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681121)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681121/; classtype:trojan-activity;sid:84544221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681122)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681122/; classtype:trojan-activity;sid:84544222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681123)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.i686"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681123/; classtype:trojan-activity;sid:84544223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681124)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681124/; classtype:trojan-activity;sid:84544224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681125)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681125/; classtype:trojan-activity;sid:84544225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681126)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681126/; classtype:trojan-activity;sid:84544226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681127)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681127/; classtype:trojan-activity;sid:84544227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681128)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681128/; classtype:trojan-activity;sid:84544228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681129)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681129/; classtype:trojan-activity;sid:84544229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681130)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681130/; classtype:trojan-activity;sid:84544230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681131)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681131/; classtype:trojan-activity;sid:84544231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681132)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681132/; classtype:trojan-activity;sid:84544232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681133)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681133/; classtype:trojan-activity;sid:84544233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681134)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681134/; classtype:trojan-activity;sid:84544234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681135)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681135/; classtype:trojan-activity;sid:84544235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681136)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681136/; classtype:trojan-activity;sid:84544236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681137)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681137/; classtype:trojan-activity;sid:84544237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681138)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681138/; classtype:trojan-activity;sid:84544238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681139)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681139/; classtype:trojan-activity;sid:84544239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681140)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681140/; classtype:trojan-activity;sid:84544240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681141)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681141/; classtype:trojan-activity;sid:84544241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681142)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681142/; classtype:trojan-activity;sid:84544242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681143)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"45.156.87.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681143/; classtype:trojan-activity;sid:84544243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.75.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681118/; classtype:trojan-activity;sid:84544218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681117)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"90.229.174.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681117/; classtype:trojan-activity;sid:84544217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681109)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"90.229.174.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681109/; classtype:trojan-activity;sid:84544209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681110)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"90.229.174.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681110/; classtype:trojan-activity;sid:84544210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681111)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"90.229.174.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681111/; classtype:trojan-activity;sid:84544211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681112)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"90.229.174.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681112/; classtype:trojan-activity;sid:84544212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681113)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"90.229.174.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681113/; classtype:trojan-activity;sid:84544213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681114)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"90.229.174.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681114/; classtype:trojan-activity;sid:84544214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681115)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"90.229.174.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681115/; classtype:trojan-activity;sid:84544215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681116)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.229.174.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681116/; classtype:trojan-activity;sid:84544216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681108)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681108/; classtype:trojan-activity;sid:84544208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681107)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681107/; classtype:trojan-activity;sid:84544207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681104)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681104/; classtype:trojan-activity;sid:84544204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681105)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681105/; classtype:trojan-activity;sid:84544205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681106)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681106/; classtype:trojan-activity;sid:84544206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681103)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681103/; classtype:trojan-activity;sid:84544203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681100)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86-debug"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681100/; classtype:trojan-activity;sid:84544200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681101)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681101/; classtype:trojan-activity;sid:84544201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681102)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681102/; classtype:trojan-activity;sid:84544202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681099)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681099/; classtype:trojan-activity;sid:84544199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681081)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681081/; classtype:trojan-activity;sid:84544181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681082)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681082/; classtype:trojan-activity;sid:84544182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681083)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681083/; classtype:trojan-activity;sid:84544183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681084)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681084/; classtype:trojan-activity;sid:84544184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681085)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681085/; classtype:trojan-activity;sid:84544185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681086)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681086/; classtype:trojan-activity;sid:84544186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681087)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681087/; classtype:trojan-activity;sid:84544187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681088)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681088/; classtype:trojan-activity;sid:84544188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681089)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681089/; classtype:trojan-activity;sid:84544189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681090)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681090/; classtype:trojan-activity;sid:84544190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681091)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681091/; classtype:trojan-activity;sid:84544191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681092)"; flow:established,from_client; content:"GET"; http_method; content:"/x86-debug"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681092/; classtype:trojan-activity;sid:84544192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681093)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681093/; classtype:trojan-activity;sid:84544193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681094)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681094/; classtype:trojan-activity;sid:84544194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681095)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681095/; classtype:trojan-activity;sid:84544195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681096)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681096/; classtype:trojan-activity;sid:84544196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681097)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681097/; classtype:trojan-activity;sid:84544197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681098)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681098/; classtype:trojan-activity;sid:84544198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681080)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/jobdetail.txt.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.251.66.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681080/; classtype:trojan-activity;sid:84544180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681079)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/chase_10_15_2025.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"81.90.31.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681079/; classtype:trojan-activity;sid:84544179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681076)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681076/; classtype:trojan-activity;sid:84544176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681077)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681077/; classtype:trojan-activity;sid:84544177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681078)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681078/; classtype:trojan-activity;sid:84544178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681064)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681064/; classtype:trojan-activity;sid:84544164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681065)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681065/; classtype:trojan-activity;sid:84544165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681066)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681066/; classtype:trojan-activity;sid:84544166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681067)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681067/; classtype:trojan-activity;sid:84544167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681068)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681068/; classtype:trojan-activity;sid:84544168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681069)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681069/; classtype:trojan-activity;sid:84544169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681070)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681070/; classtype:trojan-activity;sid:84544170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681071)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681071/; classtype:trojan-activity;sid:84544171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681072)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681072/; classtype:trojan-activity;sid:84544172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681073)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681073/; classtype:trojan-activity;sid:84544173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681074)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681074/; classtype:trojan-activity;sid:84544174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681075)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"160.238.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681075/; classtype:trojan-activity;sid:84544175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"corestresser.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681063/; classtype:trojan-activity;sid:84544163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"corestresser.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681062/; classtype:trojan-activity;sid:84544162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"corestresser.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681061/; classtype:trojan-activity;sid:84544161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"corestresser.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681056/; classtype:trojan-activity;sid:84544156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"corestresser.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681057/; classtype:trojan-activity;sid:84544157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"corestresser.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681058/; classtype:trojan-activity;sid:84544158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"corestresser.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681059/; classtype:trojan-activity;sid:84544159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_debug"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"corestresser.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681060/; classtype:trojan-activity;sid:84544160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681055)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.214.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681055/; classtype:trojan-activity;sid:84544155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681052)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.249.89.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681052/; classtype:trojan-activity;sid:84544152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681053)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.77.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681053/; classtype:trojan-activity;sid:84544153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681054)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"68.64.176.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681054/; classtype:trojan-activity;sid:84544154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681048)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681048/; classtype:trojan-activity;sid:84544148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681049)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.79.229.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681049/; classtype:trojan-activity;sid:84544149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681050)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.229.116.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681050/; classtype:trojan-activity;sid:84544150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681051)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.198.233.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681051/; classtype:trojan-activity;sid:84544151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681042)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.201.74.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681042/; classtype:trojan-activity;sid:84544142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681043)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.201.74.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681043/; classtype:trojan-activity;sid:84544143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681044)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681044/; classtype:trojan-activity;sid:84544144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681045)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.242.12.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681045/; classtype:trojan-activity;sid:84544145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681046)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.235.188.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681046/; classtype:trojan-activity;sid:84544146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681047)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.79.229.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681047/; classtype:trojan-activity;sid:84544147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.236.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681041/; classtype:trojan-activity;sid:84544141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681040)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.88.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681040/; classtype:trojan-activity;sid:84544140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681039)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.55.75.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681039/; classtype:trojan-activity;sid:84544139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681038)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.208.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681038/; classtype:trojan-activity;sid:84544138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.170.215.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681035/; classtype:trojan-activity;sid:84544135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.132.158.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681036/; classtype:trojan-activity;sid:84544136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681037)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.37.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681037/; classtype:trojan-activity;sid:84544137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681034)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.164.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681034/; classtype:trojan-activity;sid:84544134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.103.251.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681032/; classtype:trojan-activity;sid:84544132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.232.184.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681033/; classtype:trojan-activity;sid:84544133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.49.31.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681028/; classtype:trojan-activity;sid:84544128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681029)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.105.132.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681029/; classtype:trojan-activity;sid:84544129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681030)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.227.219.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681030/; classtype:trojan-activity;sid:84544130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681031)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.226.220.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681031/; classtype:trojan-activity;sid:84544131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681025)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.165.6.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681025/; classtype:trojan-activity;sid:84544125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681026)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.125.88.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681026/; classtype:trojan-activity;sid:84544126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681027)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.118.14.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681027/; classtype:trojan-activity;sid:84544127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.172.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681023/; classtype:trojan-activity;sid:84544123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.10.51.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681024/; classtype:trojan-activity;sid:84544124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.132.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681022/; classtype:trojan-activity;sid:84544122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.90.248.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681019/; classtype:trojan-activity;sid:84544119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.176.40.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681020/; classtype:trojan-activity;sid:84544120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.39.79.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681021/; classtype:trojan-activity;sid:84544121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681013)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.164.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681013/; classtype:trojan-activity;sid:84544113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.200.159.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681014/; classtype:trojan-activity;sid:84544114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681015)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"187.194.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681015/; classtype:trojan-activity;sid:84544115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.207.82.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681016/; classtype:trojan-activity;sid:84544116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.231.63.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681017/; classtype:trojan-activity;sid:84544117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.152.226.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681018/; classtype:trojan-activity;sid:84544118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.210.37.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681011/; classtype:trojan-activity;sid:84544111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681012/; classtype:trojan-activity;sid:84544112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.84.181.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681010/; classtype:trojan-activity;sid:84544110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.163.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681009/; classtype:trojan-activity;sid:84544109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681003)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681003/; classtype:trojan-activity;sid:84544103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681004)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681004/; classtype:trojan-activity;sid:84544104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681005)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681005/; classtype:trojan-activity;sid:84544105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681006)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681006/; classtype:trojan-activity;sid:84544106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681007)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681007/; classtype:trojan-activity;sid:84544107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681008)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681008/; classtype:trojan-activity;sid:84544108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681002)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681002/; classtype:trojan-activity;sid:84544102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.166.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681001/; classtype:trojan-activity;sid:84544101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681000)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5222311384/okp0oxu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681000/; classtype:trojan-activity;sid:84544100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680998)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7160000572/zswnphu.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680998/; classtype:trojan-activity;sid:84544098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680999)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6316676254/s8nfpr3.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680999/; classtype:trojan-activity;sid:84544099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680997)"; flow:established,from_client; content:"GET"; http_method; content:"/laced.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680997/; classtype:trojan-activity;sid:84544097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.75.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680996/; classtype:trojan-activity;sid:84544096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680995/; classtype:trojan-activity;sid:84544095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.213.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680994/; classtype:trojan-activity;sid:84544094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.25.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680993/; classtype:trojan-activity;sid:84544093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.96.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680992/; classtype:trojan-activity;sid:84544092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680991)"; flow:established,from_client; content:"GET"; http_method; content:"/a1hi4vcv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hag.rqyp1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680991/; classtype:trojan-activity;sid:84544091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680990)"; flow:established,from_client; content:"GET"; http_method; content:"/yj.google|3f|t=t21l7co8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hag.rqyp1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680990/; classtype:trojan-activity;sid:84544090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680989/; classtype:trojan-activity;sid:84544089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680988)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.103.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680988/; classtype:trojan-activity;sid:84544088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.33.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680987/; classtype:trojan-activity;sid:84544087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680986)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.103.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680986/; classtype:trojan-activity;sid:84544086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.81.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680985/; classtype:trojan-activity;sid:84544085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.25.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680984/; classtype:trojan-activity;sid:84544084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680983)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.224.3.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680983/; classtype:trojan-activity;sid:84544083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.69.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680980/; classtype:trojan-activity;sid:84544080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.100.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680981/; classtype:trojan-activity;sid:84544081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.30.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680982/; classtype:trojan-activity;sid:84544082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.118.48.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680979/; classtype:trojan-activity;sid:84544079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680978)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.224.3.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680978/; classtype:trojan-activity;sid:84544078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680977)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/login.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.114.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680977/; classtype:trojan-activity;sid:84544077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.81.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680976/; classtype:trojan-activity;sid:84544076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.50.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680973/; classtype:trojan-activity;sid:84544073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.209.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680974/; classtype:trojan-activity;sid:84544074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.165.184.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680975/; classtype:trojan-activity;sid:84544075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680970/; classtype:trojan-activity;sid:84544070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.96.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680971/; classtype:trojan-activity;sid:84544071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.154.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680972/; classtype:trojan-activity;sid:84544072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680969)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.3.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680969/; classtype:trojan-activity;sid:84544069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.179.46.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680967/; classtype:trojan-activity;sid:84544067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680968)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.103.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680968/; classtype:trojan-activity;sid:84544068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680959)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.103.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680959/; classtype:trojan-activity;sid:84544059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680960)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.103.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680960/; classtype:trojan-activity;sid:84544060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680961)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.103.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680961/; classtype:trojan-activity;sid:84544061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680962)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.103.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680962/; classtype:trojan-activity;sid:84544062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680963)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.103.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680963/; classtype:trojan-activity;sid:84544063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680964)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.103.2.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680964/; classtype:trojan-activity;sid:84544064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.169.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680965/; classtype:trojan-activity;sid:84544065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.83.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680966/; classtype:trojan-activity;sid:84544066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.136.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680958/; classtype:trojan-activity;sid:84544058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.194.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680957/; classtype:trojan-activity;sid:84544057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.106.64.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680956/; classtype:trojan-activity;sid:84544056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.177.33.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680955/; classtype:trojan-activity;sid:84544055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.186.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680954/; classtype:trojan-activity;sid:84544054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.106.64.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680953/; classtype:trojan-activity;sid:84544053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.154.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680952/; classtype:trojan-activity;sid:84544052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.87.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680951/; classtype:trojan-activity;sid:84544051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680949)"; flow:established,from_client; content:"GET"; http_method; content:"/an.google|3f|t=t7fnnaqc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yap.npoj2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680949/; classtype:trojan-activity;sid:84544049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680950)"; flow:established,from_client; content:"GET"; http_method; content:"/a37vy70r9d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mist.jix3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680950/; classtype:trojan-activity;sid:84544050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.251.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680948/; classtype:trojan-activity;sid:84544048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.128.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680947/; classtype:trojan-activity;sid:84544047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680945)"; flow:established,from_client; content:"GET"; http_method; content:"/lii.google|3f|t=e2el07h6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ow.khoc9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680945/; classtype:trojan-activity;sid:84544045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680946)"; flow:established,from_client; content:"GET"; http_method; content:"/uiaic2z9zd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fig.jix3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680946/; classtype:trojan-activity;sid:84544046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.87.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680944/; classtype:trojan-activity;sid:84544044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.251.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680943/; classtype:trojan-activity;sid:84544043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.195.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680942/; classtype:trojan-activity;sid:84544042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.177.33.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680941/; classtype:trojan-activity;sid:84544041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.216.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680940/; classtype:trojan-activity;sid:84544040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.204.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680938/; classtype:trojan-activity;sid:84544038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.138.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680939/; classtype:trojan-activity;sid:84544039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680937)"; flow:established,from_client; content:"GET"; http_method; content:"/ucpkm0puxd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bold.jix3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680937/; classtype:trojan-activity;sid:84544037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680936)"; flow:established,from_client; content:"GET"; http_method; content:"/kc.check|3f|t=h4z7uck6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ape.qvik5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680936/; classtype:trojan-activity;sid:84544036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680935/; classtype:trojan-activity;sid:84544035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.128.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680934/; classtype:trojan-activity;sid:84544034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.99.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680933/; classtype:trojan-activity;sid:84544033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.12.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680932/; classtype:trojan-activity;sid:84544032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680931)"; flow:established,from_client; content:"GET"; http_method; content:"/bo01vk80nm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jet.gyj0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680931/; classtype:trojan-activity;sid:84544031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680930)"; flow:established,from_client; content:"GET"; http_method; content:"/dw.google|3f|t=cjkbm1zj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"art.mzas7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680930/; classtype:trojan-activity;sid:84544030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680929/; classtype:trojan-activity;sid:84544029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680928/; classtype:trojan-activity;sid:84544028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.216.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680927/; classtype:trojan-activity;sid:84544027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680926/; classtype:trojan-activity;sid:84544026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.195.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680925/; classtype:trojan-activity;sid:84544025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680924)"; flow:established,from_client; content:"GET"; http_method; content:"/9hgtbu9mue.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jet.gyj0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680924/; classtype:trojan-activity;sid:84544024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680923)"; flow:established,from_client; content:"GET"; http_method; content:"/iv.google|3f|t=gk18u9os"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"air.wkej2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680923/; classtype:trojan-activity;sid:84544023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.210.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680922/; classtype:trojan-activity;sid:84544022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.138.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680921/; classtype:trojan-activity;sid:84544021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.204.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680920/; classtype:trojan-activity;sid:84544020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.10.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680919/; classtype:trojan-activity;sid:84544019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680918)"; flow:established,from_client; content:"GET"; http_method; content:"/ynxelahxgk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tray.gyj0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680918/; classtype:trojan-activity;sid:84544018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680917)"; flow:established,from_client; content:"GET"; http_method; content:"/anz.check|3f|t=fpkj6b8e"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"few.cqom9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680917/; classtype:trojan-activity;sid:84544017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680916/; classtype:trojan-activity;sid:84544016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680915)"; flow:established,from_client; content:"GET"; http_method; content:"/aule1xn9xc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tray.gyj0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680915/; classtype:trojan-activity;sid:84544015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680914)"; flow:established,from_client; content:"GET"; http_method; content:"/39d.check|3f|t=odobtk3w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"try.sjyj1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680914/; classtype:trojan-activity;sid:84544014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.82.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680913/; classtype:trojan-activity;sid:84544013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680912/; classtype:trojan-activity;sid:84544012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680911/; classtype:trojan-activity;sid:84544011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.85.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680910/; classtype:trojan-activity;sid:84544010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680909)"; flow:established,from_client; content:"GET"; http_method; content:"/fah7ajup8y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tray.gyj0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680909/; classtype:trojan-activity;sid:84544009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680908)"; flow:established,from_client; content:"GET"; http_method; content:"/xdc.check|3f|t=t789jq4g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nap.rqyp1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680908/; classtype:trojan-activity;sid:84544008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.94.210.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680907/; classtype:trojan-activity;sid:84544007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.10.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680906/; classtype:trojan-activity;sid:84544006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680905)"; flow:established,from_client; content:"GET"; http_method; content:"/wnkjntf8jn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"muse.gyj0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680905/; classtype:trojan-activity;sid:84544005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680904)"; flow:established,from_client; content:"GET"; http_method; content:"/8x3.google|3f|t=2ywyqcq3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"er.npoj2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680904/; classtype:trojan-activity;sid:84544004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.82.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680903/; classtype:trojan-activity;sid:84544003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.68.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680902/; classtype:trojan-activity;sid:84544002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680901)"; flow:established,from_client; content:"GET"; http_method; content:"/45s4s3u30n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bark.gyj0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680901/; classtype:trojan-activity;sid:84544001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680900)"; flow:established,from_client; content:"GET"; http_method; content:"/np.check|3f|t=p6rwm1tk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ban.jrih5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680900/; classtype:trojan-activity;sid:84544000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.85.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680899/; classtype:trojan-activity;sid:84543999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680897)"; flow:established,from_client; content:"GET"; http_method; content:"/1o.google|3f|t=aowgei68"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pat.wkej2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680897/; classtype:trojan-activity;sid:84543997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680898)"; flow:established,from_client; content:"GET"; http_method; content:"/8t445tggy4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bark.gyj0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680898/; classtype:trojan-activity;sid:84543998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680896)"; flow:established,from_client; content:"GET"; http_method; content:"/hclsqjlr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pat.wkej2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680896/; classtype:trojan-activity;sid:84543996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680895)"; flow:established,from_client; content:"GET"; http_method; content:"/k1.google|3f|t=fji41lbi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ran.sjyj1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680895/; classtype:trojan-activity;sid:84543995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.163.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680894/; classtype:trojan-activity;sid:84543994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680893)"; flow:established,from_client; content:"GET"; http_method; content:"/7vfkb9qluj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fin.gyj0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680893/; classtype:trojan-activity;sid:84543993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680892)"; flow:established,from_client; content:"GET"; http_method; content:"/gci.check|3f|t=6kyhlkmz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cup.mzas7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680892/; classtype:trojan-activity;sid:84543992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.159.244.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680891/; classtype:trojan-activity;sid:84543991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680890/; classtype:trojan-activity;sid:84543990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680889)"; flow:established,from_client; content:"GET"; http_method; content:"/k5jw7btdlx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fin.gyj0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680889/; classtype:trojan-activity;sid:84543989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680888)"; flow:established,from_client; content:"GET"; http_method; content:"/c2.check|3f|t=9eu6mbcw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"can.jsuv0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680888/; classtype:trojan-activity;sid:84543988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680887)"; flow:established,from_client; content:"GET"; http_method; content:"/rrxzdrwdds.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dusk.gyj0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680887/; classtype:trojan-activity;sid:84543987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680886)"; flow:established,from_client; content:"GET"; http_method; content:"/n93.check|3f|t=s839u733"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nod.qvik5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680886/; classtype:trojan-activity;sid:84543986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.163.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680885/; classtype:trojan-activity;sid:84543985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.215.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680884/; classtype:trojan-activity;sid:84543984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680882)"; flow:established,from_client; content:"GET"; http_method; content:"/wogf7fes6g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dusk.gyj0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680882/; classtype:trojan-activity;sid:84543982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680883)"; flow:established,from_client; content:"GET"; http_method; content:"/1s.google|3f|t=d52m28c9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jet.khoc9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680883/; classtype:trojan-activity;sid:84543983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.192.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680881/; classtype:trojan-activity;sid:84543981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.250.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680880/; classtype:trojan-activity;sid:84543980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680879/; classtype:trojan-activity;sid:84543979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680878)"; flow:established,from_client; content:"GET"; http_method; content:"/2y5o2wsbyt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fern.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680878/; classtype:trojan-activity;sid:84543978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680877)"; flow:established,from_client; content:"GET"; http_method; content:"/45.google|3f|t=83t1qek2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bog.qvik5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680877/; classtype:trojan-activity;sid:84543977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680875)"; flow:established,from_client; content:"GET"; http_method; content:"/36q.check|3f|t=tij66x9d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"has.cqom9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680875/; classtype:trojan-activity;sid:84543975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680876)"; flow:established,from_client; content:"GET"; http_method; content:"/skr120yr0i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fern.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680876/; classtype:trojan-activity;sid:84543976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.215.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680874/; classtype:trojan-activity;sid:84543974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680873)"; flow:established,from_client; content:"GET"; http_method; content:"/yg.google|3f|t=1qr7mcwa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"era.mzas7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680873/; classtype:trojan-activity;sid:84543973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680872)"; flow:established,from_client; content:"GET"; http_method; content:"/cqrtckplgo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"clay.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680872/; classtype:trojan-activity;sid:84543972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680871)"; flow:established,from_client; content:"GET"; http_method; content:"/w7.google|3f|t=4qlirp80"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"inn.jrih5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680871/; classtype:trojan-activity;sid:84543971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680870)"; flow:established,from_client; content:"GET"; http_method; content:"/c72t2aagft.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"clay.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680870/; classtype:trojan-activity;sid:84543970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680869)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.131.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680869/; classtype:trojan-activity;sid:84543969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680862)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.61.131.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680862/; classtype:trojan-activity;sid:84543962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680863)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.61.131.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680863/; classtype:trojan-activity;sid:84543963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680864)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.131.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680864/; classtype:trojan-activity;sid:84543964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680865)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.61.131.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680865/; classtype:trojan-activity;sid:84543965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680866)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.131.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680866/; classtype:trojan-activity;sid:84543966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680867)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.131.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680867/; classtype:trojan-activity;sid:84543967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680868)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.131.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680868/; classtype:trojan-activity;sid:84543968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680860)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.61.131.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680860/; classtype:trojan-activity;sid:84543960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680861)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.61.131.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680861/; classtype:trojan-activity;sid:84543961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680859)"; flow:established,from_client; content:"GET"; http_method; content:"/p2.check|3f|t=966r9y6s"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"its.npoj2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680859/; classtype:trojan-activity;sid:84543959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680858)"; flow:established,from_client; content:"GET"; http_method; content:"/r50ngznpsr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rim.luv6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680858/; classtype:trojan-activity;sid:84543958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680857)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.google|3f|t=td18hkk4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pet.rqyp1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680857/; classtype:trojan-activity;sid:84543957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680856)"; flow:established,from_client; content:"GET"; http_method; content:"/8qqxto73yx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rim.luv6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680856/; classtype:trojan-activity;sid:84543956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680855)"; flow:established,from_client; content:"GET"; http_method; content:"/bqr.google|3f|t=ygbch49d"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ski.jsuv0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680855/; classtype:trojan-activity;sid:84543955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680854)"; flow:established,from_client; content:"GET"; http_method; content:"/5h38uyd88x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nest.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680854/; classtype:trojan-activity;sid:84543954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.251.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680853/; classtype:trojan-activity;sid:84543953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680852)"; flow:established,from_client; content:"GET"; http_method; content:"/fsi.google|3f|t=e61gh2n8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bed.sjyj1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680852/; classtype:trojan-activity;sid:84543952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680851)"; flow:established,from_client; content:"GET"; http_method; content:"/kp334x7w9a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nest.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680851/; classtype:trojan-activity;sid:84543951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680850)"; flow:established,from_client; content:"GET"; http_method; content:"/cyo0ui90m7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nest.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680850/; classtype:trojan-activity;sid:84543950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680849)"; flow:established,from_client; content:"GET"; http_method; content:"/qd4.check|3f|t=82am5b2t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cat.khoc9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680849/; classtype:trojan-activity;sid:84543949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.132.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680848/; classtype:trojan-activity;sid:84543948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.200.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680847/; classtype:trojan-activity;sid:84543947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.115.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680846/; classtype:trojan-activity;sid:84543946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680845)"; flow:established,from_client; content:"GET"; http_method; content:"/33i27dx9y7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"glow.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680845/; classtype:trojan-activity;sid:84543945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680844)"; flow:established,from_client; content:"GET"; http_method; content:"/7m04.google|3f|t=wyofqyid"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"851.93i197934.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680844/; classtype:trojan-activity;sid:84543944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.251.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680843/; classtype:trojan-activity;sid:84543943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680842)"; flow:established,from_client; content:"GET"; http_method; content:"/vb.check|3f|t=3vnexrk1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"06d1.93i197934.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680842/; classtype:trojan-activity;sid:84543942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680841)"; flow:established,from_client; content:"GET"; http_method; content:"/havn0lulkp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"glow.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680841/; classtype:trojan-activity;sid:84543941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.1.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680840/; classtype:trojan-activity;sid:84543940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.132.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680839/; classtype:trojan-activity;sid:84543939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.1.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680838/; classtype:trojan-activity;sid:84543938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.115.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680837/; classtype:trojan-activity;sid:84543937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680836)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=pztbnncw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"93055.93i197934.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680836/; classtype:trojan-activity;sid:84543936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680835)"; flow:established,from_client; content:"GET"; http_method; content:"/rr76wiisrv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pine.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680835/; classtype:trojan-activity;sid:84543935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.233.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680834/; classtype:trojan-activity;sid:84543934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680833)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.google|3f|t=6xwfk76o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"219.93i197934.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680833/; classtype:trojan-activity;sid:84543933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680832)"; flow:established,from_client; content:"GET"; http_method; content:"/9olnl8f0lf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pine.luv6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680832/; classtype:trojan-activity;sid:84543932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680831/; classtype:trojan-activity;sid:84543931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680830/; classtype:trojan-activity;sid:84543930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.141.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680829/; classtype:trojan-activity;sid:84543929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.251.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680828/; classtype:trojan-activity;sid:84543928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680827)"; flow:established,from_client; content:"GET"; http_method; content:"/uxe5upr4yd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dew.wib8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680827/; classtype:trojan-activity;sid:84543927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680826)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=r44g0pxf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6901420.49o103159.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680826/; classtype:trojan-activity;sid:84543926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680824)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=wbkjqg69"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"777012.49o103159.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680824/; classtype:trojan-activity;sid:84543924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680825)"; flow:established,from_client; content:"GET"; http_method; content:"/dzr9xwqy7f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sail.wib8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680825/; classtype:trojan-activity;sid:84543925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680823)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=t947chdr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"30951.49o103159.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680823/; classtype:trojan-activity;sid:84543923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680822)"; flow:established,from_client; content:"GET"; http_method; content:"/dosh0hkshk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sail.wib8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680822/; classtype:trojan-activity;sid:84543922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.234.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680821/; classtype:trojan-activity;sid:84543921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680820/; classtype:trojan-activity;sid:84543920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680819)"; flow:established,from_client; content:"GET"; http_method; content:"/88myeszldy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ray.wib8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680819/; classtype:trojan-activity;sid:84543919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680818)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=8zyh9i5t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8427.49o103159.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680818/; classtype:trojan-activity;sid:84543918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.87.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680817/; classtype:trojan-activity;sid:84543917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.234.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680816/; classtype:trojan-activity;sid:84543916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680815)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=eb3jl6ze"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"501.49o103159.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680815/; classtype:trojan-activity;sid:84543915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680814)"; flow:established,from_client; content:"GET"; http_method; content:"/i3vy450llu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ray.wib8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680814/; classtype:trojan-activity;sid:84543914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.255.45.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680813/; classtype:trojan-activity;sid:84543913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680812)"; flow:established,from_client; content:"GET"; http_method; content:"/6leqq6yhmw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ray.wib8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680812/; classtype:trojan-activity;sid:84543912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680811)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=kzwplrqv"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"581.31e854642.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680811/; classtype:trojan-activity;sid:84543911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680810)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680810/; classtype:trojan-activity;sid:84543910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680808)"; flow:established,from_client; content:"GET"; http_method; content:"/zmkel6lzd5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mint.wib8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680808/; classtype:trojan-activity;sid:84543908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.136.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680809/; classtype:trojan-activity;sid:84543909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680807)"; flow:established,from_client; content:"GET"; http_method; content:"/zm.check|3f|t=21exxh64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"07c9.31e854642.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680807/; classtype:trojan-activity;sid:84543907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.21.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680806/; classtype:trojan-activity;sid:84543906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.70.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680805/; classtype:trojan-activity;sid:84543905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.37.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680804/; classtype:trojan-activity;sid:84543904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.197.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680803/; classtype:trojan-activity;sid:84543903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680802)"; flow:established,from_client; content:"GET"; http_method; content:"/2e4l5eit"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8451203.31e854642.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680802/; classtype:trojan-activity;sid:84543902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.117.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680801/; classtype:trojan-activity;sid:84543901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680799)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=1oyu27k5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8451203.31e854642.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680799/; classtype:trojan-activity;sid:84543899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680800)"; flow:established,from_client; content:"GET"; http_method; content:"/fzcfuiteym.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mint.wib8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680800/; classtype:trojan-activity;sid:84543900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.0.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680798/; classtype:trojan-activity;sid:84543898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680796)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=x99hzmnf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"706391.31e854642.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680796/; classtype:trojan-activity;sid:84543896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680797)"; flow:established,from_client; content:"GET"; http_method; content:"/lgm0dppkz7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mint.wib8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680797/; classtype:trojan-activity;sid:84543897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.160.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680795/; classtype:trojan-activity;sid:84543895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.94.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680794/; classtype:trojan-activity;sid:84543894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680792)"; flow:established,from_client; content:"GET"; http_method; content:"/0w4n.google|3f|t=kt7kclyy"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41002.31e854642.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680792/; classtype:trojan-activity;sid:84543892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680793)"; flow:established,from_client; content:"GET"; http_method; content:"/ixujq5ygcq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"plum.wib8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680793/; classtype:trojan-activity;sid:84543893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.160.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680791/; classtype:trojan-activity;sid:84543891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.117.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680790/; classtype:trojan-activity;sid:84543890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680789/; classtype:trojan-activity;sid:84543889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680788/; classtype:trojan-activity;sid:84543888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.8.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680787/; classtype:trojan-activity;sid:84543887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680786)"; flow:established,from_client; content:"GET"; http_method; content:"/mwuf6lavhj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"plum.wib8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680786/; classtype:trojan-activity;sid:84543886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680785)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=edtcuj5s"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3135.31e854642.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680785/; classtype:trojan-activity;sid:84543885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.0.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680784/; classtype:trojan-activity;sid:84543884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.247.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680783/; classtype:trojan-activity;sid:84543883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680782)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.google|3f|t=yt06dzkb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"925.31e854642.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680782/; classtype:trojan-activity;sid:84543882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680781)"; flow:established,from_client; content:"GET"; http_method; content:"/1rtd9nmy3s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"plum.wib8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680781/; classtype:trojan-activity;sid:84543881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.154.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680780/; classtype:trojan-activity;sid:84543880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.163.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680779/; classtype:trojan-activity;sid:84543879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.240.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680778/; classtype:trojan-activity;sid:84543878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.8.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680777/; classtype:trojan-activity;sid:84543877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680776)"; flow:established,from_client; content:"GET"; http_method; content:"/pq14.google|3f|t=tihks1ze"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"72563.37i658094.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680776/; classtype:trojan-activity;sid:84543876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.194.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680775/; classtype:trojan-activity;sid:84543875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.217.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680774/; classtype:trojan-activity;sid:84543874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.70.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680773/; classtype:trojan-activity;sid:84543873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680772)"; flow:established,from_client; content:"GET"; http_method; content:"/oz108x5l2g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fox.wib8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680772/; classtype:trojan-activity;sid:84543872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680771)"; flow:established,from_client; content:"GET"; http_method; content:"/3r.check|3f|t=s3ya3ohg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"080.37i658094.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680771/; classtype:trojan-activity;sid:84543871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680770/; classtype:trojan-activity;sid:84543870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680769/; classtype:trojan-activity;sid:84543869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.125.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680768/; classtype:trojan-activity;sid:84543868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.194.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680767/; classtype:trojan-activity;sid:84543867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.163.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680766/; classtype:trojan-activity;sid:84543866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.2.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680765/; classtype:trojan-activity;sid:84543865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680764)"; flow:established,from_client; content:"GET"; http_method; content:"/5uxk543h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4920.37i658094.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680764/; classtype:trojan-activity;sid:84543864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.78.87.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680763/; classtype:trojan-activity;sid:84543863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.72.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680762/; classtype:trojan-activity;sid:84543862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680761)"; flow:established,from_client; content:"GET"; http_method; content:"/it9dyfn8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"333.37i658094.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680761/; classtype:trojan-activity;sid:84543861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.204.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680760/; classtype:trojan-activity;sid:84543860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.67.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680759/; classtype:trojan-activity;sid:84543859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680745)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680745/; classtype:trojan-activity;sid:84543845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680746)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotlist.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680746/; classtype:trojan-activity;sid:84543846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680747)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680747/; classtype:trojan-activity;sid:84543847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680748)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680748/; classtype:trojan-activity;sid:84543848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680749)"; flow:established,from_client; content:"GET"; http_method; content:"/dickhead.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680749/; classtype:trojan-activity;sid:84543849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680750)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680750/; classtype:trojan-activity;sid:84543850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680751)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotsex.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680751/; classtype:trojan-activity;sid:84543851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680752)"; flow:established,from_client; content:"GET"; http_method; content:"/dicks.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680752/; classtype:trojan-activity;sid:84543852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680753)"; flow:established,from_client; content:"GET"; http_method; content:"/allah.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680753/; classtype:trojan-activity;sid:84543853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680754)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680754/; classtype:trojan-activity;sid:84543854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680755)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680755/; classtype:trojan-activity;sid:84543855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680756)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680756/; classtype:trojan-activity;sid:84543856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680757)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.i486"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680757/; classtype:trojan-activity;sid:84543857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680758)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680758/; classtype:trojan-activity;sid:84543858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680740)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypots.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680740/; classtype:trojan-activity;sid:84543840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680741)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680741/; classtype:trojan-activity;sid:84543841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680742)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680742/; classtype:trojan-activity;sid:84543842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680743)"; flow:established,from_client; content:"GET"; http_method; content:"/dicks.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680743/; classtype:trojan-activity;sid:84543843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680744)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680744/; classtype:trojan-activity;sid:84543844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680737)"; flow:established,from_client; content:"GET"; http_method; content:"/rat.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680737/; classtype:trojan-activity;sid:84543837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680738)"; flow:established,from_client; content:"GET"; http_method; content:"/dicks.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680738/; classtype:trojan-activity;sid:84543838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680739)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680739/; classtype:trojan-activity;sid:84543839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680736)"; flow:established,from_client; content:"GET"; http_method; content:"/honeyball.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680736/; classtype:trojan-activity;sid:84543836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680733)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680733/; classtype:trojan-activity;sid:84543833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680734)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.arm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680734/; classtype:trojan-activity;sid:84543834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680735/; classtype:trojan-activity;sid:84543835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680727)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.arm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680727/; classtype:trojan-activity;sid:84543827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680728)"; flow:established,from_client; content:"GET"; http_method; content:"/dickhead.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680728/; classtype:trojan-activity;sid:84543828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680729)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680729/; classtype:trojan-activity;sid:84543829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680730)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680730/; classtype:trojan-activity;sid:84543830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680731)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680731/; classtype:trojan-activity;sid:84543831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680732)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680732/; classtype:trojan-activity;sid:84543832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680721)"; flow:established,from_client; content:"GET"; http_method; content:"/laced.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680721/; classtype:trojan-activity;sid:84543821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680722)"; flow:established,from_client; content:"GET"; http_method; content:"/a%c4%9fa%c3%a7.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680722/; classtype:trojan-activity;sid:84543822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680723)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680723/; classtype:trojan-activity;sid:84543823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680724)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680724/; classtype:trojan-activity;sid:84543824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680725)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680725/; classtype:trojan-activity;sid:84543825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680726)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680726/; classtype:trojan-activity;sid:84543826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680719)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.arm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680719/; classtype:trojan-activity;sid:84543819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680720)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.arm"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680720/; classtype:trojan-activity;sid:84543820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680718)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680718/; classtype:trojan-activity;sid:84543818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680711)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680711/; classtype:trojan-activity;sid:84543811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680712)"; flow:established,from_client; content:"GET"; http_method; content:"/rat.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680712/; classtype:trojan-activity;sid:84543812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680713)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680713/; classtype:trojan-activity;sid:84543813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680714)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac2.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680714/; classtype:trojan-activity;sid:84543814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680715)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680715/; classtype:trojan-activity;sid:84543815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680716)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680716/; classtype:trojan-activity;sid:84543816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680717)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680717/; classtype:trojan-activity;sid:84543817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680707)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.m68k"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680707/; classtype:trojan-activity;sid:84543807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680708)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680708/; classtype:trojan-activity;sid:84543808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680709)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypots.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680709/; classtype:trojan-activity;sid:84543809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680710)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680710/; classtype:trojan-activity;sid:84543810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680706)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680706/; classtype:trojan-activity;sid:84543806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680701)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680701/; classtype:trojan-activity;sid:84543801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680702)"; flow:established,from_client; content:"GET"; http_method; content:"/ttnet.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680702/; classtype:trojan-activity;sid:84543802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680703)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680703/; classtype:trojan-activity;sid:84543803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680704)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680704/; classtype:trojan-activity;sid:84543804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680705)"; flow:established,from_client; content:"GET"; http_method; content:"/honeyball.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680705/; classtype:trojan-activity;sid:84543805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680697)"; flow:established,from_client; content:"GET"; http_method; content:"/honeyball.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680697/; classtype:trojan-activity;sid:84543797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680698)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680698/; classtype:trojan-activity;sid:84543798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680699)"; flow:established,from_client; content:"GET"; http_method; content:"/rat.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680699/; classtype:trojan-activity;sid:84543799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680700)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.x86_64"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680700/; classtype:trojan-activity;sid:84543800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680695)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.x86"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680695/; classtype:trojan-activity;sid:84543795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680696)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680696/; classtype:trojan-activity;sid:84543796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680693)"; flow:established,from_client; content:"GET"; http_method; content:"/ttnet.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680693/; classtype:trojan-activity;sid:84543793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680694)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680694/; classtype:trojan-activity;sid:84543794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680691)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotsex.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680691/; classtype:trojan-activity;sid:84543791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680692)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680692/; classtype:trojan-activity;sid:84543792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680690)"; flow:established,from_client; content:"GET"; http_method; content:"/allah.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680690/; classtype:trojan-activity;sid:84543790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680687)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680687/; classtype:trojan-activity;sid:84543787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680688)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680688/; classtype:trojan-activity;sid:84543788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680689)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680689/; classtype:trojan-activity;sid:84543789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680680)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680680/; classtype:trojan-activity;sid:84543780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680681)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680681/; classtype:trojan-activity;sid:84543781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680682/; classtype:trojan-activity;sid:84543782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680683)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypots.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680683/; classtype:trojan-activity;sid:84543783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680684)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680684/; classtype:trojan-activity;sid:84543784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680685)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680685/; classtype:trojan-activity;sid:84543785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680686)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680686/; classtype:trojan-activity;sid:84543786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680677)"; flow:established,from_client; content:"GET"; http_method; content:"/dickhead.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680677/; classtype:trojan-activity;sid:84543777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680678)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680678/; classtype:trojan-activity;sid:84543778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680679)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680679/; classtype:trojan-activity;sid:84543779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680672)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680672/; classtype:trojan-activity;sid:84543772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680673)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680673/; classtype:trojan-activity;sid:84543773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680674)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680674/; classtype:trojan-activity;sid:84543774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680675)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680675/; classtype:trojan-activity;sid:84543775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680676)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.arm7"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680676/; classtype:trojan-activity;sid:84543776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680669)"; flow:established,from_client; content:"GET"; http_method; content:"/rat.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680669/; classtype:trojan-activity;sid:84543769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680670)"; flow:established,from_client; content:"GET"; http_method; content:"/honeyball.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680670/; classtype:trojan-activity;sid:84543770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680671)"; flow:established,from_client; content:"GET"; http_method; content:"/rat.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680671/; classtype:trojan-activity;sid:84543771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680667)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680667/; classtype:trojan-activity;sid:84543767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680668)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680668/; classtype:trojan-activity;sid:84543768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680666)"; flow:established,from_client; content:"GET"; http_method; content:"/allah.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680666/; classtype:trojan-activity;sid:84543766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680664)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680664/; classtype:trojan-activity;sid:84543764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680665)"; flow:established,from_client; content:"GET"; http_method; content:"/honeyball.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680665/; classtype:trojan-activity;sid:84543765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680659)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680659/; classtype:trojan-activity;sid:84543759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680660)"; flow:established,from_client; content:"GET"; http_method; content:"/dickhead.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680660/; classtype:trojan-activity;sid:84543760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680661)"; flow:established,from_client; content:"GET"; http_method; content:"/dicks.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680661/; classtype:trojan-activity;sid:84543761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680662)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotlist.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680662/; classtype:trojan-activity;sid:84543762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680663)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680663/; classtype:trojan-activity;sid:84543763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680657)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680657/; classtype:trojan-activity;sid:84543757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680658)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680658/; classtype:trojan-activity;sid:84543758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680649)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.arm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680649/; classtype:trojan-activity;sid:84543749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680650)"; flow:established,from_client; content:"GET"; http_method; content:"/a%c4%9fa%c3%a7.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680650/; classtype:trojan-activity;sid:84543750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680651)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.mpsl"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680651/; classtype:trojan-activity;sid:84543751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680652)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac2.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680652/; classtype:trojan-activity;sid:84543752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680653)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680653/; classtype:trojan-activity;sid:84543753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680654)"; flow:established,from_client; content:"GET"; http_method; content:"/dickhead.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680654/; classtype:trojan-activity;sid:84543754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680655)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotsex.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680655/; classtype:trojan-activity;sid:84543755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680656)"; flow:established,from_client; content:"GET"; http_method; content:"/laced.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680656/; classtype:trojan-activity;sid:84543756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680644)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680644/; classtype:trojan-activity;sid:84543744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680645)"; flow:established,from_client; content:"GET"; http_method; content:"/laced.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680645/; classtype:trojan-activity;sid:84543745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680646)"; flow:established,from_client; content:"GET"; http_method; content:"/rat.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680646/; classtype:trojan-activity;sid:84543746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680647)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.arm7"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680647/; classtype:trojan-activity;sid:84543747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680648)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680648/; classtype:trojan-activity;sid:84543748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680639)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotsex.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680639/; classtype:trojan-activity;sid:84543739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680640)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680640/; classtype:trojan-activity;sid:84543740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680641)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.spc"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680641/; classtype:trojan-activity;sid:84543741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680642/; classtype:trojan-activity;sid:84543742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680643)"; flow:established,from_client; content:"GET"; http_method; content:"/a%c4%9fa%c3%a7.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680643/; classtype:trojan-activity;sid:84543743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680637)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.arm5"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680637/; classtype:trojan-activity;sid:84543737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680638)"; flow:established,from_client; content:"GET"; http_method; content:"/ttnet.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680638/; classtype:trojan-activity;sid:84543738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680634)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680634/; classtype:trojan-activity;sid:84543734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680635)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680635/; classtype:trojan-activity;sid:84543735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680636)"; flow:established,from_client; content:"GET"; http_method; content:"/w2.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680636/; classtype:trojan-activity;sid:84543736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680629)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680629/; classtype:trojan-activity;sid:84543729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680630)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680630/; classtype:trojan-activity;sid:84543730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680631)"; flow:established,from_client; content:"GET"; http_method; content:"/ttnet.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680631/; classtype:trojan-activity;sid:84543731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680632)"; flow:established,from_client; content:"GET"; http_method; content:"/laced.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680632/; classtype:trojan-activity;sid:84543732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680633)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680633/; classtype:trojan-activity;sid:84543733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680627)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680627/; classtype:trojan-activity;sid:84543727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680628)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680628/; classtype:trojan-activity;sid:84543728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680624)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680624/; classtype:trojan-activity;sid:84543724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680625)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680625/; classtype:trojan-activity;sid:84543725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680626)"; flow:established,from_client; content:"GET"; http_method; content:"/hik.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680626/; classtype:trojan-activity;sid:84543726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680621)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680621/; classtype:trojan-activity;sid:84543721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680622)"; flow:established,from_client; content:"GET"; http_method; content:"/a%c4%9fa%c3%a7.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680622/; classtype:trojan-activity;sid:84543722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680623)"; flow:established,from_client; content:"GET"; http_method; content:"/ttnet.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680623/; classtype:trojan-activity;sid:84543723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680619)"; flow:established,from_client; content:"GET"; http_method; content:"/allah.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680619/; classtype:trojan-activity;sid:84543719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680620)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680620/; classtype:trojan-activity;sid:84543720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680618)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680618/; classtype:trojan-activity;sid:84543718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680616)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.i686"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680616/; classtype:trojan-activity;sid:84543716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680617)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypots.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680617/; classtype:trojan-activity;sid:84543717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680615)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotsex.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680615/; classtype:trojan-activity;sid:84543715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680613)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.mips"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680613/; classtype:trojan-activity;sid:84543713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680614)"; flow:established,from_client; content:"GET"; http_method; content:"/a%c4%9fa%c3%a7.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680614/; classtype:trojan-activity;sid:84543714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680599)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680599/; classtype:trojan-activity;sid:84543699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680600)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680600/; classtype:trojan-activity;sid:84543700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680601)"; flow:established,from_client; content:"GET"; http_method; content:"/dickhead.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680601/; classtype:trojan-activity;sid:84543701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680602)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680602/; classtype:trojan-activity;sid:84543702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680603)"; flow:established,from_client; content:"GET"; http_method; content:"/dickhead.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680603/; classtype:trojan-activity;sid:84543703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680604)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac2.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680604/; classtype:trojan-activity;sid:84543704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680605)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680605/; classtype:trojan-activity;sid:84543705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680606)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac2.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680606/; classtype:trojan-activity;sid:84543706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680607)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.x86"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680607/; classtype:trojan-activity;sid:84543707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680608)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.ppc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680608/; classtype:trojan-activity;sid:84543708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680609)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.mips"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680609/; classtype:trojan-activity;sid:84543709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680610)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680610/; classtype:trojan-activity;sid:84543710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680611)"; flow:established,from_client; content:"GET"; http_method; content:"/a%c4%9fa%c3%a7.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680611/; classtype:trojan-activity;sid:84543711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680612)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.i486"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680612/; classtype:trojan-activity;sid:84543712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680590)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680590/; classtype:trojan-activity;sid:84543690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680591)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680591/; classtype:trojan-activity;sid:84543691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680592)"; flow:established,from_client; content:"GET"; http_method; content:"/dickhead.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680592/; classtype:trojan-activity;sid:84543692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680593)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680593/; classtype:trojan-activity;sid:84543693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680594)"; flow:established,from_client; content:"GET"; http_method; content:"/dicks.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680594/; classtype:trojan-activity;sid:84543694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680595)"; flow:established,from_client; content:"GET"; http_method; content:"/rat.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680595/; classtype:trojan-activity;sid:84543695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680596)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotlist.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680596/; classtype:trojan-activity;sid:84543696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680597)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680597/; classtype:trojan-activity;sid:84543697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680598)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680598/; classtype:trojan-activity;sid:84543698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680587)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680587/; classtype:trojan-activity;sid:84543687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680588)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680588/; classtype:trojan-activity;sid:84543688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680589)"; flow:established,from_client; content:"GET"; http_method; content:"/a%c4%9fa%c3%a7.arm"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680589/; classtype:trojan-activity;sid:84543689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680583)"; flow:established,from_client; content:"GET"; http_method; content:"/a%c4%9fa%c3%a7.spc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680583/; classtype:trojan-activity;sid:84543683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680584)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680584/; classtype:trojan-activity;sid:84543684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680585)"; flow:established,from_client; content:"GET"; http_method; content:"/honeyball.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680585/; classtype:trojan-activity;sid:84543685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680586)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.x86_64"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680586/; classtype:trojan-activity;sid:84543686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680582)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.ppc"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680582/; classtype:trojan-activity;sid:84543682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680581)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac2.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680581/; classtype:trojan-activity;sid:84543681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680577)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.arm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680577/; classtype:trojan-activity;sid:84543677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680578)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotlist.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680578/; classtype:trojan-activity;sid:84543678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680579)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680579/; classtype:trojan-activity;sid:84543679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680580)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.arm5"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680580/; classtype:trojan-activity;sid:84543680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680574)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680574/; classtype:trojan-activity;sid:84543674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680575)"; flow:established,from_client; content:"GET"; http_method; content:"/ttnet.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680575/; classtype:trojan-activity;sid:84543675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680576)"; flow:established,from_client; content:"GET"; http_method; content:"/giga.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680576/; classtype:trojan-activity;sid:84543676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680572)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypots.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680572/; classtype:trojan-activity;sid:84543672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680573/; classtype:trojan-activity;sid:84543673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680571)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680571/; classtype:trojan-activity;sid:84543671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680565)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680565/; classtype:trojan-activity;sid:84543665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680566)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680566/; classtype:trojan-activity;sid:84543666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680567)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680567/; classtype:trojan-activity;sid:84543667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680568)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680568/; classtype:trojan-activity;sid:84543668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680569)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680569/; classtype:trojan-activity;sid:84543669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680570)"; flow:established,from_client; content:"GET"; http_method; content:"/dickhead.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680570/; classtype:trojan-activity;sid:84543670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680544/; classtype:trojan-activity;sid:84543644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680545)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac2.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680545/; classtype:trojan-activity;sid:84543645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680546)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.arm6"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680546/; classtype:trojan-activity;sid:84543646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680547)"; flow:established,from_client; content:"GET"; http_method; content:"/rat.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680547/; classtype:trojan-activity;sid:84543647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680548)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680548/; classtype:trojan-activity;sid:84543648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680549)"; flow:established,from_client; content:"GET"; http_method; content:"/dickhead.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680549/; classtype:trojan-activity;sid:84543649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680550)"; flow:established,from_client; content:"GET"; http_method; content:"/honeyball.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680550/; classtype:trojan-activity;sid:84543650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680551)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680551/; classtype:trojan-activity;sid:84543651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680552)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotsex.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680552/; classtype:trojan-activity;sid:84543652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680553)"; flow:established,from_client; content:"GET"; http_method; content:"/honeyball.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680553/; classtype:trojan-activity;sid:84543653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680554)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680554/; classtype:trojan-activity;sid:84543654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680555)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680555/; classtype:trojan-activity;sid:84543655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680556)"; flow:established,from_client; content:"GET"; http_method; content:"/laced.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680556/; classtype:trojan-activity;sid:84543656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680557)"; flow:established,from_client; content:"GET"; http_method; content:"/honeyball.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680557/; classtype:trojan-activity;sid:84543657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680558)"; flow:established,from_client; content:"GET"; http_method; content:"/rat.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680558/; classtype:trojan-activity;sid:84543658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680559)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680559/; classtype:trojan-activity;sid:84543659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680560)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680560/; classtype:trojan-activity;sid:84543660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680561)"; flow:established,from_client; content:"GET"; http_method; content:"/dicks.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680561/; classtype:trojan-activity;sid:84543661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680562)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac2.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680562/; classtype:trojan-activity;sid:84543662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680563)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680563/; classtype:trojan-activity;sid:84543663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680564)"; flow:established,from_client; content:"GET"; http_method; content:"/allah.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680564/; classtype:trojan-activity;sid:84543664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680541)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac2.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680541/; classtype:trojan-activity;sid:84543641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680542)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680542/; classtype:trojan-activity;sid:84543642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680543)"; flow:established,from_client; content:"GET"; http_method; content:"/dicks.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680543/; classtype:trojan-activity;sid:84543643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680540)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotsex.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680540/; classtype:trojan-activity;sid:84543640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680538)"; flow:established,from_client; content:"GET"; http_method; content:"/hikvision.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680538/; classtype:trojan-activity;sid:84543638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680539)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680539/; classtype:trojan-activity;sid:84543639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680537)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680537/; classtype:trojan-activity;sid:84543637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680536)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotlist.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680536/; classtype:trojan-activity;sid:84543636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680532)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotsex.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680532/; classtype:trojan-activity;sid:84543632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680533)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypots.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680533/; classtype:trojan-activity;sid:84543633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680534)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680534/; classtype:trojan-activity;sid:84543634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680535)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680535/; classtype:trojan-activity;sid:84543635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680529)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680529/; classtype:trojan-activity;sid:84543629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680530)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680530/; classtype:trojan-activity;sid:84543630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680531)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680531/; classtype:trojan-activity;sid:84543631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680528)"; flow:established,from_client; content:"GET"; http_method; content:"/cache"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680528/; classtype:trojan-activity;sid:84543628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680527)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.mpsl"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680527/; classtype:trojan-activity;sid:84543627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680523)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680523/; classtype:trojan-activity;sid:84543623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680524)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680524/; classtype:trojan-activity;sid:84543624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680525)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac2.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680525/; classtype:trojan-activity;sid:84543625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680526)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.i686"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680526/; classtype:trojan-activity;sid:84543626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680498)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680498/; classtype:trojan-activity;sid:84543598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680499)"; flow:established,from_client; content:"GET"; http_method; content:"/honeyball.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680499/; classtype:trojan-activity;sid:84543599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680500)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680500/; classtype:trojan-activity;sid:84543600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680501)"; flow:established,from_client; content:"GET"; http_method; content:"/allah.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680501/; classtype:trojan-activity;sid:84543601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680502)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680502/; classtype:trojan-activity;sid:84543602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680503)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680503/; classtype:trojan-activity;sid:84543603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680504)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotlist.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680504/; classtype:trojan-activity;sid:84543604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680505)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680505/; classtype:trojan-activity;sid:84543605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680506)"; flow:established,from_client; content:"GET"; http_method; content:"/ttnet.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680506/; classtype:trojan-activity;sid:84543606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680507)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680507/; classtype:trojan-activity;sid:84543607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680508)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680508/; classtype:trojan-activity;sid:84543608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680509)"; flow:established,from_client; content:"GET"; http_method; content:"/rat.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680509/; classtype:trojan-activity;sid:84543609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680510)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680510/; classtype:trojan-activity;sid:84543610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680511)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680511/; classtype:trojan-activity;sid:84543611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680512)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680512/; classtype:trojan-activity;sid:84543612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680513)"; flow:established,from_client; content:"GET"; http_method; content:"/laced.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680513/; classtype:trojan-activity;sid:84543613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680514)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypots.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680514/; classtype:trojan-activity;sid:84543614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680515)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680515/; classtype:trojan-activity;sid:84543615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680516)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680516/; classtype:trojan-activity;sid:84543616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680517)"; flow:established,from_client; content:"GET"; http_method; content:"/ttnet.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680517/; classtype:trojan-activity;sid:84543617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680518)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680518/; classtype:trojan-activity;sid:84543618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680519)"; flow:established,from_client; content:"GET"; http_method; content:"/dicks.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680519/; classtype:trojan-activity;sid:84543619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680520)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotlist.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680520/; classtype:trojan-activity;sid:84543620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680521)"; flow:established,from_client; content:"GET"; http_method; content:"/wget2.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680521/; classtype:trojan-activity;sid:84543621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680522)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680522/; classtype:trojan-activity;sid:84543622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680495)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680495/; classtype:trojan-activity;sid:84543595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680496)"; flow:established,from_client; content:"GET"; http_method; content:"/allah.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680496/; classtype:trojan-activity;sid:84543596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680497)"; flow:established,from_client; content:"GET"; http_method; content:"/ttnet.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680497/; classtype:trojan-activity;sid:84543597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680493)"; flow:established,from_client; content:"GET"; http_method; content:"/laced.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680493/; classtype:trojan-activity;sid:84543593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680494)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680494/; classtype:trojan-activity;sid:84543594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680492)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680492/; classtype:trojan-activity;sid:84543592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680486)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680486/; classtype:trojan-activity;sid:84543586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680487)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680487/; classtype:trojan-activity;sid:84543587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680488)"; flow:established,from_client; content:"GET"; http_method; content:"/laced.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680488/; classtype:trojan-activity;sid:84543588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680489)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680489/; classtype:trojan-activity;sid:84543589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680490)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680490/; classtype:trojan-activity;sid:84543590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680491)"; flow:established,from_client; content:"GET"; http_method; content:"/cometome"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680491/; classtype:trojan-activity;sid:84543591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680485)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680485/; classtype:trojan-activity;sid:84543585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680480)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680480/; classtype:trojan-activity;sid:84543580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680481)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1069059.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680481/; classtype:trojan-activity;sid:84543581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680482)"; flow:established,from_client; content:"GET"; http_method; content:"/toto.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680482/; classtype:trojan-activity;sid:84543582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680483)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.spc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680483/; classtype:trojan-activity;sid:84543583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680484)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.arm6"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680484/; classtype:trojan-activity;sid:84543584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680451)"; flow:established,from_client; content:"GET"; http_method; content:"/laced.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680451/; classtype:trojan-activity;sid:84543551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680452)"; flow:established,from_client; content:"GET"; http_method; content:"/allah.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680452/; classtype:trojan-activity;sid:84543552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680453)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680453/; classtype:trojan-activity;sid:84543553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680454)"; flow:established,from_client; content:"GET"; http_method; content:"/a%c4%9fa%c3%a7.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680454/; classtype:trojan-activity;sid:84543554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680455)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotsex.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680455/; classtype:trojan-activity;sid:84543555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680456/; classtype:trojan-activity;sid:84543556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680457)"; flow:established,from_client; content:"GET"; http_method; content:"/dicks.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680457/; classtype:trojan-activity;sid:84543557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680458)"; flow:established,from_client; content:"GET"; http_method; content:"/rebith.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680458/; classtype:trojan-activity;sid:84543558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680459/; classtype:trojan-activity;sid:84543559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680460)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotlist.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680460/; classtype:trojan-activity;sid:84543560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680461)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotlist.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680461/; classtype:trojan-activity;sid:84543561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680462)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbatur.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680462/; classtype:trojan-activity;sid:84543562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680463)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680463/; classtype:trojan-activity;sid:84543563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680464)"; flow:established,from_client; content:"GET"; http_method; content:"/sigma.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680464/; classtype:trojan-activity;sid:84543564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680465)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac2.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680465/; classtype:trojan-activity;sid:84543565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680466)"; flow:established,from_client; content:"GET"; http_method; content:"/pro.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680466/; classtype:trojan-activity;sid:84543566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680467)"; flow:established,from_client; content:"GET"; http_method; content:"/allah.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680467/; classtype:trojan-activity;sid:84543567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680468)"; flow:established,from_client; content:"GET"; http_method; content:"/dicks.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680468/; classtype:trojan-activity;sid:84543568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680469)"; flow:established,from_client; content:"GET"; http_method; content:"/allah.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680469/; classtype:trojan-activity;sid:84543569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680470)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680470/; classtype:trojan-activity;sid:84543570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680471)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680471/; classtype:trojan-activity;sid:84543571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680472)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypots.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680472/; classtype:trojan-activity;sid:84543572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680473)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypots.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680473/; classtype:trojan-activity;sid:84543573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680474)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotlist.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680474/; classtype:trojan-activity;sid:84543574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680475)"; flow:established,from_client; content:"GET"; http_method; content:"/enesbaturvsagac.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680475/; classtype:trojan-activity;sid:84543575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680476)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypotsex.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680476/; classtype:trojan-activity;sid:84543576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680477)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.60.218.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680477/; classtype:trojan-activity;sid:84543577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680478)"; flow:established,from_client; content:"GET"; http_method; content:"/a%c4%9fa%c3%a7.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680478/; classtype:trojan-activity;sid:84543578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680479)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.m68k"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680479/; classtype:trojan-activity;sid:84543579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680448)"; flow:established,from_client; content:"GET"; http_method; content:"/honeypots.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680448/; classtype:trojan-activity;sid:84543548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680449)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680449/; classtype:trojan-activity;sid:84543549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680450)"; flow:established,from_client; content:"GET"; http_method; content:"/joker.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680450/; classtype:trojan-activity;sid:84543550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680447)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680447/; classtype:trojan-activity;sid:84543547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680446)"; flow:established,from_client; content:"GET"; http_method; content:"/ttnet.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680446/; classtype:trojan-activity;sid:84543546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680445)"; flow:established,from_client; content:"GET"; http_method; content:"/ohsitsvegawellrip.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"64.225.49.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680445/; classtype:trojan-activity;sid:84543545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680444)"; flow:established,from_client; content:"GET"; http_method; content:"/0f0mqels"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"964.30u241207.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680444/; classtype:trojan-activity;sid:84543544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.25.50.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680443/; classtype:trojan-activity;sid:84543543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680442)"; flow:established,from_client; content:"GET"; http_method; content:"/eg7gpv3pdkvcrdmkrs3nwtsoc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"wgd.slideshowimprison.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680442/; classtype:trojan-activity;sid:84543542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680441)"; flow:established,from_client; content:"GET"; http_method; content:"/bupkz2rnqywria5yzbtsiqcl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wgd.slideshowimprison.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680441/; classtype:trojan-activity;sid:84543541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680440)"; flow:established,from_client; content:"GET"; http_method; content:"/application/setup.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"app.surrogatesolutions.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680440/; classtype:trojan-activity;sid:84543540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680439)"; flow:established,from_client; content:"GET"; http_method; content:"/41mo51o4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k4nz.vbep-3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680439/; classtype:trojan-activity;sid:84543539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.241.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680438/; classtype:trojan-activity;sid:84543538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680436)"; flow:established,from_client; content:"GET"; http_method; content:"/3gjb6d45"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k4nz.vbep-3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680436/; classtype:trojan-activity;sid:84543536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680437)"; flow:established,from_client; content:"GET"; http_method; content:"/16cwqh1f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k4nz.vbep-3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680437/; classtype:trojan-activity;sid:84543537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680435)"; flow:established,from_client; content:"GET"; http_method; content:"/9d8i9c6n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k4nz.vbep-3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680435/; classtype:trojan-activity;sid:84543535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680433)"; flow:established,from_client; content:"GET"; http_method; content:"/4nq8mfdw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k4nz.vbep-3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680433/; classtype:trojan-activity;sid:84543533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680434)"; flow:established,from_client; content:"GET"; http_method; content:"/strinova.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.43.143.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680434/; classtype:trojan-activity;sid:84543534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680432)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn/stremio5.1_installer.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"s0fthub.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680432/; classtype:trojan-activity;sid:84543532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680431)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost46quasarlightbuz/y8wmk/releases/download/dowz/cryptoalpha.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680431/; classtype:trojan-activity;sid:84543531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680430)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7105629793/qh7eymv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680430/; classtype:trojan-activity;sid:84543530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680429)"; flow:established,from_client; content:"GET"; http_method; content:"/checker/1.pdb"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lh24h7tp-5500.euw.devtunnels.ms"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680429/; classtype:trojan-activity;sid:84543529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680421)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/policy.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680421/; classtype:trojan-activity;sid:84543521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680422)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/terms-of-use.js"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680422/; classtype:trojan-activity;sid:84543522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680423)"; flow:established,from_client; content:"GET"; http_method; content:"/j5s1uy.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680423/; classtype:trojan-activity;sid:84543523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680424)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/minere.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680424/; classtype:trojan-activity;sid:84543524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680425)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6260444824/mexgxyb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680425/; classtype:trojan-activity;sid:84543525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680426)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/rules.js"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680426/; classtype:trojan-activity;sid:84543526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680427)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/license.js"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680427/; classtype:trojan-activity;sid:84543527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680428)"; flow:established,from_client; content:"GET"; http_method; content:"/archer.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.43.143.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680428/; classtype:trojan-activity;sid:84543528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680419)"; flow:established,from_client; content:"GET"; http_method; content:"/x.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"workaem.eth.limo"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680419/; classtype:trojan-activity;sid:84543519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680420)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"cloudflare.passthrough.cloud"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680420/; classtype:trojan-activity;sid:84543520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680417)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarcxnxn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680417/; classtype:trojan-activity;sid:84543517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680418/; classtype:trojan-activity;sid:84543518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680414)"; flow:established,from_client; content:"GET"; http_method; content:"/l/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680414/; classtype:trojan-activity;sid:84543514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680415)"; flow:established,from_client; content:"GET"; http_method; content:"/l/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680415/; classtype:trojan-activity;sid:84543515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.226.226.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680416/; classtype:trojan-activity;sid:84543516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680408)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkmips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680408/; classtype:trojan-activity;sid:84543508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680409)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680409/; classtype:trojan-activity;sid:84543509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680410)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680410/; classtype:trojan-activity;sid:84543510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680411)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680411/; classtype:trojan-activity;sid:84543511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680412)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkmpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680412/; classtype:trojan-activity;sid:84543512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680413)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680413/; classtype:trojan-activity;sid:84543513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680406)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxni486xnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680406/; classtype:trojan-activity;sid:84543506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680407)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnsparcxnxn"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680407/; classtype:trojan-activity;sid:84543507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.136.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680405/; classtype:trojan-activity;sid:84543505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.54.20.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680404/; classtype:trojan-activity;sid:84543504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.248.83.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680402/; classtype:trojan-activity;sid:84543502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.42.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680403/; classtype:trojan-activity;sid:84543503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.241.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680401/; classtype:trojan-activity;sid:84543501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.226.226.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680400/; classtype:trojan-activity;sid:84543500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.166.44.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680399/; classtype:trojan-activity;sid:84543499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.27.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680398/; classtype:trojan-activity;sid:84543498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.65.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680397/; classtype:trojan-activity;sid:84543497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.12.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680396/; classtype:trojan-activity;sid:84543496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680395)"; flow:established,from_client; content:"GET"; http_method; content:"/qnu0fclo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0482.54o477354.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680395/; classtype:trojan-activity;sid:84543495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.121.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680394/; classtype:trojan-activity;sid:84543494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.164.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680393/; classtype:trojan-activity;sid:84543493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.27.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680392/; classtype:trojan-activity;sid:84543492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.2.60"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680391/; classtype:trojan-activity;sid:84543491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.65.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680390/; classtype:trojan-activity;sid:84543490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.45.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680389/; classtype:trojan-activity;sid:84543489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680388)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7726345600/z5n3l4h.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680388/; classtype:trojan-activity;sid:84543488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680386)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5851730241/kxj5qkd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680386/; classtype:trojan-activity;sid:84543486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.219.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680387/; classtype:trojan-activity;sid:84543487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680385)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8142960651/bsmqvnr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680385/; classtype:trojan-activity;sid:84543485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680384)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1780425535/q1mgc9k.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680384/; classtype:trojan-activity;sid:84543484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680383)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1242384682/f6rvhvo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680383/; classtype:trojan-activity;sid:84543483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680382)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6910514733/bgsbpaw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680382/; classtype:trojan-activity;sid:84543482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680381)"; flow:established,from_client; content:"GET"; http_method; content:"/files/952810202/jdxf44p.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680381/; classtype:trojan-activity;sid:84543481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680380)"; flow:established,from_client; content:"GET"; http_method; content:"/application/install.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"app.surrogatesolutions.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680380/; classtype:trojan-activity;sid:84543480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680378)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/vg06hnp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680378/; classtype:trojan-activity;sid:84543478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680379)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5820583016/qb3ayku.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680379/; classtype:trojan-activity;sid:84543479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680377)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7305855948/ap7euaf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680377/; classtype:trojan-activity;sid:84543477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.50.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680376/; classtype:trojan-activity;sid:84543476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.164.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680375/; classtype:trojan-activity;sid:84543475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680374/; classtype:trojan-activity;sid:84543474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.132.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680373/; classtype:trojan-activity;sid:84543473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.70.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680372/; classtype:trojan-activity;sid:84543472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.45.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680371/; classtype:trojan-activity;sid:84543471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.34.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680370/; classtype:trojan-activity;sid:84543470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680369)"; flow:established,from_client; content:"GET"; http_method; content:"/b8hn2gz6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5002201.60e533569.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680369/; classtype:trojan-activity;sid:84543469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.148.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680368/; classtype:trojan-activity;sid:84543468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.54.20.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680367/; classtype:trojan-activity;sid:84543467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.34.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680366/; classtype:trojan-activity;sid:84543466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.108.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680365/; classtype:trojan-activity;sid:84543465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680364/; classtype:trojan-activity;sid:84543464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.240.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680363/; classtype:trojan-activity;sid:84543463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.148.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680362/; classtype:trojan-activity;sid:84543462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680361/; classtype:trojan-activity;sid:84543461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680360/; classtype:trojan-activity;sid:84543460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.148.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680358/; classtype:trojan-activity;sid:84543458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.216.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680359/; classtype:trojan-activity;sid:84543459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.49.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680357/; classtype:trojan-activity;sid:84543457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.188.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680356/; classtype:trojan-activity;sid:84543456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680355)"; flow:established,from_client; content:"GET"; http_method; content:"/f8z2xpv7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"028.11u812580.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680355/; classtype:trojan-activity;sid:84543455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680354/; classtype:trojan-activity;sid:84543454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.92.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680353/; classtype:trojan-activity;sid:84543453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.148.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680352/; classtype:trojan-activity;sid:84543452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.100.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680351/; classtype:trojan-activity;sid:84543451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.85.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680350/; classtype:trojan-activity;sid:84543450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.83.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680349/; classtype:trojan-activity;sid:84543449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.62.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680348/; classtype:trojan-activity;sid:84543448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.178.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680347/; classtype:trojan-activity;sid:84543447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.92.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680346/; classtype:trojan-activity;sid:84543446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.221.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680345/; classtype:trojan-activity;sid:84543445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680344/; classtype:trojan-activity;sid:84543444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680343)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680343/; classtype:trojan-activity;sid:84543443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680331)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680331/; classtype:trojan-activity;sid:84543431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680332)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680332/; classtype:trojan-activity;sid:84543432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680333)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680333/; classtype:trojan-activity;sid:84543433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680334)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680334/; classtype:trojan-activity;sid:84543434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680335)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680335/; classtype:trojan-activity;sid:84543435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680336)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680336/; classtype:trojan-activity;sid:84543436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680337)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680337/; classtype:trojan-activity;sid:84543437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680338)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680338/; classtype:trojan-activity;sid:84543438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680339)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680339/; classtype:trojan-activity;sid:84543439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680340)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680340/; classtype:trojan-activity;sid:84543440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680341)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680341/; classtype:trojan-activity;sid:84543441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680342)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.181.183.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680342/; classtype:trojan-activity;sid:84543442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680330/; classtype:trojan-activity;sid:84543430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.216.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680329/; classtype:trojan-activity;sid:84543429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680328)"; flow:established,from_client; content:"GET"; http_method; content:"/f8nus4b/plugins/vnc.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680328/; classtype:trojan-activity;sid:84543428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680327)"; flow:established,from_client; content:"GET"; http_method; content:"/f8nus4b/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680327/; classtype:trojan-activity;sid:84543427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680324)"; flow:established,from_client; content:"GET"; http_method; content:"/f8nus4b/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680324/; classtype:trojan-activity;sid:84543424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680325)"; flow:established,from_client; content:"GET"; http_method; content:"/f8nus4b/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680325/; classtype:trojan-activity;sid:84543425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680326)"; flow:established,from_client; content:"GET"; http_method; content:"/f8nus4b/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680326/; classtype:trojan-activity;sid:84543426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.35.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680323/; classtype:trojan-activity;sid:84543423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680322)"; flow:established,from_client; content:"GET"; http_method; content:"/new/x64-setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680322/; classtype:trojan-activity;sid:84543422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680321)"; flow:established,from_client; content:"GET"; http_method; content:"/apivoo3b"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"918274.08u073852.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680321/; classtype:trojan-activity;sid:84543421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680320)"; flow:established,from_client; content:"GET"; http_method; content:"/product-data/application_setup.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680320/; classtype:trojan-activity;sid:84543420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680319/; classtype:trojan-activity;sid:84543419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.201.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680318/; classtype:trojan-activity;sid:84543418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.62.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680317/; classtype:trojan-activity;sid:84543417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680316/; classtype:trojan-activity;sid:84543416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680312)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680312/; classtype:trojan-activity;sid:84543412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680313)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680313/; classtype:trojan-activity;sid:84543413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680314)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680314/; classtype:trojan-activity;sid:84543414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680315)"; flow:established,from_client; content:"GET"; http_method; content:"/avtech.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680315/; classtype:trojan-activity;sid:84543415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680310)"; flow:established,from_client; content:"GET"; http_method; content:"/lil.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680310/; classtype:trojan-activity;sid:84543410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680311)"; flow:established,from_client; content:"GET"; http_method; content:"/gp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680311/; classtype:trojan-activity;sid:84543411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680309)"; flow:established,from_client; content:"GET"; http_method; content:"/tvt.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680309/; classtype:trojan-activity;sid:84543409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680304)"; flow:established,from_client; content:"GET"; http_method; content:"/lilin.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680304/; classtype:trojan-activity;sid:84543404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680305)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680305/; classtype:trojan-activity;sid:84543405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680306)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680306/; classtype:trojan-activity;sid:84543406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680307)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680307/; classtype:trojan-activity;sid:84543407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680308)"; flow:established,from_client; content:"GET"; http_method; content:"/uni"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680308/; classtype:trojan-activity;sid:84543408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680300)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680300/; classtype:trojan-activity;sid:84543400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680301)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680301/; classtype:trojan-activity;sid:84543401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680302)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680302/; classtype:trojan-activity;sid:84543402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680303)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680303/; classtype:trojan-activity;sid:84543403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680295)"; flow:established,from_client; content:"GET"; http_method; content:"/l/arm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680295/; classtype:trojan-activity;sid:84543395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680296)"; flow:established,from_client; content:"GET"; http_method; content:"/l/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680296/; classtype:trojan-activity;sid:84543396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680297)"; flow:established,from_client; content:"GET"; http_method; content:"/l/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680297/; classtype:trojan-activity;sid:84543397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680298)"; flow:established,from_client; content:"GET"; http_method; content:"/l/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680298/; classtype:trojan-activity;sid:84543398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680299)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680299/; classtype:trojan-activity;sid:84543399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.177.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680294/; classtype:trojan-activity;sid:84543394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.7.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680293/; classtype:trojan-activity;sid:84543393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.92.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680292/; classtype:trojan-activity;sid:84543392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680291)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/cred64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680291/; classtype:trojan-activity;sid:84543391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680288)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/vnc.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680288/; classtype:trojan-activity;sid:84543388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680289)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/clip64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680289/; classtype:trojan-activity;sid:84543389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680290)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/clip.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680290/; classtype:trojan-activity;sid:84543390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680287)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/cred.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680287/; classtype:trojan-activity;sid:84543387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.201.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680286/; classtype:trojan-activity;sid:84543386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680283/; classtype:trojan-activity;sid:84543383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680284)"; flow:established,from_client; content:"GET"; http_method; content:"/kwari.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680284/; classtype:trojan-activity;sid:84543384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680285)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680285/; classtype:trojan-activity;sid:84543385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.62.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680282/; classtype:trojan-activity;sid:84543382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680273)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680273/; classtype:trojan-activity;sid:84543373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680274/; classtype:trojan-activity;sid:84543374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680275/; classtype:trojan-activity;sid:84543375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680276/; classtype:trojan-activity;sid:84543376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680277/; classtype:trojan-activity;sid:84543377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680278/; classtype:trojan-activity;sid:84543378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680279)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680279/; classtype:trojan-activity;sid:84543379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680280/; classtype:trojan-activity;sid:84543380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680281/; classtype:trojan-activity;sid:84543381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680272)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/clip64.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.134.26.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680272/; classtype:trojan-activity;sid:84543372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680269)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/clip.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.134.26.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680269/; classtype:trojan-activity;sid:84543369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680270)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/cred.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.134.26.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680270/; classtype:trojan-activity;sid:84543370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680271)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/cred64.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.134.26.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680271/; classtype:trojan-activity;sid:84543371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680268)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/vnc.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"45.134.26.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680268/; classtype:trojan-activity;sid:84543368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.7.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680267/; classtype:trojan-activity;sid:84543367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680266)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680266/; classtype:trojan-activity;sid:84543366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680265)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680265/; classtype:trojan-activity;sid:84543365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680263/; classtype:trojan-activity;sid:84543363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680264)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680264/; classtype:trojan-activity;sid:84543364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680262)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680262/; classtype:trojan-activity;sid:84543362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.177.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680261/; classtype:trojan-activity;sid:84543361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.92.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680259/; classtype:trojan-activity;sid:84543359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680260)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680260/; classtype:trojan-activity;sid:84543360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680257)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680257/; classtype:trojan-activity;sid:84543357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680258)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680258/; classtype:trojan-activity;sid:84543358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680256)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680256/; classtype:trojan-activity;sid:84543356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680254)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxni686xnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680254/; classtype:trojan-activity;sid:84543354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680255)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680255/; classtype:trojan-activity;sid:84543355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680248)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680248/; classtype:trojan-activity;sid:84543348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680249)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680249/; classtype:trojan-activity;sid:84543349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680250)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680250/; classtype:trojan-activity;sid:84543350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680251)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680251/; classtype:trojan-activity;sid:84543351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680252)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680252/; classtype:trojan-activity;sid:84543352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.113.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680253/; classtype:trojan-activity;sid:84543353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680247)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680247/; classtype:trojan-activity;sid:84543347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680242)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarmv7lxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680242/; classtype:trojan-activity;sid:84543342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680243)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarmv6lxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680243/; classtype:trojan-activity;sid:84543343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680244)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680244/; classtype:trojan-activity;sid:84543344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680245)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680245/; classtype:trojan-activity;sid:84543345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680246)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarmv5lxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680246/; classtype:trojan-activity;sid:84543346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680237)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnmipselxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680237/; classtype:trojan-activity;sid:84543337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680238)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680238/; classtype:trojan-activity;sid:84543338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680239)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxni586xnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680239/; classtype:trojan-activity;sid:84543339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680240)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680240/; classtype:trojan-activity;sid:84543340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680241)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarmv4lxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"upjohn90.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680241/; classtype:trojan-activity;sid:84543341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680225)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680225/; classtype:trojan-activity;sid:84543325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680226)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxni686xnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680226/; classtype:trojan-activity;sid:84543326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680227)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxni586xnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680227/; classtype:trojan-activity;sid:84543327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680228)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnmipselxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680228/; classtype:trojan-activity;sid:84543328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680229)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarmv6lxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680229/; classtype:trojan-activity;sid:84543329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680230)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarmv7lxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680230/; classtype:trojan-activity;sid:84543330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680231)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680231/; classtype:trojan-activity;sid:84543331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680232)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarmv5lxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680232/; classtype:trojan-activity;sid:84543332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680233)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680233/; classtype:trojan-activity;sid:84543333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680234)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnarmv4lxnxn"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680234/; classtype:trojan-activity;sid:84543334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680235)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680235/; classtype:trojan-activity;sid:84543335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680236)"; flow:established,from_client; content:"GET"; http_method; content:"/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680236/; classtype:trojan-activity;sid:84543336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680224/; classtype:trojan-activity;sid:84543324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.70.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680223/; classtype:trojan-activity;sid:84543323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.248.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680222/; classtype:trojan-activity;sid:84543322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680221)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680221/; classtype:trojan-activity;sid:84543321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680220)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680220/; classtype:trojan-activity;sid:84543320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680209)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680209/; classtype:trojan-activity;sid:84543309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680210)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680210/; classtype:trojan-activity;sid:84543310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680211)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680211/; classtype:trojan-activity;sid:84543311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680212)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680212/; classtype:trojan-activity;sid:84543312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680213)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680213/; classtype:trojan-activity;sid:84543313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680214)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680214/; classtype:trojan-activity;sid:84543314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680215)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680215/; classtype:trojan-activity;sid:84543315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680216)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680216/; classtype:trojan-activity;sid:84543316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680217)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680217/; classtype:trojan-activity;sid:84543317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680218)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680218/; classtype:trojan-activity;sid:84543318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680219)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680219/; classtype:trojan-activity;sid:84543319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680208)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680208/; classtype:trojan-activity;sid:84543308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680207/; classtype:trojan-activity;sid:84543307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.248.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680206/; classtype:trojan-activity;sid:84543306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680200)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680200/; classtype:trojan-activity;sid:84543300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680201)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680201/; classtype:trojan-activity;sid:84543301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.83.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680202/; classtype:trojan-activity;sid:84543302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680203/; classtype:trojan-activity;sid:84543303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.52.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680204/; classtype:trojan-activity;sid:84543304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.230.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680205/; classtype:trojan-activity;sid:84543305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680199)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680199/; classtype:trojan-activity;sid:84543299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680197)"; flow:established,from_client; content:"GET"; http_method; content:"/zp3.check|3f|t=9lp8wx8k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9031.99y401874.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680197/; classtype:trojan-activity;sid:84543297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680198)"; flow:established,from_client; content:"GET"; http_method; content:"/ltu890lem4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"volt.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680198/; classtype:trojan-activity;sid:84543298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680194)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680194/; classtype:trojan-activity;sid:84543294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680195)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680195/; classtype:trojan-activity;sid:84543295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680196)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680196/; classtype:trojan-activity;sid:84543296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680191)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680191/; classtype:trojan-activity;sid:84543291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680192)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680192/; classtype:trojan-activity;sid:84543292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680193)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680193/; classtype:trojan-activity;sid:84543293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680184)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680184/; classtype:trojan-activity;sid:84543284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680185)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680185/; classtype:trojan-activity;sid:84543285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680186)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680186/; classtype:trojan-activity;sid:84543286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680187)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680187/; classtype:trojan-activity;sid:84543287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680188)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680188/; classtype:trojan-activity;sid:84543288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680189)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680189/; classtype:trojan-activity;sid:84543289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680190)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680190/; classtype:trojan-activity;sid:84543290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680179)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680179/; classtype:trojan-activity;sid:84543279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680180)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680180/; classtype:trojan-activity;sid:84543280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680181)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680181/; classtype:trojan-activity;sid:84543281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680182)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680182/; classtype:trojan-activity;sid:84543282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680183)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680183/; classtype:trojan-activity;sid:84543283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680178)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680178/; classtype:trojan-activity;sid:84543278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680174)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680174/; classtype:trojan-activity;sid:84543274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680175)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680175/; classtype:trojan-activity;sid:84543275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680176)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680176/; classtype:trojan-activity;sid:84543276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680177)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680177/; classtype:trojan-activity;sid:84543277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680173)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680173/; classtype:trojan-activity;sid:84543273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680170)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680170/; classtype:trojan-activity;sid:84543270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680171)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680171/; classtype:trojan-activity;sid:84543271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680172)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680172/; classtype:trojan-activity;sid:84543272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680168)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680168/; classtype:trojan-activity;sid:84543268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680169)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680169/; classtype:trojan-activity;sid:84543269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680166)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680166/; classtype:trojan-activity;sid:84543266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680167)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680167/; classtype:trojan-activity;sid:84543267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680165)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680165/; classtype:trojan-activity;sid:84543265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680161)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680161/; classtype:trojan-activity;sid:84543261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680162)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680162/; classtype:trojan-activity;sid:84543262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680163)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680163/; classtype:trojan-activity;sid:84543263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680164)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680164/; classtype:trojan-activity;sid:84543264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680155)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680155/; classtype:trojan-activity;sid:84543255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680156)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680156/; classtype:trojan-activity;sid:84543256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680157)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680157/; classtype:trojan-activity;sid:84543257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680158)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680158/; classtype:trojan-activity;sid:84543258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680159)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680159/; classtype:trojan-activity;sid:84543259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680160)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680160/; classtype:trojan-activity;sid:84543260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680153)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680153/; classtype:trojan-activity;sid:84543253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680154)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680154/; classtype:trojan-activity;sid:84543254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680150)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680150/; classtype:trojan-activity;sid:84543250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680151)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680151/; classtype:trojan-activity;sid:84543251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680152)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680152/; classtype:trojan-activity;sid:84543252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680149)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680149/; classtype:trojan-activity;sid:84543249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680145)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680145/; classtype:trojan-activity;sid:84543245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680146)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680146/; classtype:trojan-activity;sid:84543246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680147)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680147/; classtype:trojan-activity;sid:84543247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680148)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680148/; classtype:trojan-activity;sid:84543248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680126)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680126/; classtype:trojan-activity;sid:84543226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680127)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680127/; classtype:trojan-activity;sid:84543227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680128)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680128/; classtype:trojan-activity;sid:84543228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680129)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680129/; classtype:trojan-activity;sid:84543229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680130)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680130/; classtype:trojan-activity;sid:84543230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680131)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680131/; classtype:trojan-activity;sid:84543231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680132)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680132/; classtype:trojan-activity;sid:84543232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680133)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680133/; classtype:trojan-activity;sid:84543233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680134)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680134/; classtype:trojan-activity;sid:84543234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680135)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680135/; classtype:trojan-activity;sid:84543235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680136)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680136/; classtype:trojan-activity;sid:84543236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680137)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680137/; classtype:trojan-activity;sid:84543237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680138)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680138/; classtype:trojan-activity;sid:84543238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680139)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680139/; classtype:trojan-activity;sid:84543239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680140)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680140/; classtype:trojan-activity;sid:84543240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680141)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680141/; classtype:trojan-activity;sid:84543241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680142)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680142/; classtype:trojan-activity;sid:84543242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680143)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680143/; classtype:trojan-activity;sid:84543243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680144)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680144/; classtype:trojan-activity;sid:84543244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680125)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680125/; classtype:trojan-activity;sid:84543225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680124)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680124/; classtype:trojan-activity;sid:84543224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680122)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680122/; classtype:trojan-activity;sid:84543222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680123)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680123/; classtype:trojan-activity;sid:84543223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680117)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680117/; classtype:trojan-activity;sid:84543217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680118)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680118/; classtype:trojan-activity;sid:84543218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680119)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680119/; classtype:trojan-activity;sid:84543219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680120)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680120/; classtype:trojan-activity;sid:84543220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680121)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680121/; classtype:trojan-activity;sid:84543221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680115)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680115/; classtype:trojan-activity;sid:84543215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680116)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680116/; classtype:trojan-activity;sid:84543216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680113)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680113/; classtype:trojan-activity;sid:84543213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680114)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680114/; classtype:trojan-activity;sid:84543214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680112)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680112/; classtype:trojan-activity;sid:84543212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680109)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680109/; classtype:trojan-activity;sid:84543209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680110)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680110/; classtype:trojan-activity;sid:84543210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680111)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680111/; classtype:trojan-activity;sid:84543211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680107)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680107/; classtype:trojan-activity;sid:84543207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680108)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680108/; classtype:trojan-activity;sid:84543208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680104)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680104/; classtype:trojan-activity;sid:84543204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680105)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680105/; classtype:trojan-activity;sid:84543205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680106)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680106/; classtype:trojan-activity;sid:84543206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680103)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680103/; classtype:trojan-activity;sid:84543203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680102)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680102/; classtype:trojan-activity;sid:84543202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680071)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680071/; classtype:trojan-activity;sid:84543171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680072)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680072/; classtype:trojan-activity;sid:84543172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680073)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680073/; classtype:trojan-activity;sid:84543173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680074)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680074/; classtype:trojan-activity;sid:84543174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680075)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680075/; classtype:trojan-activity;sid:84543175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680076)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680076/; classtype:trojan-activity;sid:84543176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680077)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680077/; classtype:trojan-activity;sid:84543177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680078)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680078/; classtype:trojan-activity;sid:84543178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680079)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680079/; classtype:trojan-activity;sid:84543179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680080)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680080/; classtype:trojan-activity;sid:84543180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680081)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680081/; classtype:trojan-activity;sid:84543181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680082)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680082/; classtype:trojan-activity;sid:84543182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680083)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680083/; classtype:trojan-activity;sid:84543183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680084)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680084/; classtype:trojan-activity;sid:84543184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680085)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680085/; classtype:trojan-activity;sid:84543185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680086)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680086/; classtype:trojan-activity;sid:84543186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680087)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680087/; classtype:trojan-activity;sid:84543187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680088)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680088/; classtype:trojan-activity;sid:84543188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680089)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680089/; classtype:trojan-activity;sid:84543189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680090)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680090/; classtype:trojan-activity;sid:84543190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680091)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680091/; classtype:trojan-activity;sid:84543191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680092)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680092/; classtype:trojan-activity;sid:84543192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680093)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680093/; classtype:trojan-activity;sid:84543193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680094)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680094/; classtype:trojan-activity;sid:84543194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680095)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680095/; classtype:trojan-activity;sid:84543195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680096)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680096/; classtype:trojan-activity;sid:84543196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680097)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680097/; classtype:trojan-activity;sid:84543197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680098)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680098/; classtype:trojan-activity;sid:84543198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680099)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680099/; classtype:trojan-activity;sid:84543199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680100)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680100/; classtype:trojan-activity;sid:84543200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680101)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680101/; classtype:trojan-activity;sid:84543201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680067)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680067/; classtype:trojan-activity;sid:84543167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680068)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680068/; classtype:trojan-activity;sid:84543168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680069)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680069/; classtype:trojan-activity;sid:84543169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680070)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680070/; classtype:trojan-activity;sid:84543170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680066)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680066/; classtype:trojan-activity;sid:84543166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680064)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680064/; classtype:trojan-activity;sid:84543164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680065)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680065/; classtype:trojan-activity;sid:84543165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680058)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680058/; classtype:trojan-activity;sid:84543158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680059)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680059/; classtype:trojan-activity;sid:84543159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680060)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680060/; classtype:trojan-activity;sid:84543160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680061)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680061/; classtype:trojan-activity;sid:84543161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680062)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680062/; classtype:trojan-activity;sid:84543162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680063)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680063/; classtype:trojan-activity;sid:84543163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680038)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680038/; classtype:trojan-activity;sid:84543138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680039)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680039/; classtype:trojan-activity;sid:84543139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680040)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680040/; classtype:trojan-activity;sid:84543140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680041)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680041/; classtype:trojan-activity;sid:84543141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680042)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680042/; classtype:trojan-activity;sid:84543142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680043)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"apo5er.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680043/; classtype:trojan-activity;sid:84543143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680044)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680044/; classtype:trojan-activity;sid:84543144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680045)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680045/; classtype:trojan-activity;sid:84543145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680046)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680046/; classtype:trojan-activity;sid:84543146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680047)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680047/; classtype:trojan-activity;sid:84543147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680048)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680048/; classtype:trojan-activity;sid:84543148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680049)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680049/; classtype:trojan-activity;sid:84543149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680050)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680050/; classtype:trojan-activity;sid:84543150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680051)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680051/; classtype:trojan-activity;sid:84543151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680052)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680052/; classtype:trojan-activity;sid:84543152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680053)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"painel.centraliasolutions.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680053/; classtype:trojan-activity;sid:84543153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680054)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680054/; classtype:trojan-activity;sid:84543154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680055)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680055/; classtype:trojan-activity;sid:84543155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680056)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.vkaaah.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680056/; classtype:trojan-activity;sid:84543156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680057)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680057/; classtype:trojan-activity;sid:84543157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680037)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680037/; classtype:trojan-activity;sid:84543137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680036)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680036/; classtype:trojan-activity;sid:84543136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680034)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680034/; classtype:trojan-activity;sid:84543134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680035)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680035/; classtype:trojan-activity;sid:84543135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680032)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680032/; classtype:trojan-activity;sid:84543132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680033)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680033/; classtype:trojan-activity;sid:84543133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680031)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680031/; classtype:trojan-activity;sid:84543131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680021)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.apo5er.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680021/; classtype:trojan-activity;sid:84543121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680022)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680022/; classtype:trojan-activity;sid:84543122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680023)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lyi1ey.easypanel.host"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680023/; classtype:trojan-activity;sid:84543123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680024)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680024/; classtype:trojan-activity;sid:84543124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680025)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680025/; classtype:trojan-activity;sid:84543125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680026)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"puumo7.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680026/; classtype:trojan-activity;sid:84543126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680027)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leotech-n8n-webhook.bdkyqo.easypanel.host"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680027/; classtype:trojan-activity;sid:84543127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680028)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vkaaah.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680028/; classtype:trojan-activity;sid:84543128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680029)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"leotech-n8n-editor.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680029/; classtype:trojan-activity;sid:84543129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680030)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"api.centraliasolutions.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680030/; classtype:trojan-activity;sid:84543130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680020)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lyi1ey.easypanel.host"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680020/; classtype:trojan-activity;sid:84543120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680018)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"leotech-n8n-worker.bdkyqo.easypanel.host"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680018/; classtype:trojan-activity;sid:84543118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680019)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv860842.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680019/; classtype:trojan-activity;sid:84543119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.70.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680017/; classtype:trojan-activity;sid:84543117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680016)"; flow:established,from_client; content:"GET"; http_method; content:"/k7.google|3f|t=jjr6fjrk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"482.99y401874.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680016/; classtype:trojan-activity;sid:84543116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680015)"; flow:established,from_client; content:"GET"; http_method; content:"/f7cw6agfm8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"volt.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680015/; classtype:trojan-activity;sid:84543115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.136.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680014/; classtype:trojan-activity;sid:84543114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.193.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680013/; classtype:trojan-activity;sid:84543113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680009)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680009/; classtype:trojan-activity;sid:84543109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680010)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680010/; classtype:trojan-activity;sid:84543110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680011)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680011/; classtype:trojan-activity;sid:84543111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680012)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680012/; classtype:trojan-activity;sid:84543112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680008)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpucvmlxj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"slow.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680008/; classtype:trojan-activity;sid:84543108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680007)"; flow:established,from_client; content:"GET"; http_method; content:"/jt.check|3f|t=vs33xrn5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sip.run-c-you.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680007/; classtype:trojan-activity;sid:84543107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680006)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680006/; classtype:trojan-activity;sid:84543106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680005)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680005/; classtype:trojan-activity;sid:84543105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679997)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679997/; classtype:trojan-activity;sid:84543097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679998)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679998/; classtype:trojan-activity;sid:84543098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679999)"; flow:established,from_client; content:"GET"; http_method; content:"/gbotbins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679999/; classtype:trojan-activity;sid:84543099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680000)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680000/; classtype:trojan-activity;sid:84543100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680001)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680001/; classtype:trojan-activity;sid:84543101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680002)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680002/; classtype:trojan-activity;sid:84543102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680003)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680003/; classtype:trojan-activity;sid:84543103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680004)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3680004/; classtype:trojan-activity;sid:84543104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679996/; classtype:trojan-activity;sid:84543096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.73.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679995/; classtype:trojan-activity;sid:84543095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.8.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679994/; classtype:trojan-activity;sid:84543094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.83.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679993/; classtype:trojan-activity;sid:84543093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679991)"; flow:established,from_client; content:"GET"; http_method; content:"/io.check|3f|t=tuqo2fg8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pig.fix-fg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679991/; classtype:trojan-activity;sid:84543091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679992)"; flow:established,from_client; content:"GET"; http_method; content:"/iodj9f3sdh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lamp.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679992/; classtype:trojan-activity;sid:84543092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679990)"; flow:established,from_client; content:"GET"; http_method; content:"/ejv.google|3f|t=ff4jwys6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wet.app-6-v.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679990/; classtype:trojan-activity;sid:84543090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679989)"; flow:established,from_client; content:"GET"; http_method; content:"/jcpsllxwyr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chat.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679989/; classtype:trojan-activity;sid:84543089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.145.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679988/; classtype:trojan-activity;sid:84543088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.108.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679987/; classtype:trojan-activity;sid:84543087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.108.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679986/; classtype:trojan-activity;sid:84543086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.115.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679985/; classtype:trojan-activity;sid:84543085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679984)"; flow:established,from_client; content:"GET"; http_method; content:"/pz.check|3f|t=8u1gkiyv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dip.net-0-prosa.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679984/; classtype:trojan-activity;sid:84543084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679983)"; flow:established,from_client; content:"GET"; http_method; content:"/tsazq80k0w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chat.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679983/; classtype:trojan-activity;sid:84543083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.124.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679982/; classtype:trojan-activity;sid:84543082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.52.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679981/; classtype:trojan-activity;sid:84543081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.25.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679980/; classtype:trojan-activity;sid:84543080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679978)"; flow:established,from_client; content:"GET"; http_method; content:"/fe.google|3f|t=bc2s52bz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rig.bit-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679978/; classtype:trojan-activity;sid:84543078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679979)"; flow:established,from_client; content:"GET"; http_method; content:"/rm8g2ftpko.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"soar.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679979/; classtype:trojan-activity;sid:84543079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679977)"; flow:established,from_client; content:"GET"; http_method; content:"/vsxrlurnx9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"soar.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679977/; classtype:trojan-activity;sid:84543077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679976)"; flow:established,from_client; content:"GET"; http_method; content:"/9x1.google|3f|t=fx7ianwm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cop.joy-2-way.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679976/; classtype:trojan-activity;sid:84543076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.8.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679975/; classtype:trojan-activity;sid:84543075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.110.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679974/; classtype:trojan-activity;sid:84543074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679972)"; flow:established,from_client; content:"GET"; http_method; content:"/nix.check|3f|t=rtsmppe6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"er.hop-g-3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679972/; classtype:trojan-activity;sid:84543072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679973)"; flow:established,from_client; content:"GET"; http_method; content:"/j0opepott6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"soar.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679973/; classtype:trojan-activity;sid:84543073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.3.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679971/; classtype:trojan-activity;sid:84543071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.145.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679970/; classtype:trojan-activity;sid:84543070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679969)"; flow:established,from_client; content:"GET"; http_method; content:"/ib.check|3f|t=g4hpr6w9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cup.tag-b-s3.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679969/; classtype:trojan-activity;sid:84543069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.124.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679968/; classtype:trojan-activity;sid:84543068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.242.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679967/; classtype:trojan-activity;sid:84543067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.216.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679966/; classtype:trojan-activity;sid:84543066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.215.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679965/; classtype:trojan-activity;sid:84543065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679964)"; flow:established,from_client; content:"GET"; http_method; content:"/htycw6gid9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"year.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679964/; classtype:trojan-activity;sid:84543064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679963)"; flow:established,from_client; content:"GET"; http_method; content:"/2v3.check|3f|t=y0prl30g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hum.hop-g3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679963/; classtype:trojan-activity;sid:84543063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679962)"; flow:established,from_client; content:"GET"; http_method; content:"/6hfkt2cgrg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"year.koq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679962/; classtype:trojan-activity;sid:84543062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679961)"; flow:established,from_client; content:"GET"; http_method; content:"/2r.google|3f|t=nxrx6vsz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ash.web-d-n-45.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679961/; classtype:trojan-activity;sid:84543061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.110.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679960/; classtype:trojan-activity;sid:84543060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679959/; classtype:trojan-activity;sid:84543059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.153.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679958/; classtype:trojan-activity;sid:84543058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679957)"; flow:established,from_client; content:"GET"; http_method; content:"/m4s8v6fvfc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"case.pot5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679957/; classtype:trojan-activity;sid:84543057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679956)"; flow:established,from_client; content:"GET"; http_method; content:"/orv.google|3f|t=f973pewa"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"jar.zen-and.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679956/; classtype:trojan-activity;sid:84543056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679955/; classtype:trojan-activity;sid:84543055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.45.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679954/; classtype:trojan-activity;sid:84543054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679953/; classtype:trojan-activity;sid:84543053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679952)"; flow:established,from_client; content:"GET"; http_method; content:"/m8.google|3f|t=dcp1rlel"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"axe.run-c-you.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679952/; classtype:trojan-activity;sid:84543052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679951)"; flow:established,from_client; content:"GET"; http_method; content:"/nqvlvgazzp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"case.pot5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679951/; classtype:trojan-activity;sid:84543051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.108.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679950/; classtype:trojan-activity;sid:84543050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.162.104.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679949/; classtype:trojan-activity;sid:84543049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"142.90.8.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679948/; classtype:trojan-activity;sid:84543048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.153.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679947/; classtype:trojan-activity;sid:84543047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.203.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679946/; classtype:trojan-activity;sid:84543046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.103.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679945/; classtype:trojan-activity;sid:84543045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679943/; classtype:trojan-activity;sid:84543043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679944)"; flow:established,from_client; content:"GET"; http_method; content:"/gpshgoruws.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"must.pot5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679944/; classtype:trojan-activity;sid:84543044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679942)"; flow:established,from_client; content:"GET"; http_method; content:"/3x.google|3f|t=jq75lb3k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"no.net-0-prosa.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679942/; classtype:trojan-activity;sid:84543042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679941)"; flow:established,from_client; content:"GET"; http_method; content:"/tgaodhasea.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tune.pot5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679941/; classtype:trojan-activity;sid:84543041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679940)"; flow:established,from_client; content:"GET"; http_method; content:"/uj.google|3f|t=9f6notmd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"paw.bit-e.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679940/; classtype:trojan-activity;sid:84543040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679939)"; flow:established,from_client; content:"GET"; http_method; content:"/r41.check|3f|t=w69apmkt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"w8y3n2d.vbep-3.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679939/; classtype:trojan-activity;sid:84543039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.103.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679938/; classtype:trojan-activity;sid:84543038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.199.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679937/; classtype:trojan-activity;sid:84543037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.186.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679936/; classtype:trojan-activity;sid:84543036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.114.229.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679935/; classtype:trojan-activity;sid:84543035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.165.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679934/; classtype:trojan-activity;sid:84543034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.210.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679933/; classtype:trojan-activity;sid:84543033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.180.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679931/; classtype:trojan-activity;sid:84543031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.113.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679932/; classtype:trojan-activity;sid:84543032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.165.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679930/; classtype:trojan-activity;sid:84543030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.35.93.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679929/; classtype:trojan-activity;sid:84543029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.36.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679928/; classtype:trojan-activity;sid:84543028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.210.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679927/; classtype:trojan-activity;sid:84543027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.35.93.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679926/; classtype:trojan-activity;sid:84543026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.48.121.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679925/; classtype:trojan-activity;sid:84543025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.180.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679924/; classtype:trojan-activity;sid:84543024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679923/; classtype:trojan-activity;sid:84543023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679922/; classtype:trojan-activity;sid:84543022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.173.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679921/; classtype:trojan-activity;sid:84543021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679920/; classtype:trojan-activity;sid:84543020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.99.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679919/; classtype:trojan-activity;sid:84543019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.83.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679918/; classtype:trojan-activity;sid:84543018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.36.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679917/; classtype:trojan-activity;sid:84543017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679916/; classtype:trojan-activity;sid:84543016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679915/; classtype:trojan-activity;sid:84543015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.195.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679914/; classtype:trojan-activity;sid:84543014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.8.76"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679913/; classtype:trojan-activity;sid:84543013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.151.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679912/; classtype:trojan-activity;sid:84543012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.135.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679910/; classtype:trojan-activity;sid:84543010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679911)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679911/; classtype:trojan-activity;sid:84543011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679909)"; flow:established,from_client; content:"GET"; http_method; content:"/arm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679909/; classtype:trojan-activity;sid:84543009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.32.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679908/; classtype:trojan-activity;sid:84543008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.2.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679907/; classtype:trojan-activity;sid:84543007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679906/; classtype:trojan-activity;sid:84543006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.101.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679905/; classtype:trojan-activity;sid:84543005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.8.76"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679904/; classtype:trojan-activity;sid:84543004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.154.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679903/; classtype:trojan-activity;sid:84543003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.211.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679902/; classtype:trojan-activity;sid:84543002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.32.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679901/; classtype:trojan-activity;sid:84543001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.151.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679900/; classtype:trojan-activity;sid:84543000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.165.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679899/; classtype:trojan-activity;sid:84542999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.72.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679898/; classtype:trojan-activity;sid:84542998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.139.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679897/; classtype:trojan-activity;sid:84542997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.72.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679896/; classtype:trojan-activity;sid:84542996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679893)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679893/; classtype:trojan-activity;sid:84542993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679894)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679894/; classtype:trojan-activity;sid:84542994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679895)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679895/; classtype:trojan-activity;sid:84542995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679891)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679891/; classtype:trojan-activity;sid:84542991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679892)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679892/; classtype:trojan-activity;sid:84542992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679886)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679886/; classtype:trojan-activity;sid:84542986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679887)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679887/; classtype:trojan-activity;sid:84542987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679888)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679888/; classtype:trojan-activity;sid:84542988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679889)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679889/; classtype:trojan-activity;sid:84542989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679890)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679890/; classtype:trojan-activity;sid:84542990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.113.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679885/; classtype:trojan-activity;sid:84542985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.217.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679884/; classtype:trojan-activity;sid:84542984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.229.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679883/; classtype:trojan-activity;sid:84542983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.229.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679882/; classtype:trojan-activity;sid:84542982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.97.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679881/; classtype:trojan-activity;sid:84542981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.217.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679880/; classtype:trojan-activity;sid:84542980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.38.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679879/; classtype:trojan-activity;sid:84542979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.87.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679878/; classtype:trojan-activity;sid:84542978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.32.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679877/; classtype:trojan-activity;sid:84542977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.103.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679876/; classtype:trojan-activity;sid:84542976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.97.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679875/; classtype:trojan-activity;sid:84542975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679874/; classtype:trojan-activity;sid:84542974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.92.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679873/; classtype:trojan-activity;sid:84542973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.40.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679872/; classtype:trojan-activity;sid:84542972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.229.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679871/; classtype:trojan-activity;sid:84542971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.150.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679870/; classtype:trojan-activity;sid:84542970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.87.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679869/; classtype:trojan-activity;sid:84542969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.172.10.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679868/; classtype:trojan-activity;sid:84542968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.103.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679866/; classtype:trojan-activity;sid:84542966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.35.183.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679867/; classtype:trojan-activity;sid:84542967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.12.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679863/; classtype:trojan-activity;sid:84542963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.63.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679864/; classtype:trojan-activity;sid:84542964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.52.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679865/; classtype:trojan-activity;sid:84542965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.168.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679860/; classtype:trojan-activity;sid:84542960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.159.244.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679861/; classtype:trojan-activity;sid:84542961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.79.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679862/; classtype:trojan-activity;sid:84542962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.172.10.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679859/; classtype:trojan-activity;sid:84542959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.133.221.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679858/; classtype:trojan-activity;sid:84542958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.229.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679857/; classtype:trojan-activity;sid:84542957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.57.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679856/; classtype:trojan-activity;sid:84542956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.40.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679855/; classtype:trojan-activity;sid:84542955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.252.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679854/; classtype:trojan-activity;sid:84542954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.165.11.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679853/; classtype:trojan-activity;sid:84542953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.164.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679852/; classtype:trojan-activity;sid:84542952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.252.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679851/; classtype:trojan-activity;sid:84542951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.133.221.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679850/; classtype:trojan-activity;sid:84542950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.133.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679849/; classtype:trojan-activity;sid:84542949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.203.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679848/; classtype:trojan-activity;sid:84542948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.26.213"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679847/; classtype:trojan-activity;sid:84542947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.98.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679846/; classtype:trojan-activity;sid:84542946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.229.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679845/; classtype:trojan-activity;sid:84542945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.199.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679844/; classtype:trojan-activity;sid:84542944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.11.72.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679843/; classtype:trojan-activity;sid:84542943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.245.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679842/; classtype:trojan-activity;sid:84542942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.164.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679841/; classtype:trojan-activity;sid:84542941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.52.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679840/; classtype:trojan-activity;sid:84542940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.53.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679839/; classtype:trojan-activity;sid:84542939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.26.213"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679838/; classtype:trojan-activity;sid:84542938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679837/; classtype:trojan-activity;sid:84542937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.98.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679836/; classtype:trojan-activity;sid:84542936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.179.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679835/; classtype:trojan-activity;sid:84542935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.199.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679833/; classtype:trojan-activity;sid:84542933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.237.143.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679834/; classtype:trojan-activity;sid:84542934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.38.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679832/; classtype:trojan-activity;sid:84542932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.245.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679831/; classtype:trojan-activity;sid:84542931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.229.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679830/; classtype:trojan-activity;sid:84542930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.52.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679829/; classtype:trojan-activity;sid:84542929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.70.225"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679828/; classtype:trojan-activity;sid:84542928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.0.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679827/; classtype:trojan-activity;sid:84542927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679826/; classtype:trojan-activity;sid:84542926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.220.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679825/; classtype:trojan-activity;sid:84542925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.220.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679824/; classtype:trojan-activity;sid:84542924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.72.71.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679823/; classtype:trojan-activity;sid:84542923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679822/; classtype:trojan-activity;sid:84542922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.83.163.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679821/; classtype:trojan-activity;sid:84542921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.48.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679820/; classtype:trojan-activity;sid:84542920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.38.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679819/; classtype:trojan-activity;sid:84542919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679818/; classtype:trojan-activity;sid:84542918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.237.143.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679817/; classtype:trojan-activity;sid:84542917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.168.77.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679816/; classtype:trojan-activity;sid:84542916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.10.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679815/; classtype:trojan-activity;sid:84542915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.211.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679814/; classtype:trojan-activity;sid:84542914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.37.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679813/; classtype:trojan-activity;sid:84542913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.10.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679812/; classtype:trojan-activity;sid:84542912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679807)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679807/; classtype:trojan-activity;sid:84542907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679808)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679808/; classtype:trojan-activity;sid:84542908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679809)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679809/; classtype:trojan-activity;sid:84542909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679810)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679810/; classtype:trojan-activity;sid:84542910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679811)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679811/; classtype:trojan-activity;sid:84542911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679805)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679805/; classtype:trojan-activity;sid:84542905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679806)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679806/; classtype:trojan-activity;sid:84542906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679797)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679797/; classtype:trojan-activity;sid:84542897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679798)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679798/; classtype:trojan-activity;sid:84542898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679799)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679799/; classtype:trojan-activity;sid:84542899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679800)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679800/; classtype:trojan-activity;sid:84542900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679801)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679801/; classtype:trojan-activity;sid:84542901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679802)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679802/; classtype:trojan-activity;sid:84542902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679803)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679803/; classtype:trojan-activity;sid:84542903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679804)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679804/; classtype:trojan-activity;sid:84542904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679796)"; flow:established,from_client; content:"GET"; http_method; content:"/statement.msi"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"statementmsi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679796/; classtype:trojan-activity;sid:84542896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.11.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679795/; classtype:trojan-activity;sid:84542895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.11.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679794/; classtype:trojan-activity;sid:84542894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.37.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679793/; classtype:trojan-activity;sid:84542893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.220.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679792/; classtype:trojan-activity;sid:84542892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679791)"; flow:established,from_client; content:"GET"; http_method; content:"/0j083ip9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p7w2c9.vbep-3.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679791/; classtype:trojan-activity;sid:84542891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.106.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679790/; classtype:trojan-activity;sid:84542890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.220.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679789/; classtype:trojan-activity;sid:84542889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.36.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679788/; classtype:trojan-activity;sid:84542888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.83.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679787/; classtype:trojan-activity;sid:84542887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.86.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679786/; classtype:trojan-activity;sid:84542886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679785)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/diqhdod.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679785/; classtype:trojan-activity;sid:84542885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.83.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679784/; classtype:trojan-activity;sid:84542884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679782)"; flow:established,from_client; content:"GET"; http_method; content:"/9k.check|3f|t=b1kh9sh9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p7w2c9.vbep-3.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679782/; classtype:trojan-activity;sid:84542882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679783)"; flow:established,from_client; content:"GET"; http_method; content:"/9s7vpd9lza.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"arch.pot5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679783/; classtype:trojan-activity;sid:84542883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.16.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679781/; classtype:trojan-activity;sid:84542881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.19.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679780/; classtype:trojan-activity;sid:84542880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679778)"; flow:established,from_client; content:"GET"; http_method; content:"/a2wudv8u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y0n3qv2.tape-5-x.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679778/; classtype:trojan-activity;sid:84542878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679779)"; flow:established,from_client; content:"GET"; http_method; content:"/2r5suokc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y0n3qv2.tape-5-x.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679779/; classtype:trojan-activity;sid:84542879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.36.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679777/; classtype:trojan-activity;sid:84542877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.52.76.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679776/; classtype:trojan-activity;sid:84542876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679774)"; flow:established,from_client; content:"GET"; http_method; content:"/dj0zfrgp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y0n3qv2.tape-5-x.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679774/; classtype:trojan-activity;sid:84542874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679775)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office/rules.js"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679775/; classtype:trojan-activity;sid:84542875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.244.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679773/; classtype:trojan-activity;sid:84542873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.94.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679772/; classtype:trojan-activity;sid:84542872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679771/; classtype:trojan-activity;sid:84542871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.16.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679770/; classtype:trojan-activity;sid:84542870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.25.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679768/; classtype:trojan-activity;sid:84542868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.19.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679769/; classtype:trojan-activity;sid:84542869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679760)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679760/; classtype:trojan-activity;sid:84542860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679761)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679761/; classtype:trojan-activity;sid:84542861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679762)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679762/; classtype:trojan-activity;sid:84542862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679763)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679763/; classtype:trojan-activity;sid:84542863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679764)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679764/; classtype:trojan-activity;sid:84542864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679765)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679765/; classtype:trojan-activity;sid:84542865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679766)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679766/; classtype:trojan-activity;sid:84542866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679767)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679767/; classtype:trojan-activity;sid:84542867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679758)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679758/; classtype:trojan-activity;sid:84542858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679759)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.97.160.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679759/; classtype:trojan-activity;sid:84542859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.21.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679756/; classtype:trojan-activity;sid:84542856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.173.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679757/; classtype:trojan-activity;sid:84542857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679755/; classtype:trojan-activity;sid:84542855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.76.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679754/; classtype:trojan-activity;sid:84542854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.241.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679753/; classtype:trojan-activity;sid:84542853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679752/; classtype:trojan-activity;sid:84542852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679751)"; flow:established,from_client; content:"GET"; http_method; content:"/y5rdehg1s7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"quit.pot5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679751/; classtype:trojan-activity;sid:84542851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679750)"; flow:established,from_client; content:"GET"; http_method; content:"/7m.google|3f|t=jv0ndr04"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k4nz.vbep-3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679750/; classtype:trojan-activity;sid:84542850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.241.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679749/; classtype:trojan-activity;sid:84542849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.151.47.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679748/; classtype:trojan-activity;sid:84542848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.170.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679747/; classtype:trojan-activity;sid:84542847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679746)"; flow:established,from_client; content:"GET"; http_method; content:"/dkgr69ango.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"beef.pot5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679746/; classtype:trojan-activity;sid:84542846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679745)"; flow:established,from_client; content:"GET"; http_method; content:"/3k1.check|3f|t=lqmllm7n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y0n3qv2.tape-5-x.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679745/; classtype:trojan-activity;sid:84542845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.150.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679744/; classtype:trojan-activity;sid:84542844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.93.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679743/; classtype:trojan-activity;sid:84542843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679742/; classtype:trojan-activity;sid:84542842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.170.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679741/; classtype:trojan-activity;sid:84542841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679740/; classtype:trojan-activity;sid:84542840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.151.47.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679739/; classtype:trojan-activity;sid:84542839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.165.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679738/; classtype:trojan-activity;sid:84542838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.253.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679737/; classtype:trojan-activity;sid:84542837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.113.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679736/; classtype:trojan-activity;sid:84542836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679735/; classtype:trojan-activity;sid:84542835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.81.101.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679732/; classtype:trojan-activity;sid:84542832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.137.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679733/; classtype:trojan-activity;sid:84542833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.34.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679734/; classtype:trojan-activity;sid:84542834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.15.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679730/; classtype:trojan-activity;sid:84542830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.154.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679731/; classtype:trojan-activity;sid:84542831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.193.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679728/; classtype:trojan-activity;sid:84542828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.169.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679729/; classtype:trojan-activity;sid:84542829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.169.226.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679727/; classtype:trojan-activity;sid:84542827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.194.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679725/; classtype:trojan-activity;sid:84542825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.108.114.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679726/; classtype:trojan-activity;sid:84542826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679723)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679723/; classtype:trojan-activity;sid:84542823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679724)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679724/; classtype:trojan-activity;sid:84542824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679715)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679715/; classtype:trojan-activity;sid:84542815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.106.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679716/; classtype:trojan-activity;sid:84542816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679717)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679717/; classtype:trojan-activity;sid:84542817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.172.10.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679718/; classtype:trojan-activity;sid:84542818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.221.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679719/; classtype:trojan-activity;sid:84542819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.96.108.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679720/; classtype:trojan-activity;sid:84542820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.181.224.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679721/; classtype:trojan-activity;sid:84542821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.99.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679722/; classtype:trojan-activity;sid:84542822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.159.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679714/; classtype:trojan-activity;sid:84542814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.108.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679713/; classtype:trojan-activity;sid:84542813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.198.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679712/; classtype:trojan-activity;sid:84542812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679711)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7207342161/aiqnltq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679711/; classtype:trojan-activity;sid:84542811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.143.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679710/; classtype:trojan-activity;sid:84542810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679709/; classtype:trojan-activity;sid:84542809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.244.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679708/; classtype:trojan-activity;sid:84542808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.30.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679707/; classtype:trojan-activity;sid:84542807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.135.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679706/; classtype:trojan-activity;sid:84542806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.241.188.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679705/; classtype:trojan-activity;sid:84542805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.2.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679704/; classtype:trojan-activity;sid:84542804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679694)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679694/; classtype:trojan-activity;sid:84542794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679695)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679695/; classtype:trojan-activity;sid:84542795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679696)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679696/; classtype:trojan-activity;sid:84542796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679697)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679697/; classtype:trojan-activity;sid:84542797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679698)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679698/; classtype:trojan-activity;sid:84542798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679699)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679699/; classtype:trojan-activity;sid:84542799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679700)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679700/; classtype:trojan-activity;sid:84542800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679701)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679701/; classtype:trojan-activity;sid:84542801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679702)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679702/; classtype:trojan-activity;sid:84542802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679703)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679703/; classtype:trojan-activity;sid:84542803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679689)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679689/; classtype:trojan-activity;sid:84542789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679690)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679690/; classtype:trojan-activity;sid:84542790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679691)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679691/; classtype:trojan-activity;sid:84542791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679692)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679692/; classtype:trojan-activity;sid:84542792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679693)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679693/; classtype:trojan-activity;sid:84542793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679684)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679684/; classtype:trojan-activity;sid:84542784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679685)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679685/; classtype:trojan-activity;sid:84542785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679686)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679686/; classtype:trojan-activity;sid:84542786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679687)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679687/; classtype:trojan-activity;sid:84542787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679688)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679688/; classtype:trojan-activity;sid:84542788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.22.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679683/; classtype:trojan-activity;sid:84542783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679682)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1663837285/e2miouv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679682/; classtype:trojan-activity;sid:84542782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679680)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679680/; classtype:trojan-activity;sid:84542780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679681)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679681/; classtype:trojan-activity;sid:84542781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679679)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"srv1050744.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679679/; classtype:trojan-activity;sid:84542779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679678)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7207342161/tieghm5.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679678/; classtype:trojan-activity;sid:84542778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.187.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679677/; classtype:trojan-activity;sid:84542777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.75.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679676/; classtype:trojan-activity;sid:84542776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.173.158.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679675/; classtype:trojan-activity;sid:84542775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.78.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679674/; classtype:trojan-activity;sid:84542774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.75.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679673/; classtype:trojan-activity;sid:84542773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.38.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679672/; classtype:trojan-activity;sid:84542772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.113.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679671/; classtype:trojan-activity;sid:84542771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.26.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679670/; classtype:trojan-activity;sid:84542770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.78.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679669/; classtype:trojan-activity;sid:84542769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679668/; classtype:trojan-activity;sid:84542768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.106.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679667/; classtype:trojan-activity;sid:84542767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.77.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679666/; classtype:trojan-activity;sid:84542766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.225.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679665/; classtype:trojan-activity;sid:84542765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.130.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679664/; classtype:trojan-activity;sid:84542764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.0.110"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679663/; classtype:trojan-activity;sid:84542763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.43.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679662/; classtype:trojan-activity;sid:84542762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.187.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679661/; classtype:trojan-activity;sid:84542761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679660/; classtype:trojan-activity;sid:84542760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.124.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679659/; classtype:trojan-activity;sid:84542759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.43.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679658/; classtype:trojan-activity;sid:84542758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.219.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679657/; classtype:trojan-activity;sid:84542757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.231.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679656/; classtype:trojan-activity;sid:84542756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.37.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679655/; classtype:trojan-activity;sid:84542755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.222.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679654/; classtype:trojan-activity;sid:84542754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.90.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679653/; classtype:trojan-activity;sid:84542753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.219.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679651/; classtype:trojan-activity;sid:84542751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679652/; classtype:trojan-activity;sid:84542752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.254.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679650/; classtype:trojan-activity;sid:84542750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679649/; classtype:trojan-activity;sid:84542749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.115.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679648/; classtype:trojan-activity;sid:84542748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679646)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7632405658/hmms7x3.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679646/; classtype:trojan-activity;sid:84542746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679647)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7207342161/tq9nylh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679647/; classtype:trojan-activity;sid:84542747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679645)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1129026890/koce0uj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679645/; classtype:trojan-activity;sid:84542745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679640)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/l820xtt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679640/; classtype:trojan-activity;sid:84542740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679641)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6577350923/ax3b9py.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679641/; classtype:trojan-activity;sid:84542741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679642)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/036bjnl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679642/; classtype:trojan-activity;sid:84542742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679643)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6555237020/6tihm9g.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679643/; classtype:trojan-activity;sid:84542743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679644)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6555237020/rlgvsyg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679644/; classtype:trojan-activity;sid:84542744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679639)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1760829628/td69tyb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679639/; classtype:trojan-activity;sid:84542739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.231.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679638/; classtype:trojan-activity;sid:84542738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679637)"; flow:established,from_client; content:"GET"; http_method; content:"/injector.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679637/; classtype:trojan-activity;sid:84542737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.194.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679636/; classtype:trojan-activity;sid:84542736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679635/; classtype:trojan-activity;sid:84542735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.101.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679634/; classtype:trojan-activity;sid:84542734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.124.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679633/; classtype:trojan-activity;sid:84542733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.90.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679632/; classtype:trojan-activity;sid:84542732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.76.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679631/; classtype:trojan-activity;sid:84542731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.115.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679629/; classtype:trojan-activity;sid:84542729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.222.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679630/; classtype:trojan-activity;sid:84542730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.194.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679628/; classtype:trojan-activity;sid:84542728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.134.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679627/; classtype:trojan-activity;sid:84542727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.152.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679626/; classtype:trojan-activity;sid:84542726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.174.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679625/; classtype:trojan-activity;sid:84542725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.32.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679624/; classtype:trojan-activity;sid:84542724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679623/; classtype:trojan-activity;sid:84542723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.76.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679621/; classtype:trojan-activity;sid:84542721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.188.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679622/; classtype:trojan-activity;sid:84542722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.126.76.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679620/; classtype:trojan-activity;sid:84542720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679619/; classtype:trojan-activity;sid:84542719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679618/; classtype:trojan-activity;sid:84542718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.13.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679617/; classtype:trojan-activity;sid:84542717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.174.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679616/; classtype:trojan-activity;sid:84542716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.32.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679615/; classtype:trojan-activity;sid:84542715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.160.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679613/; classtype:trojan-activity;sid:84542713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.100.10.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679614/; classtype:trojan-activity;sid:84542714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679612/; classtype:trojan-activity;sid:84542712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.86.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679610/; classtype:trojan-activity;sid:84542710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.23.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679611/; classtype:trojan-activity;sid:84542711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.203.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679609/; classtype:trojan-activity;sid:84542709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.168.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679608/; classtype:trojan-activity;sid:84542708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.179.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679606/; classtype:trojan-activity;sid:84542706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679607/; classtype:trojan-activity;sid:84542707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.160.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679605/; classtype:trojan-activity;sid:84542705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.47.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679604/; classtype:trojan-activity;sid:84542704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.191.200.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679603/; classtype:trojan-activity;sid:84542703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.221.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679602/; classtype:trojan-activity;sid:84542702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.128.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679601/; classtype:trojan-activity;sid:84542701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.179.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679600/; classtype:trojan-activity;sid:84542700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.34.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679599/; classtype:trojan-activity;sid:84542699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.209.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679598/; classtype:trojan-activity;sid:84542698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.145.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679597/; classtype:trojan-activity;sid:84542697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.34.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679596/; classtype:trojan-activity;sid:84542696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.40.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679595/; classtype:trojan-activity;sid:84542695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.55.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679594/; classtype:trojan-activity;sid:84542694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.145.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679593/; classtype:trojan-activity;sid:84542693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679592/; classtype:trojan-activity;sid:84542692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.188.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679591/; classtype:trojan-activity;sid:84542691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.0.125.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679590/; classtype:trojan-activity;sid:84542690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679589/; classtype:trojan-activity;sid:84542689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.22.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679588/; classtype:trojan-activity;sid:84542688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.40.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679587/; classtype:trojan-activity;sid:84542687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679586/; classtype:trojan-activity;sid:84542686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.9.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679585/; classtype:trojan-activity;sid:84542685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.0.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679583/; classtype:trojan-activity;sid:84542683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.125.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679584/; classtype:trojan-activity;sid:84542684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.239.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679582/; classtype:trojan-activity;sid:84542682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.152.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679581/; classtype:trojan-activity;sid:84542681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679580)"; flow:established,from_client; content:"GET"; http_method; content:"/yg59rjfg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t1mze9.fox-ab.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679580/; classtype:trojan-activity;sid:84542680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.239.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679579/; classtype:trojan-activity;sid:84542679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679578/; classtype:trojan-activity;sid:84542678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.219.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679577/; classtype:trojan-activity;sid:84542677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.79.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679575/; classtype:trojan-activity;sid:84542675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.12.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679576/; classtype:trojan-activity;sid:84542676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679574/; classtype:trojan-activity;sid:84542674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.70.225"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679573/; classtype:trojan-activity;sid:84542673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.241.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679571/; classtype:trojan-activity;sid:84542671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.4.147"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679572/; classtype:trojan-activity;sid:84542672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.73.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679570/; classtype:trojan-activity;sid:84542670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.222.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679569/; classtype:trojan-activity;sid:84542669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.72.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679568/; classtype:trojan-activity;sid:84542668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.241.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679567/; classtype:trojan-activity;sid:84542667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.73.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679566/; classtype:trojan-activity;sid:84542666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.168.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679565/; classtype:trojan-activity;sid:84542665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.156.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679564/; classtype:trojan-activity;sid:84542664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.50.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679563/; classtype:trojan-activity;sid:84542663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.168.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679562/; classtype:trojan-activity;sid:84542662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.225.7.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679561/; classtype:trojan-activity;sid:84542661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.132.130.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679560/; classtype:trojan-activity;sid:84542660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.225.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679559/; classtype:trojan-activity;sid:84542659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.122.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679558/; classtype:trojan-activity;sid:84542658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.208.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679557/; classtype:trojan-activity;sid:84542657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.17.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679556/; classtype:trojan-activity;sid:84542656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.45.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679555/; classtype:trojan-activity;sid:84542655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.225.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679554/; classtype:trojan-activity;sid:84542654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.33.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679553/; classtype:trojan-activity;sid:84542653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.225.7.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679552/; classtype:trojan-activity;sid:84542652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.159.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679551/; classtype:trojan-activity;sid:84542651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.122.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679550/; classtype:trojan-activity;sid:84542650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.86.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679549/; classtype:trojan-activity;sid:84542649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.17.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679548/; classtype:trojan-activity;sid:84542648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.35.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679547/; classtype:trojan-activity;sid:84542647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.33.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679545/; classtype:trojan-activity;sid:84542645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.85.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679546/; classtype:trojan-activity;sid:84542646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.35.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679544/; classtype:trojan-activity;sid:84542644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679543)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pcdcinc.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679543/; classtype:trojan-activity;sid:84542643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.153.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679542/; classtype:trojan-activity;sid:84542642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.229.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679541/; classtype:trojan-activity;sid:84542641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.108.114.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679540/; classtype:trojan-activity;sid:84542640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.23.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679536/; classtype:trojan-activity;sid:84542636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679537/; classtype:trojan-activity;sid:84542637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.166.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679538/; classtype:trojan-activity;sid:84542638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.198.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679539/; classtype:trojan-activity;sid:84542639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679535/; classtype:trojan-activity;sid:84542635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679534)"; flow:established,from_client; content:"GET"; http_method; content:"/6n7n.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pcdcinc.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679534/; classtype:trojan-activity;sid:84542634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.85.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679533/; classtype:trojan-activity;sid:84542633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679532)"; flow:established,from_client; content:"GET"; http_method; content:"/egf68z5d"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rice.vbep-3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679532/; classtype:trojan-activity;sid:84542632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.175.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679531/; classtype:trojan-activity;sid:84542631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.193.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679530/; classtype:trojan-activity;sid:84542630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.68.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679529/; classtype:trojan-activity;sid:84542629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.99.206.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679528/; classtype:trojan-activity;sid:84542628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679527/; classtype:trojan-activity;sid:84542627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.248.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679526/; classtype:trojan-activity;sid:84542626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.156.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679525/; classtype:trojan-activity;sid:84542625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.99.206.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679524/; classtype:trojan-activity;sid:84542624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679520)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679520/; classtype:trojan-activity;sid:84542620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679521)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679521/; classtype:trojan-activity;sid:84542621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679522)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679522/; classtype:trojan-activity;sid:84542622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679523)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679523/; classtype:trojan-activity;sid:84542623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679516)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679516/; classtype:trojan-activity;sid:84542616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679517)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679517/; classtype:trojan-activity;sid:84542617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679518)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679518/; classtype:trojan-activity;sid:84542618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679519)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679519/; classtype:trojan-activity;sid:84542619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679515)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"144.172.109.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679515/; classtype:trojan-activity;sid:84542615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.33.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679514/; classtype:trojan-activity;sid:84542614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.248.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679513/; classtype:trojan-activity;sid:84542613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.240.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679512/; classtype:trojan-activity;sid:84542612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.33.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679511/; classtype:trojan-activity;sid:84542611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.240.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679510/; classtype:trojan-activity;sid:84542610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.206.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679509/; classtype:trojan-activity;sid:84542609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.153.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679508/; classtype:trojan-activity;sid:84542608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.174.196.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679507/; classtype:trojan-activity;sid:84542607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.206.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679506/; classtype:trojan-activity;sid:84542606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.91.3.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679505/; classtype:trojan-activity;sid:84542605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.99.236.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679504/; classtype:trojan-activity;sid:84542604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.109.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679503/; classtype:trojan-activity;sid:84542603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.31.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679502/; classtype:trojan-activity;sid:84542602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.190.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679501/; classtype:trojan-activity;sid:84542601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.236.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679500/; classtype:trojan-activity;sid:84542600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.160.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679499/; classtype:trojan-activity;sid:84542599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.192.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679498/; classtype:trojan-activity;sid:84542598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.41.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679497/; classtype:trojan-activity;sid:84542597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.246.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679496/; classtype:trojan-activity;sid:84542596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.127.227.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679495/; classtype:trojan-activity;sid:84542595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.190.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679494/; classtype:trojan-activity;sid:84542594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679493/; classtype:trojan-activity;sid:84542593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.192.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679492/; classtype:trojan-activity;sid:84542592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.177.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679491/; classtype:trojan-activity;sid:84542591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.168.149.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679490/; classtype:trojan-activity;sid:84542590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.41.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679489/; classtype:trojan-activity;sid:84542589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.246.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679488/; classtype:trojan-activity;sid:84542588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679487/; classtype:trojan-activity;sid:84542587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.23.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679486/; classtype:trojan-activity;sid:84542586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.241.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679485/; classtype:trojan-activity;sid:84542585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.139.62.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679484/; classtype:trojan-activity;sid:84542584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.23.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679483/; classtype:trojan-activity;sid:84542583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.12.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679482/; classtype:trojan-activity;sid:84542582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679481)"; flow:established,from_client; content:"GET"; http_method; content:"/3gdcj3onqt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g0qm.ko0um.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679481/; classtype:trojan-activity;sid:84542581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679480)"; flow:established,from_client; content:"GET"; http_method; content:"/8f.google|3f|t=z5bwx6ch"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"light.vbep-3.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679480/; classtype:trojan-activity;sid:84542580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679479)"; flow:established,from_client; content:"GET"; http_method; content:"/3s.google|3f|t=pseaa359"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"boat.ndoq-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679479/; classtype:trojan-activity;sid:84542579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679478)"; flow:established,from_client; content:"GET"; http_method; content:"/0rxndwhpgj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2vy.ko0um.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679478/; classtype:trojan-activity;sid:84542578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.234.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679477/; classtype:trojan-activity;sid:84542577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.241.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679476/; classtype:trojan-activity;sid:84542576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.102.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679475/; classtype:trojan-activity;sid:84542575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679474)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=jvjutuyg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cloud.8y7o4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679474/; classtype:trojan-activity;sid:84542574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679473)"; flow:established,from_client; content:"GET"; http_method; content:"/7so4d9fhb5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2vy.ko0um.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679473/; classtype:trojan-activity;sid:84542573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679472)"; flow:established,from_client; content:"GET"; http_method; content:"/r7h.check|3f|t=tggeynh3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wave.ndoq-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679472/; classtype:trojan-activity;sid:84542572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679471)"; flow:established,from_client; content:"GET"; http_method; content:"/dy9ds14jy1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lt7d.ko0um.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679471/; classtype:trojan-activity;sid:84542571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.40.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679470/; classtype:trojan-activity;sid:84542570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679469/; classtype:trojan-activity;sid:84542569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.159.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679468/; classtype:trojan-activity;sid:84542568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679467)"; flow:established,from_client; content:"GET"; http_method; content:"/89.check|3f|t=a3kwupyn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"stone.ndoq-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679467/; classtype:trojan-activity;sid:84542567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679466)"; flow:established,from_client; content:"GET"; http_method; content:"/2n5onktrob.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lt7d.ko0um.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679466/; classtype:trojan-activity;sid:84542566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.225.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679465/; classtype:trojan-activity;sid:84542565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.177.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679463/; classtype:trojan-activity;sid:84542563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.250.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679464/; classtype:trojan-activity;sid:84542564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679462)"; flow:established,from_client; content:"GET"; http_method; content:"/b6f7m4b0hg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w9pl.ko0um.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679462/; classtype:trojan-activity;sid:84542562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679461)"; flow:established,from_client; content:"GET"; http_method; content:"/ghn.google|3f|t=ybemq28x"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"stone.vbep-3.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679461/; classtype:trojan-activity;sid:84542561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679460)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=0isd0ros"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fire.8y7o4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679460/; classtype:trojan-activity;sid:84542560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679459)"; flow:established,from_client; content:"GET"; http_method; content:"/dkelv6bb7u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w9pl.ko0um.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679459/; classtype:trojan-activity;sid:84542559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.184.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679458/; classtype:trojan-activity;sid:84542558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.168.0.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679457/; classtype:trojan-activity;sid:84542557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679456/; classtype:trojan-activity;sid:84542556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679454)"; flow:established,from_client; content:"GET"; http_method; content:"/3r.check|3f|t=1mwc4b23"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"book.1a2e6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679454/; classtype:trojan-activity;sid:84542554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679455)"; flow:established,from_client; content:"GET"; http_method; content:"/2e6tx3moi1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f6rx.ko0um.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679455/; classtype:trojan-activity;sid:84542555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679453)"; flow:established,from_client; content:"GET"; http_method; content:"/4toiqx2v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mv.wir-2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679453/; classtype:trojan-activity;sid:84542553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679452)"; flow:established,from_client; content:"GET"; http_method; content:"/4z.google|3f|t=4aw6so0e"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mv.wir-2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679452/; classtype:trojan-activity;sid:84542552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679451)"; flow:established,from_client; content:"GET"; http_method; content:"/e6dhad6jjv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f6rx.ko0um.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679451/; classtype:trojan-activity;sid:84542551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.123.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679450/; classtype:trojan-activity;sid:84542550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.169.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679449/; classtype:trojan-activity;sid:84542549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.45.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679448/; classtype:trojan-activity;sid:84542548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679444)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679444/; classtype:trojan-activity;sid:84542544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.68.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679445/; classtype:trojan-activity;sid:84542545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.79.166.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679446/; classtype:trojan-activity;sid:84542546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679447)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679447/; classtype:trojan-activity;sid:84542547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.222.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679442/; classtype:trojan-activity;sid:84542542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.222.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679443/; classtype:trojan-activity;sid:84542543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.121.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679441/; classtype:trojan-activity;sid:84542541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679438)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.60.16.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679438/; classtype:trojan-activity;sid:84542538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.142.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679439/; classtype:trojan-activity;sid:84542539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679440/; classtype:trojan-activity;sid:84542540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679437)"; flow:established,from_client; content:"GET"; http_method; content:"/ddugmdmhtb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y1dk.fi7em.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679437/; classtype:trojan-activity;sid:84542537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679436)"; flow:established,from_client; content:"GET"; http_method; content:"/47u.google|3f|t=u7p9cy5p"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"932.wir-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679436/; classtype:trojan-activity;sid:84542536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679435/; classtype:trojan-activity;sid:84542535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679434)"; flow:established,from_client; content:"GET"; http_method; content:"/sr.check|3f|t=m6dop8tx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t9k.wir-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679434/; classtype:trojan-activity;sid:84542534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679433)"; flow:established,from_client; content:"GET"; http_method; content:"/xu6gbriz5o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zn8c.fi7em.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679433/; classtype:trojan-activity;sid:84542533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.254.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679432/; classtype:trojan-activity;sid:84542532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679431/; classtype:trojan-activity;sid:84542531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.88.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679430/; classtype:trojan-activity;sid:84542530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679429/; classtype:trojan-activity;sid:84542529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679428/; classtype:trojan-activity;sid:84542528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679427)"; flow:established,from_client; content:"GET"; http_method; content:"/k1x90n22x0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zn8c.fi7em.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679427/; classtype:trojan-activity;sid:84542527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679426)"; flow:established,from_client; content:"GET"; http_method; content:"/6jt.check|3f|t=lys5n4mb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u7j.wir-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679426/; classtype:trojan-activity;sid:84542526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679425/; classtype:trojan-activity;sid:84542525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.193.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679424/; classtype:trojan-activity;sid:84542524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.255.130.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679423/; classtype:trojan-activity;sid:84542523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679421)"; flow:established,from_client; content:"GET"; http_method; content:"/fy.check|3f|t=gsxm9304"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"9t4.wir-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679421/; classtype:trojan-activity;sid:84542521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679422)"; flow:established,from_client; content:"GET"; http_method; content:"/ungfbg5jn0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p3za.fi7em.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679422/; classtype:trojan-activity;sid:84542522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.87.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679420/; classtype:trojan-activity;sid:84542520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.33.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679419/; classtype:trojan-activity;sid:84542519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.9.115.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679418/; classtype:trojan-activity;sid:84542518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679417)"; flow:established,from_client; content:"GET"; http_method; content:"/softscompany/d/27/clipboard.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"trmm.space"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679417/; classtype:trojan-activity;sid:84542517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679416/; classtype:trojan-activity;sid:84542516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679415)"; flow:established,from_client; content:"GET"; http_method; content:"/ghg/mt_dated_29.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"securestore.cv"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679415/; classtype:trojan-activity;sid:84542515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679414)"; flow:established,from_client; content:"GET"; http_method; content:"/ru1.check|3f|t=psguvghh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3r.bid-5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679414/; classtype:trojan-activity;sid:84542514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679413)"; flow:established,from_client; content:"GET"; http_method; content:"/4hkr4ptk70.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p3za.fi7em.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679413/; classtype:trojan-activity;sid:84542513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679412)"; flow:established,from_client; content:"GET"; http_method; content:"/softscompany/d/14/nodejs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"filestore.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679412/; classtype:trojan-activity;sid:84542512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679411)"; flow:established,from_client; content:"GET"; http_method; content:"/679u27ny9.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dpaste.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679411/; classtype:trojan-activity;sid:84542511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679410)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_20251015_1613/optimized_msi.png"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679410/; classtype:trojan-activity;sid:84542510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.215.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679409/; classtype:trojan-activity;sid:84542509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679408/; classtype:trojan-activity;sid:84542508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679407)"; flow:established,from_client; content:"GET"; http_method; content:"/img/ksms/sc9ddc73jjhfjsh8cxs0d9xc23hjhj5j6jhj8bh876hfdf90gd900vb90brt90t0yr09asd03sfd0f0sd.hta"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679407/; classtype:trojan-activity;sid:84542507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679406)"; flow:established,from_client; content:"GET"; http_method; content:"/380/msidfi9sd0fgdfkgjdfg00fdg034dfgkdfkgj9fdg934fdghdff9gd9fg9fd.hta"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"84.38.134.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679406/; classtype:trojan-activity;sid:84542506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679405)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251015234338.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"quicolozada.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679405/; classtype:trojan-activity;sid:84542505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679404)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251015234809.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"quicolozada.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679404/; classtype:trojan-activity;sid:84542504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679403)"; flow:established,from_client; content:"GET"; http_method; content:"/doge/optimized_msi.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"quicolozada.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679403/; classtype:trojan-activity;sid:84542503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679401)"; flow:established,from_client; content:"GET"; http_method; content:"/heartbreakerplayerqes/animated-chainsaw/releases/download/das/launcherp9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679401/; classtype:trojan-activity;sid:84542501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679402)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8066542889/qvprzpj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679402/; classtype:trojan-activity;sid:84542502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.9.115.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679400/; classtype:trojan-activity;sid:84542500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679399)"; flow:established,from_client; content:"GET"; http_method; content:"/0x.google|3f|t=sbxoosd0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"w8v.bid-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679399/; classtype:trojan-activity;sid:84542499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.185.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679398/; classtype:trojan-activity;sid:84542498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.2.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679397/; classtype:trojan-activity;sid:84542497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.196.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679396/; classtype:trojan-activity;sid:84542496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.87.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679395/; classtype:trojan-activity;sid:84542495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679394)"; flow:established,from_client; content:"GET"; http_method; content:"/rl.check|3f|t=5jr0660k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z2.bid-5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679394/; classtype:trojan-activity;sid:84542494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679393)"; flow:established,from_client; content:"GET"; http_method; content:"/53mxp83k3v.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b5uk.fi7em.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679393/; classtype:trojan-activity;sid:84542493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.210.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679391/; classtype:trojan-activity;sid:84542491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.10.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679392/; classtype:trojan-activity;sid:84542492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.185.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679390/; classtype:trojan-activity;sid:84542490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679389)"; flow:established,from_client; content:"GET"; http_method; content:"/2hj6j7ts12.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq74.fi7em.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679389/; classtype:trojan-activity;sid:84542489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679388)"; flow:established,from_client; content:"GET"; http_method; content:"/ii8.check|3f|t=h8nh3c9v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tree.bvuf-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679388/; classtype:trojan-activity;sid:84542488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.2.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679387/; classtype:trojan-activity;sid:84542487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679386)"; flow:established,from_client; content:"GET"; http_method; content:"/ye.google|3f|t=kesomg7m"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"forest.bvuf-2.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679386/; classtype:trojan-activity;sid:84542486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679385)"; flow:established,from_client; content:"GET"; http_method; content:"/vdbdk6bgos.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hd3n.fi7em.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679385/; classtype:trojan-activity;sid:84542485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.35.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679384/; classtype:trojan-activity;sid:84542484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.48.185.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679383/; classtype:trojan-activity;sid:84542483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.163.57.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679382/; classtype:trojan-activity;sid:84542482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.242.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679381/; classtype:trojan-activity;sid:84542481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.76.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679380/; classtype:trojan-activity;sid:84542480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679379)"; flow:established,from_client; content:"GET"; http_method; content:"/4q.google|3f|t=r7heegpf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sun.8u2a9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679379/; classtype:trojan-activity;sid:84542479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679378)"; flow:established,from_client; content:"GET"; http_method; content:"/a4atbxyz6z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q4xn.te7ap.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679378/; classtype:trojan-activity;sid:84542478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.215.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679377/; classtype:trojan-activity;sid:84542477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.35.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679376/; classtype:trojan-activity;sid:84542476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679375)"; flow:established,from_client; content:"GET"; http_method; content:"/cqcio57lzw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q4xn.te7ap.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679375/; classtype:trojan-activity;sid:84542475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679374)"; flow:established,from_client; content:"GET"; http_method; content:"/9rz.check|3f|t=6hkftbaq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cloud.8u2a9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679374/; classtype:trojan-activity;sid:84542474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679373/; classtype:trojan-activity;sid:84542473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679372)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7912960477/sgku7ru.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679372/; classtype:trojan-activity;sid:84542472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679371)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2022/03/win64.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"www.bdbarrandov.cz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679371/; classtype:trojan-activity;sid:84542471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679370)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7933012987/kuawb3y.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679370/; classtype:trojan-activity;sid:84542470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679369)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=h476fktt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"forest.4i1e2.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679369/; classtype:trojan-activity;sid:84542469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679368)"; flow:established,from_client; content:"GET"; http_method; content:"/f1pcv1xrgk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7qv.te7ap.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679368/; classtype:trojan-activity;sid:84542468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.80.125.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679367/; classtype:trojan-activity;sid:84542467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679366)"; flow:established,from_client; content:"GET"; http_method; content:"/9sx3filxls.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7qv.te7ap.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679366/; classtype:trojan-activity;sid:84542466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679365)"; flow:established,from_client; content:"GET"; http_method; content:"/sr.check|3f|t=erzxtlhl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"storm.bvuf-2.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679365/; classtype:trojan-activity;sid:84542465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.59.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679364/; classtype:trojan-activity;sid:84542464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.91.3.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679363/; classtype:trojan-activity;sid:84542463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.35.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679362/; classtype:trojan-activity;sid:84542462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679360)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=xogb5hkw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"stone.4i1e2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679360/; classtype:trojan-activity;sid:84542460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679361)"; flow:established,from_client; content:"GET"; http_method; content:"/b6oqe6r6d5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m0yl.te7ap.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679361/; classtype:trojan-activity;sid:84542461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.125.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679359/; classtype:trojan-activity;sid:84542459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.181.1.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679358/; classtype:trojan-activity;sid:84542458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679357)"; flow:established,from_client; content:"GET"; http_method; content:"/j92jqsq7f7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m0yl.te7ap.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679357/; classtype:trojan-activity;sid:84542457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679356)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=oqm93t0j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wolf.8u2a9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679356/; classtype:trojan-activity;sid:84542456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.211.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679355/; classtype:trojan-activity;sid:84542455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679354)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=b44t798a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"leaf.4i1e2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679354/; classtype:trojan-activity;sid:84542454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.35.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679353/; classtype:trojan-activity;sid:84542453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.181.1.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679352/; classtype:trojan-activity;sid:84542452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679351)"; flow:established,from_client; content:"GET"; http_method; content:"/hrlyafko8q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vr4x.te7ap.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679351/; classtype:trojan-activity;sid:84542451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679350)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m3.google|3f|t=ouj6dubf"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"rain.4i1e2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679350/; classtype:trojan-activity;sid:84542450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.153.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679349/; classtype:trojan-activity;sid:84542449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.2.251.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679348/; classtype:trojan-activity;sid:84542448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679347/; classtype:trojan-activity;sid:84542447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679346/; classtype:trojan-activity;sid:84542446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.55.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679345/; classtype:trojan-activity;sid:84542445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679344)"; flow:established,from_client; content:"GET"; http_method; content:"/0xq.google|3f|t=sldkyxfe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"water.4i1e2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679344/; classtype:trojan-activity;sid:84542444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679343)"; flow:established,from_client; content:"GET"; http_method; content:"/5hkuj2gjqb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1qh.te7ap.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679343/; classtype:trojan-activity;sid:84542443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679342)"; flow:established,from_client; content:"GET"; http_method; content:"/oez9wm04xu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1qh.te7ap.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679342/; classtype:trojan-activity;sid:84542442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679341)"; flow:established,from_client; content:"GET"; http_method; content:"/9y.check|3f|t=117u2t9i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"fire.bvuf-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679341/; classtype:trojan-activity;sid:84542441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.13.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679340/; classtype:trojan-activity;sid:84542440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679339)"; flow:established,from_client; content:"GET"; http_method; content:"/fn41qmip5k.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kz8m.te7ap.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679339/; classtype:trojan-activity;sid:84542439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679338)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=4dv2xywx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"path.4i1e2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679338/; classtype:trojan-activity;sid:84542438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679336/; classtype:trojan-activity;sid:84542436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.18.200.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679337/; classtype:trojan-activity;sid:84542437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679335)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1soeypqxk3b46dxnk88sjgsbuh6-md03d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679335/; classtype:trojan-activity;sid:84542435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679334)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hakmyr4mteagr5gu3slmuveahtnqaw0a"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679334/; classtype:trojan-activity;sid:84542434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.13.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679333/; classtype:trojan-activity;sid:84542433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679332)"; flow:established,from_client; content:"GET"; http_method; content:"/c0.check|3f|t=kaph4vvm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qd.nqyf-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679332/; classtype:trojan-activity;sid:84542432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679331)"; flow:established,from_client; content:"GET"; http_method; content:"/12/houselet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.164.59.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679331/; classtype:trojan-activity;sid:84542431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.231.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679330/; classtype:trojan-activity;sid:84542430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.25.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679329/; classtype:trojan-activity;sid:84542429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.54.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679328/; classtype:trojan-activity;sid:84542428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.90.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679327/; classtype:trojan-activity;sid:84542427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.49.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679326/; classtype:trojan-activity;sid:84542426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.90.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679324/; classtype:trojan-activity;sid:84542424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679325/; classtype:trojan-activity;sid:84542425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.49.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679323/; classtype:trojan-activity;sid:84542423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.205.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679322/; classtype:trojan-activity;sid:84542422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.226.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679321/; classtype:trojan-activity;sid:84542421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.205.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679320/; classtype:trojan-activity;sid:84542420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679319)"; flow:established,from_client; content:"GET"; http_method; content:"/ed.check|3f|t=ipxegror"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"war.rjuq-3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679319/; classtype:trojan-activity;sid:84542419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.174.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679318/; classtype:trojan-activity;sid:84542418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.124.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679317/; classtype:trojan-activity;sid:84542417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679316)"; flow:established,from_client; content:"GET"; http_method; content:"/7ftx2kjb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"glue.rjuq-3.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679316/; classtype:trojan-activity;sid:84542416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.228.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679315/; classtype:trojan-activity;sid:84542415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.132.132.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679314/; classtype:trojan-activity;sid:84542414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.254.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679313/; classtype:trojan-activity;sid:84542413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.188.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679309/; classtype:trojan-activity;sid:84542409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.223.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679310/; classtype:trojan-activity;sid:84542410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.185.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679311/; classtype:trojan-activity;sid:84542411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.195.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679312/; classtype:trojan-activity;sid:84542412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.75.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679307/; classtype:trojan-activity;sid:84542407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.162.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679308/; classtype:trojan-activity;sid:84542408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.3.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679306/; classtype:trojan-activity;sid:84542406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.200.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679305/; classtype:trojan-activity;sid:84542405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.33.138.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679301/; classtype:trojan-activity;sid:84542401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.226.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679302/; classtype:trojan-activity;sid:84542402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.222.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679303/; classtype:trojan-activity;sid:84542403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.90.248.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679304/; classtype:trojan-activity;sid:84542404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.107.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679299/; classtype:trojan-activity;sid:84542399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679300/; classtype:trojan-activity;sid:84542400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.110.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679298/; classtype:trojan-activity;sid:84542398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.162.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679297/; classtype:trojan-activity;sid:84542397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679295)"; flow:established,from_client; content:"GET"; http_method; content:"/hello.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.28.199.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679295/; classtype:trojan-activity;sid:84542395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679296)"; flow:established,from_client; content:"GET"; http_method; content:"/hello.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"money1.xiaobenup.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679296/; classtype:trojan-activity;sid:84542396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679293)"; flow:established,from_client; content:"GET"; http_method; content:"/9.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.188.98.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679293/; classtype:trojan-activity;sid:84542393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679294)"; flow:established,from_client; content:"GET"; http_method; content:"/xdwd.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.188.98.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679294/; classtype:trojan-activity;sid:84542394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679292/; classtype:trojan-activity;sid:84542392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.162.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679291/; classtype:trojan-activity;sid:84542391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.132.132.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679290/; classtype:trojan-activity;sid:84542390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.124.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679289/; classtype:trojan-activity;sid:84542389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.18.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679288/; classtype:trojan-activity;sid:84542388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.59.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679287/; classtype:trojan-activity;sid:84542387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.246.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679286/; classtype:trojan-activity;sid:84542386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679285/; classtype:trojan-activity;sid:84542385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679283)"; flow:established,from_client; content:"GET"; http_method; content:"/ns.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"48.209.82.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679283/; classtype:trojan-activity;sid:84542383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679284)"; flow:established,from_client; content:"GET"; http_method; content:"/hele.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"48.209.82.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679284/; classtype:trojan-activity;sid:84542384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679282)"; flow:established,from_client; content:"GET"; http_method; content:"/bebra81/bebraprime/-/raw/main/bypasserupd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679282/; classtype:trojan-activity;sid:84542382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679281)"; flow:established,from_client; content:"GET"; http_method; content:"/bebra81/bebraprime/-/raw/main/cheatupd.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679281/; classtype:trojan-activity;sid:84542381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679280)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ynmkkhlr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679280/; classtype:trojan-activity;sid:84542380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679279)"; flow:established,from_client; content:"GET"; http_method; content:"/nuj.check|3f|t=v4b7nqz9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"slash.gdyl-2.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679279/; classtype:trojan-activity;sid:84542379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.124.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679278/; classtype:trojan-activity;sid:84542378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.18.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679277/; classtype:trojan-activity;sid:84542377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.59.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679276/; classtype:trojan-activity;sid:84542376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.233.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679275/; classtype:trojan-activity;sid:84542375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.56.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679274/; classtype:trojan-activity;sid:84542374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.242.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679273/; classtype:trojan-activity;sid:84542373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.239.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679272/; classtype:trojan-activity;sid:84542372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679270/; classtype:trojan-activity;sid:84542370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679271)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679271/; classtype:trojan-activity;sid:84542371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679266)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679266/; classtype:trojan-activity;sid:84542366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679267)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679267/; classtype:trojan-activity;sid:84542367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679268)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679268/; classtype:trojan-activity;sid:84542368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679269)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679269/; classtype:trojan-activity;sid:84542369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679265)"; flow:established,from_client; content:"GET"; http_method; content:"/13.google|3f|t=ouevulko"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"car.gdyl-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679265/; classtype:trojan-activity;sid:84542365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.215.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679264/; classtype:trojan-activity;sid:84542364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679263)"; flow:established,from_client; content:"GET"; http_method; content:"/jacapn.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679263/; classtype:trojan-activity;sid:84542363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679261)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2frodita%20pe.txt|3f|alt=media|7c|26|7c|token=4d0ef261-f77d-400f-952d-34c41ee8d7f5"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679261/; classtype:trojan-activity;sid:84542361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679262)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fdllroda.txt|3f|alt=media|7c|26|7c|token=8b9a573d-2052-4ffd-963f-6d1e2e01398c"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679262/; classtype:trojan-activity;sid:84542362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.56.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679260/; classtype:trojan-activity;sid:84542360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679259)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ffofu6npx3s46w484zfwpimucpx67mn_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679259/; classtype:trojan-activity;sid:84542359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679258)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oja-eobx88saaodorecz8kkpwfgpkezl"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679258/; classtype:trojan-activity;sid:84542358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.92.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679257/; classtype:trojan-activity;sid:84542357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679256)"; flow:established,from_client; content:"GET"; http_method; content:"/fire/wormb.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679256/; classtype:trojan-activity;sid:84542356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679255/; classtype:trojan-activity;sid:84542355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679254)"; flow:established,from_client; content:"GET"; http_method; content:"/348/we9d8dsf3er34kjer433j4j4d9s9cv03kds929fd93tj4h34kfkg43d9cv9349fdf04k4j4nk455n.hta"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679254/; classtype:trojan-activity;sid:84542354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.205.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679253/; classtype:trojan-activity;sid:84542353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.92.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679252/; classtype:trojan-activity;sid:84542352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679251)"; flow:established,from_client; content:"GET"; http_method; content:"/br/wizftttd/gfphkygz"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"md.grupflixca.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679251/; classtype:trojan-activity;sid:84542351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.127.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679250/; classtype:trojan-activity;sid:84542350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.148.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679249/; classtype:trojan-activity;sid:84542349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679248)"; flow:established,from_client; content:"GET"; http_method; content:"/424/sd829fsf23fkjjskfdj9vc9d849ffk4jkjsdjf929f94989cxv9x89vv934999g3kj49gdf9g89dg993.hta"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679248/; classtype:trojan-activity;sid:84542348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679247)"; flow:established,from_client; content:"GET"; http_method; content:"/250/sdu83u4udfyug7dg734u3ufd8g88vxv8843900v09xver00e3490dfghjxch8vxv3j223j3j4jj4j0x9.hta"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"96.44.159.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679247/; classtype:trojan-activity;sid:84542347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679246)"; flow:established,from_client; content:"GET"; http_method; content:"/ljwluq.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679246/; classtype:trojan-activity;sid:84542346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679245)"; flow:established,from_client; content:"GET"; http_method; content:"/4awfz5.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679245/; classtype:trojan-activity;sid:84542345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679244)"; flow:established,from_client; content:"GET"; http_method; content:"/iy1e0o.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679244/; classtype:trojan-activity;sid:84542344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.106.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679243/; classtype:trojan-activity;sid:84542343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.174.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679242/; classtype:trojan-activity;sid:84542342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.30.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679241/; classtype:trojan-activity;sid:84542341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679240)"; flow:established,from_client; content:"GET"; http_method; content:"/btc.check|3f|t=9ot8ga7k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"topaz.mcej-9.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679240/; classtype:trojan-activity;sid:84542340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.156.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679239/; classtype:trojan-activity;sid:84542339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.127.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679238/; classtype:trojan-activity;sid:84542338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679236/; classtype:trojan-activity;sid:84542336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679235)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.176.40.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679235/; classtype:trojan-activity;sid:84542335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.131.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679234/; classtype:trojan-activity;sid:84542334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.106.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679233/; classtype:trojan-activity;sid:84542333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.28.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679232/; classtype:trojan-activity;sid:84542332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679231)"; flow:established,from_client; content:"GET"; http_method; content:"/hip9k0.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679231/; classtype:trojan-activity;sid:84542331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.61.181.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679230/; classtype:trojan-activity;sid:84542330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679221)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679221/; classtype:trojan-activity;sid:84542321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679222)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679222/; classtype:trojan-activity;sid:84542322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679223)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679223/; classtype:trojan-activity;sid:84542323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679224)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679224/; classtype:trojan-activity;sid:84542324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679225)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679225/; classtype:trojan-activity;sid:84542325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679226)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679226/; classtype:trojan-activity;sid:84542326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679227)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679227/; classtype:trojan-activity;sid:84542327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679228)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679228/; classtype:trojan-activity;sid:84542328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679229)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679229/; classtype:trojan-activity;sid:84542329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679220)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679220/; classtype:trojan-activity;sid:84542320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679216)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679216/; classtype:trojan-activity;sid:84542316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679217)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679217/; classtype:trojan-activity;sid:84542317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679218)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679218/; classtype:trojan-activity;sid:84542318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679219)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679219/; classtype:trojan-activity;sid:84542319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679212)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679212/; classtype:trojan-activity;sid:84542312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679213)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679213/; classtype:trojan-activity;sid:84542313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679214)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679214/; classtype:trojan-activity;sid:84542314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679215)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679215/; classtype:trojan-activity;sid:84542315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679211)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679211/; classtype:trojan-activity;sid:84542311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679207)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679207/; classtype:trojan-activity;sid:84542307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679208)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679208/; classtype:trojan-activity;sid:84542308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679209)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"insaim10.prosuperservers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679209/; classtype:trojan-activity;sid:84542309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679210)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679210/; classtype:trojan-activity;sid:84542310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679206)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"n8n.heroxhost.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679206/; classtype:trojan-activity;sid:84542306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679205)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ysj_pjf44xzowobznthwk_7zvqcgf8ql"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679205/; classtype:trojan-activity;sid:84542305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679204)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1po5maavx9tc2rdwxsqdqdlwkmls1sq3v"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679204/; classtype:trojan-activity;sid:84542304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679203/; classtype:trojan-activity;sid:84542303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.120.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679202/; classtype:trojan-activity;sid:84542302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679201)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679201/; classtype:trojan-activity;sid:84542301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679200)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679200/; classtype:trojan-activity;sid:84542300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.223.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679199/; classtype:trojan-activity;sid:84542299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679191)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679191/; classtype:trojan-activity;sid:84542291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679192)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679192/; classtype:trojan-activity;sid:84542292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679193)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679193/; classtype:trojan-activity;sid:84542293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679194)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679194/; classtype:trojan-activity;sid:84542294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679195)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679195/; classtype:trojan-activity;sid:84542295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679196)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679196/; classtype:trojan-activity;sid:84542296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679197)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679197/; classtype:trojan-activity;sid:84542297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.148.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679198/; classtype:trojan-activity;sid:84542298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.32.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679190/; classtype:trojan-activity;sid:84542290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.120.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679189/; classtype:trojan-activity;sid:84542289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679186/; classtype:trojan-activity;sid:84542286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.68.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679187/; classtype:trojan-activity;sid:84542287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.0.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679188/; classtype:trojan-activity;sid:84542288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679185)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679185/; classtype:trojan-activity;sid:84542285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679184)"; flow:established,from_client; content:"GET"; http_method; content:"/t8.check|3f|t=3futtoi7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"saffron.wtok-2.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679184/; classtype:trojan-activity;sid:84542284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.75.245.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679183/; classtype:trojan-activity;sid:84542283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679172)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.88.18.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679172/; classtype:trojan-activity;sid:84542272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679173)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"81.88.18.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679173/; classtype:trojan-activity;sid:84542273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679174)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"81.88.18.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679174/; classtype:trojan-activity;sid:84542274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679175)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"81.88.18.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679175/; classtype:trojan-activity;sid:84542275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679176)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"81.88.18.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679176/; classtype:trojan-activity;sid:84542276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679177)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"81.88.18.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679177/; classtype:trojan-activity;sid:84542277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679178)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vps-2624.onecom-cloud.one"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679178/; classtype:trojan-activity;sid:84542278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679179)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679179/; classtype:trojan-activity;sid:84542279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679180)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679180/; classtype:trojan-activity;sid:84542280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679181)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8042875554/o0t15di.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679181/; classtype:trojan-activity;sid:84542281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679182)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vps-2624.onecom-cloud.one"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679182/; classtype:trojan-activity;sid:84542282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679162)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679162/; classtype:trojan-activity;sid:84542262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679163)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679163/; classtype:trojan-activity;sid:84542263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679164)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679164/; classtype:trojan-activity;sid:84542264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679165)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.88.18.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679165/; classtype:trojan-activity;sid:84542265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679166)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"81.88.18.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679166/; classtype:trojan-activity;sid:84542266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679167)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679167/; classtype:trojan-activity;sid:84542267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679168)"; flow:established,from_client; content:"GET"; http_method; content:"/goon.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679168/; classtype:trojan-activity;sid:84542268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679169)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679169/; classtype:trojan-activity;sid:84542269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679170)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679170/; classtype:trojan-activity;sid:84542270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679171)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679171/; classtype:trojan-activity;sid:84542271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679161)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/shadow.arm64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"81.88.18.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679161/; classtype:trojan-activity;sid:84542261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679159)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/binary.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"vps-2624.onecom-cloud.one"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679159/; classtype:trojan-activity;sid:84542259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679160)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow/bins/binary.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"81.88.18.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679160/; classtype:trojan-activity;sid:84542260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679158)"; flow:established,from_client; content:"GET"; http_method; content:"/notepad.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bmh-global.myfirewall.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679158/; classtype:trojan-activity;sid:84542258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679157)"; flow:established,from_client; content:"GET"; http_method; content:"/baby.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679157/; classtype:trojan-activity;sid:84542257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679153)"; flow:established,from_client; content:"GET"; http_method; content:"/document.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bmh-global.myfirewall.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679153/; classtype:trojan-activity;sid:84542253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679154)"; flow:established,from_client; content:"GET"; http_method; content:"/socvxfejcj68ecxxbau2uw9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"eg.unspokentinkling.digital"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679154/; classtype:trojan-activity;sid:84542254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679155)"; flow:established,from_client; content:"GET"; http_method; content:"/baboo-goodjokerauo/2/releases/download/da/launcherp9.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679155/; classtype:trojan-activity;sid:84542255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679156)"; flow:established,from_client; content:"GET"; http_method; content:"/cla3x3xc76mr9wmigdvbcy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"eg.unspokentinkling.digital"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679156/; classtype:trojan-activity;sid:84542256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679151)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679151/; classtype:trojan-activity;sid:84542251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679152)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679152/; classtype:trojan-activity;sid:84542252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679150)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679150/; classtype:trojan-activity;sid:84542250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679148)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpoint.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"igw.myfirewall.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679148/; classtype:trojan-activity;sid:84542248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679149)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679149/; classtype:trojan-activity;sid:84542249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679146)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"srv985502.hstgr.cloud"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679146/; classtype:trojan-activity;sid:84542246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679147)"; flow:established,from_client; content:"GET"; http_method; content:"/words.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igw.myfirewall.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679147/; classtype:trojan-activity;sid:84542247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679145)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5424274452/ev3rvii.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679145/; classtype:trojan-activity;sid:84542245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679144)"; flow:established,from_client; content:"GET"; http_method; content:"/houselet.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.164.59.38.12"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679144/; classtype:trojan-activity;sid:84542244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.223.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679143/; classtype:trojan-activity;sid:84542243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.68.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679142/; classtype:trojan-activity;sid:84542242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.253.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679141/; classtype:trojan-activity;sid:84542241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.52.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679140/; classtype:trojan-activity;sid:84542240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.211.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679139/; classtype:trojan-activity;sid:84542239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.178.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679138/; classtype:trojan-activity;sid:84542238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.174.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679137/; classtype:trojan-activity;sid:84542237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.52.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679136/; classtype:trojan-activity;sid:84542236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.253.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679135/; classtype:trojan-activity;sid:84542235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.178.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679134/; classtype:trojan-activity;sid:84542234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.56.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679133/; classtype:trojan-activity;sid:84542233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679132)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679132/; classtype:trojan-activity;sid:84542232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.62.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679131/; classtype:trojan-activity;sid:84542231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.105.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679130/; classtype:trojan-activity;sid:84542230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679129/; classtype:trojan-activity;sid:84542229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679125)"; flow:established,from_client; content:"GET"; http_method; content:"/12/indevout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.164.59.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679125/; classtype:trojan-activity;sid:84542225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679126)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1371132119/hondgja.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679126/; classtype:trojan-activity;sid:84542226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679127)"; flow:established,from_client; content:"GET"; http_method; content:"/kbt1/y1006.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.95.245.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679127/; classtype:trojan-activity;sid:84542227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679128)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7912960477/bzfvw9a.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679128/; classtype:trojan-activity;sid:84542228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679123)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8167064937/b0zao6u.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679123/; classtype:trojan-activity;sid:84542223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679124)"; flow:established,from_client; content:"GET"; http_method; content:"/files/549123828/dcwxiio.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679124/; classtype:trojan-activity;sid:84542224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679122)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1242384682/gildgok.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679122/; classtype:trojan-activity;sid:84542222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679121)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/oubuyfe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679121/; classtype:trojan-activity;sid:84542221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.182.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679120/; classtype:trojan-activity;sid:84542220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679119)"; flow:established,from_client; content:"GET"; http_method; content:"/3j.check|3f|t=gqh8sgha"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"flint.wqix-5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679119/; classtype:trojan-activity;sid:84542219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.43.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679118/; classtype:trojan-activity;sid:84542218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.62.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679116/; classtype:trojan-activity;sid:84542216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.2.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679117/; classtype:trojan-activity;sid:84542217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679115/; classtype:trojan-activity;sid:84542215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.105.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679114/; classtype:trojan-activity;sid:84542214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.66.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679113/; classtype:trojan-activity;sid:84542213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.182.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679112/; classtype:trojan-activity;sid:84542212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679111/; classtype:trojan-activity;sid:84542211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.188.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679110/; classtype:trojan-activity;sid:84542210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.55.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679109/; classtype:trojan-activity;sid:84542209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.66.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679108/; classtype:trojan-activity;sid:84542208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679107)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i486"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679107/; classtype:trojan-activity;sid:84542207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679099)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679099/; classtype:trojan-activity;sid:84542199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679100)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679100/; classtype:trojan-activity;sid:84542200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679101)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679101/; classtype:trojan-activity;sid:84542201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679102)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679102/; classtype:trojan-activity;sid:84542202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679103)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679103/; classtype:trojan-activity;sid:84542203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679104)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679104/; classtype:trojan-activity;sid:84542204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679105)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679105/; classtype:trojan-activity;sid:84542205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679106)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679106/; classtype:trojan-activity;sid:84542206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679098)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679098/; classtype:trojan-activity;sid:84542198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679097)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.150.143.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679097/; classtype:trojan-activity;sid:84542197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679096)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679096/; classtype:trojan-activity;sid:84542196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.101.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679095/; classtype:trojan-activity;sid:84542195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.36.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679094/; classtype:trojan-activity;sid:84542194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679092/; classtype:trojan-activity;sid:84542192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.233.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679093/; classtype:trojan-activity;sid:84542193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.175.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679090/; classtype:trojan-activity;sid:84542190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.29.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679091/; classtype:trojan-activity;sid:84542191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679085)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679085/; classtype:trojan-activity;sid:84542185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679086)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679086/; classtype:trojan-activity;sid:84542186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679087)"; flow:established,from_client; content:"GET"; http_method; content:"/sexyug/mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679087/; classtype:trojan-activity;sid:84542187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679088)"; flow:established,from_client; content:"GET"; http_method; content:"/75.google|3f|t=9kr5yaja"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"velvet.wqix-5.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679088/; classtype:trojan-activity;sid:84542188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679089)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679089/; classtype:trojan-activity;sid:84542189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.21.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679084/; classtype:trojan-activity;sid:84542184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.71.39.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679083/; classtype:trojan-activity;sid:84542183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.240.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679082/; classtype:trojan-activity;sid:84542182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679081)"; flow:established,from_client; content:"GET"; http_method; content:"/q4sdk0dg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h9.5e7i0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679081/; classtype:trojan-activity;sid:84542181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679080/; classtype:trojan-activity;sid:84542180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679079)"; flow:established,from_client; content:"GET"; http_method; content:"/7vb.check|3f|t=zcb64gwo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9.5e7i0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679079/; classtype:trojan-activity;sid:84542179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.153.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679078/; classtype:trojan-activity;sid:84542178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.71.39.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679077/; classtype:trojan-activity;sid:84542177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.226.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679076/; classtype:trojan-activity;sid:84542176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679075)"; flow:established,from_client; content:"GET"; http_method; content:"/ks.check|3f|t=kpa4swvs"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z1.5e7i0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679075/; classtype:trojan-activity;sid:84542175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679074/; classtype:trojan-activity;sid:84542174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.212.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679073/; classtype:trojan-activity;sid:84542173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.15.55.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679072/; classtype:trojan-activity;sid:84542172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679071)"; flow:established,from_client; content:"GET"; http_method; content:"/1va.check|3f|t=n3yynwxy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q4.5e7i0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679071/; classtype:trojan-activity;sid:84542171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.62.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679070/; classtype:trojan-activity;sid:84542170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.226.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679069/; classtype:trojan-activity;sid:84542169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.38.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679068/; classtype:trojan-activity;sid:84542168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679067)"; flow:established,from_client; content:"GET"; http_method; content:"/7w2.google|3f|t=6brbljjz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p9.1o6y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679067/; classtype:trojan-activity;sid:84542167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679066)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23421823.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679066/; classtype:trojan-activity;sid:84542166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679065/; classtype:trojan-activity;sid:84542165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.134.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679064/; classtype:trojan-activity;sid:84542164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.14.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679063/; classtype:trojan-activity;sid:84542163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.15.55.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679062/; classtype:trojan-activity;sid:84542162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.75.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679061/; classtype:trojan-activity;sid:84542161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.134.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679060/; classtype:trojan-activity;sid:84542160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.199.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679059/; classtype:trojan-activity;sid:84542159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.46.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679058/; classtype:trojan-activity;sid:84542158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.38.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679057/; classtype:trojan-activity;sid:84542157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.14.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679056/; classtype:trojan-activity;sid:84542156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.75.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679055/; classtype:trojan-activity;sid:84542155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.243.143.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679054/; classtype:trojan-activity;sid:84542154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.178.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679053/; classtype:trojan-activity;sid:84542153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.225.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679052/; classtype:trojan-activity;sid:84542152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.28.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679051/; classtype:trojan-activity;sid:84542151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.251.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679050/; classtype:trojan-activity;sid:84542150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.113.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679049/; classtype:trojan-activity;sid:84542149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679048/; classtype:trojan-activity;sid:84542148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.243.143.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679047/; classtype:trojan-activity;sid:84542147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.178.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679046/; classtype:trojan-activity;sid:84542146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679045)"; flow:established,from_client; content:"GET"; http_method; content:"/k0.google|3f|t=ty4uhrfp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r7.4y2o5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679045/; classtype:trojan-activity;sid:84542145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.28.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679044/; classtype:trojan-activity;sid:84542144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.251.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679043/; classtype:trojan-activity;sid:84542143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.68.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679042/; classtype:trojan-activity;sid:84542142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.47.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679041/; classtype:trojan-activity;sid:84542141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.118.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679039/; classtype:trojan-activity;sid:84542139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679040)"; flow:established,from_client; content:"GET"; http_method; content:"/0zr.check|3f|t=yc0vjzc6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.4y2o5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679040/; classtype:trojan-activity;sid:84542140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.66.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679038/; classtype:trojan-activity;sid:84542138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679037/; classtype:trojan-activity;sid:84542137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679036)"; flow:established,from_client; content:"GET"; http_method; content:"/wcyqus2n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h7.4a8u6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679036/; classtype:trojan-activity;sid:84542136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.130.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679035/; classtype:trojan-activity;sid:84542135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.118.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679034/; classtype:trojan-activity;sid:84542134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.68.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679032/; classtype:trojan-activity;sid:84542132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.96.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679033/; classtype:trojan-activity;sid:84542133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.43.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679031/; classtype:trojan-activity;sid:84542131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.115.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679030/; classtype:trojan-activity;sid:84542130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.253.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679029/; classtype:trojan-activity;sid:84542129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679028/; classtype:trojan-activity;sid:84542128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.66.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679027/; classtype:trojan-activity;sid:84542127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679026/; classtype:trojan-activity;sid:84542126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679025/; classtype:trojan-activity;sid:84542125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.115.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679024/; classtype:trojan-activity;sid:84542124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.219.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679023/; classtype:trojan-activity;sid:84542123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679022)"; flow:established,from_client; content:"GET"; http_method; content:"/o2nuy4zw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zit-5.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679022/; classtype:trojan-activity;sid:84542122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.242.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679021/; classtype:trojan-activity;sid:84542121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.198.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679020/; classtype:trojan-activity;sid:84542120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.46.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679019/; classtype:trojan-activity;sid:84542119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679018/; classtype:trojan-activity;sid:84542118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679017/; classtype:trojan-activity;sid:84542117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679016/; classtype:trojan-activity;sid:84542116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.32.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679013/; classtype:trojan-activity;sid:84542113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679014/; classtype:trojan-activity;sid:84542114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.139.62.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679015/; classtype:trojan-activity;sid:84542115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.235.118.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679009/; classtype:trojan-activity;sid:84542109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.239.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679010/; classtype:trojan-activity;sid:84542110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679011/; classtype:trojan-activity;sid:84542111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.243.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679012/; classtype:trojan-activity;sid:84542112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679008)"; flow:established,from_client; content:"GET"; http_method; content:"/work/original.js"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"signaturepl.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679008/; classtype:trojan-activity;sid:84542108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.24.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679006/; classtype:trojan-activity;sid:84542106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.101.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679007/; classtype:trojan-activity;sid:84542107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.198.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679005/; classtype:trojan-activity;sid:84542105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.101.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679004/; classtype:trojan-activity;sid:84542104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.213.103.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679003/; classtype:trojan-activity;sid:84542103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679002/; classtype:trojan-activity;sid:84542102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.36.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679001/; classtype:trojan-activity;sid:84542101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.88.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679000/; classtype:trojan-activity;sid:84542100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.32.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678999/; classtype:trojan-activity;sid:84542099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.88.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678998/; classtype:trojan-activity;sid:84542098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.36.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678997/; classtype:trojan-activity;sid:84542097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678996/; classtype:trojan-activity;sid:84542096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.164.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678995/; classtype:trojan-activity;sid:84542095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678994/; classtype:trojan-activity;sid:84542094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.103.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678993/; classtype:trojan-activity;sid:84542093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.229.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678992/; classtype:trojan-activity;sid:84542092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.200.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678991/; classtype:trojan-activity;sid:84542091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.148.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678990/; classtype:trojan-activity;sid:84542090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678989/; classtype:trojan-activity;sid:84542089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678988/; classtype:trojan-activity;sid:84542088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.230.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678987/; classtype:trojan-activity;sid:84542087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678986)"; flow:established,from_client; content:"GET"; http_method; content:"/224efbti"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1n.gyj-0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678986/; classtype:trojan-activity;sid:84542086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678985)"; flow:established,from_client; content:"GET"; http_method; content:"/9sdlhrqbnd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t2jw.kynh0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678985/; classtype:trojan-activity;sid:84542085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678984)"; flow:established,from_client; content:"GET"; http_method; content:"/yr.check|3f|t=r1x9ap5e"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"1n.gyj-0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678984/; classtype:trojan-activity;sid:84542084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678983/; classtype:trojan-activity;sid:84542083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.11.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678982/; classtype:trojan-activity;sid:84542082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.234.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678981/; classtype:trojan-activity;sid:84542081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678980)"; flow:established,from_client; content:"GET"; http_method; content:"/cgm2l85fwz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b7yg.kynh0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678980/; classtype:trojan-activity;sid:84542080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678979)"; flow:established,from_client; content:"GET"; http_method; content:"/qv.check|3f|t=sun941sn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wu.gyj-0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678979/; classtype:trojan-activity;sid:84542079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.11.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678978/; classtype:trojan-activity;sid:84542078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678977)"; flow:established,from_client; content:"GET"; http_method; content:"/nmuc5hi2ol.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x3rn.kynh0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678977/; classtype:trojan-activity;sid:84542077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678976)"; flow:established,from_client; content:"GET"; http_method; content:"/306.check|3f|t=jbce5mui"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pt.gyj-0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678976/; classtype:trojan-activity;sid:84542076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.234.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678975/; classtype:trojan-activity;sid:84542075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.230.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678974/; classtype:trojan-activity;sid:84542074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.220.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678973/; classtype:trojan-activity;sid:84542073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678971)"; flow:established,from_client; content:"GET"; http_method; content:"/w998w0ip77.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k6oz.kynh0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678971/; classtype:trojan-activity;sid:84542071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678972)"; flow:established,from_client; content:"GET"; http_method; content:"/nng.google|3f|t=na3859oz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"chp.gyj-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678972/; classtype:trojan-activity;sid:84542072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678970)"; flow:established,from_client; content:"GET"; http_method; content:"/z2vdt373ai.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n1sb.kynh0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678970/; classtype:trojan-activity;sid:84542070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678969)"; flow:established,from_client; content:"GET"; http_method; content:"/1t.check|3f|t=qltby9ho"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"fe.gyj-0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678969/; classtype:trojan-activity;sid:84542069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.193.197.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678968/; classtype:trojan-activity;sid:84542068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678966)"; flow:established,from_client; content:"GET"; http_method; content:"/vb5.check|3f|t=0oeuno68"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ov6.pot-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678966/; classtype:trojan-activity;sid:84542066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678967)"; flow:established,from_client; content:"GET"; http_method; content:"/yhaekbtl4j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q8dh.kynh0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678967/; classtype:trojan-activity;sid:84542067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.218.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678965/; classtype:trojan-activity;sid:84542065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.220.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678964/; classtype:trojan-activity;sid:84542064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678963)"; flow:established,from_client; content:"GET"; http_method; content:"/24ul0gwc0m.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q8dh.kynh0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678963/; classtype:trojan-activity;sid:84542063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678962)"; flow:established,from_client; content:"GET"; http_method; content:"/q4.check|3f|t=t3dzbngy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"65o.pot-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678962/; classtype:trojan-activity;sid:84542062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.51.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678961/; classtype:trojan-activity;sid:84542061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.61.181.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678960/; classtype:trojan-activity;sid:84542060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.200.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678959/; classtype:trojan-activity;sid:84542059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678958)"; flow:established,from_client; content:"GET"; http_method; content:"/628iy30j6q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6hk.nyqb0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678958/; classtype:trojan-activity;sid:84542058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678957)"; flow:established,from_client; content:"GET"; http_method; content:"/tz.check|3f|t=dv6p4i7f"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"e6.pot-5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678957/; classtype:trojan-activity;sid:84542057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.102.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678956/; classtype:trojan-activity;sid:84542056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678955)"; flow:established,from_client; content:"GET"; http_method; content:"/cgv.check|3f|t=lph5tww2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"baj.pot-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678955/; classtype:trojan-activity;sid:84542055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678954)"; flow:established,from_client; content:"GET"; http_method; content:"/1u0t8b0k62.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j9pf.nyqb0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678954/; classtype:trojan-activity;sid:84542054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678953)"; flow:established,from_client; content:"GET"; http_method; content:"/s3zr03ue4o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0wg.nyqb0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678953/; classtype:trojan-activity;sid:84542053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678952)"; flow:established,from_client; content:"GET"; http_method; content:"/qh.google|3f|t=wyjjvjc7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mr1.pot-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678952/; classtype:trojan-activity;sid:84542052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.218.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678951/; classtype:trojan-activity;sid:84542051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.153.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678950/; classtype:trojan-activity;sid:84542050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678949)"; flow:established,from_client; content:"GET"; http_method; content:"/f1e6bvjmk1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0wg.nyqb0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678949/; classtype:trojan-activity;sid:84542049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678948)"; flow:established,from_client; content:"GET"; http_method; content:"/sp.check|3f|t=jvzdwqsk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"inr.pot-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678948/; classtype:trojan-activity;sid:84542048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678947)"; flow:established,from_client; content:"GET"; http_method; content:"/or4.google|3f|t=itwrwfmf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lmg.pot-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678947/; classtype:trojan-activity;sid:84542047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678946)"; flow:established,from_client; content:"GET"; http_method; content:"/w2gyneznjx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z5kc.nyqb0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678946/; classtype:trojan-activity;sid:84542046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.41.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678945/; classtype:trojan-activity;sid:84542045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.94.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678944/; classtype:trojan-activity;sid:84542044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678943)"; flow:established,from_client; content:"GET"; http_method; content:"/2hw7wl6xcc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z5kc.nyqb0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678943/; classtype:trojan-activity;sid:84542043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678942)"; flow:established,from_client; content:"GET"; http_method; content:"/618.google|3f|t=livb5wfa"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"oy.cfob-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678942/; classtype:trojan-activity;sid:84542042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.114.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678941/; classtype:trojan-activity;sid:84542041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678940)"; flow:established,from_client; content:"GET"; http_method; content:"/prefiction.mp4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.sgeseducation.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678940/; classtype:trojan-activity;sid:84542040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678939)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.125.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678939/; classtype:trojan-activity;sid:84542039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678938)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.226.8.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678938/; classtype:trojan-activity;sid:84542038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678932)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.211.174.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678932/; classtype:trojan-activity;sid:84542032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678933)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.146.49.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678933/; classtype:trojan-activity;sid:84542033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678934)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"4.201.105.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678934/; classtype:trojan-activity;sid:84542034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678935)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.31.18.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678935/; classtype:trojan-activity;sid:84542035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678936)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.124.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678936/; classtype:trojan-activity;sid:84542036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678937)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.58.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678937/; classtype:trojan-activity;sid:84542037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678929)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/education.rar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"81.90.31.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678929/; classtype:trojan-activity;sid:84542029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678930)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/education.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"81.90.31.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678930/; classtype:trojan-activity;sid:84542030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678931)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.58.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678931/; classtype:trojan-activity;sid:84542031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678926/; classtype:trojan-activity;sid:84542026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.117.14.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678927/; classtype:trojan-activity;sid:84542027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.39.6.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678928/; classtype:trojan-activity;sid:84542028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678917)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.146.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678917/; classtype:trojan-activity;sid:84542017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.82.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678918/; classtype:trojan-activity;sid:84542018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.138.35.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678919/; classtype:trojan-activity;sid:84542019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.148.245.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678920/; classtype:trojan-activity;sid:84542020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.207.70.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678921/; classtype:trojan-activity;sid:84542021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.44.62.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678922/; classtype:trojan-activity;sid:84542022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"50.43.160.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678923/; classtype:trojan-activity;sid:84542023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.110.77.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678924/; classtype:trojan-activity;sid:84542024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.251.14.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678925/; classtype:trojan-activity;sid:84542025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.182.160.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678915/; classtype:trojan-activity;sid:84542015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.228.2.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678916/; classtype:trojan-activity;sid:84542016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678914)"; flow:established,from_client; content:"GET"; http_method; content:"/3hsu0e1fdt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c4tt.nyqb0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678914/; classtype:trojan-activity;sid:84542014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678913)"; flow:established,from_client; content:"GET"; http_method; content:"/df.check|3f|t=t151tjgn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"c9.cfob-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678913/; classtype:trojan-activity;sid:84542013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678911)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.85.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678911/; classtype:trojan-activity;sid:84542011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678912)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.145.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678912/; classtype:trojan-activity;sid:84542012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.167.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678910/; classtype:trojan-activity;sid:84542010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678906)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.168.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678906/; classtype:trojan-activity;sid:84542006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678907)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.168.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678907/; classtype:trojan-activity;sid:84542007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678908)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.168.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678908/; classtype:trojan-activity;sid:84542008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678909)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.168.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678909/; classtype:trojan-activity;sid:84542009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678903)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.31.30.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678903/; classtype:trojan-activity;sid:84542003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.31.30.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678904/; classtype:trojan-activity;sid:84542004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678905)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.180.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678905/; classtype:trojan-activity;sid:84542005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.155.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678902/; classtype:trojan-activity;sid:84542002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678901)"; flow:established,from_client; content:"GET"; http_method; content:"/puh.google|3f|t=ph9f6ekw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hpc.cfob-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678901/; classtype:trojan-activity;sid:84542001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678900)"; flow:established,from_client; content:"GET"; http_method; content:"/xde8msho1h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r7nd.nyqb0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678900/; classtype:trojan-activity;sid:84542000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678899)"; flow:established,from_client; content:"GET"; http_method; content:"/212p814kkp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r7nd.nyqb0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678899/; classtype:trojan-activity;sid:84541999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678898)"; flow:established,from_client; content:"GET"; http_method; content:"/ax7.check|3f|t=cfe5anol"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u7.cfob-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678898/; classtype:trojan-activity;sid:84541998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.98.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678897/; classtype:trojan-activity;sid:84541997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.114.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678896/; classtype:trojan-activity;sid:84541996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.54.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678895/; classtype:trojan-activity;sid:84541995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.237.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678894/; classtype:trojan-activity;sid:84541994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678893)"; flow:established,from_client; content:"GET"; http_method; content:"/w22ah7ez67.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h2ds.moxt5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678893/; classtype:trojan-activity;sid:84541993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678892)"; flow:established,from_client; content:"GET"; http_method; content:"/qw.check|3f|t=07mn9wvs"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"6dx.cfob-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678892/; classtype:trojan-activity;sid:84541992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678890)"; flow:established,from_client; content:"GET"; http_method; content:"/30ygq63j6o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1my.moxt5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678890/; classtype:trojan-activity;sid:84541990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678891)"; flow:established,from_client; content:"GET"; http_method; content:"/c5.google|3f|t=2p69b9ao"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4a.cfob-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678891/; classtype:trojan-activity;sid:84541991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.195.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678889/; classtype:trojan-activity;sid:84541989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.19.96.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678888/; classtype:trojan-activity;sid:84541988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678887/; classtype:trojan-activity;sid:84541987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.116.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678886/; classtype:trojan-activity;sid:84541986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678884)"; flow:established,from_client; content:"GET"; http_method; content:"/wdw.check|3f|t=ygzvpefm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3k.rxir-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678884/; classtype:trojan-activity;sid:84541984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678885)"; flow:established,from_client; content:"GET"; http_method; content:"/i3atsbip1p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1my.moxt5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678885/; classtype:trojan-activity;sid:84541985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678883/; classtype:trojan-activity;sid:84541983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678882)"; flow:established,from_client; content:"GET"; http_method; content:"/q0.check|3f|t=ll70bnop"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"3x1.rxir-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678882/; classtype:trojan-activity;sid:84541982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678881)"; flow:established,from_client; content:"GET"; http_method; content:"/mqmqkjrrub.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l8qh.moxt5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678881/; classtype:trojan-activity;sid:84541981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.202.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678880/; classtype:trojan-activity;sid:84541980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678879)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678879/; classtype:trojan-activity;sid:84541979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678877)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678877/; classtype:trojan-activity;sid:84541977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678878)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678878/; classtype:trojan-activity;sid:84541978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678876)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678876/; classtype:trojan-activity;sid:84541976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678875)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678875/; classtype:trojan-activity;sid:84541975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678874)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678874/; classtype:trojan-activity;sid:84541974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678872)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678872/; classtype:trojan-activity;sid:84541972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678873)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678873/; classtype:trojan-activity;sid:84541973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678869)"; flow:established,from_client; content:"GET"; http_method; content:"/scar"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678869/; classtype:trojan-activity;sid:84541969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678870)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678870/; classtype:trojan-activity;sid:84541970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678871)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678871/; classtype:trojan-activity;sid:84541971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678868)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678868/; classtype:trojan-activity;sid:84541968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678867)"; flow:established,from_client; content:"GET"; http_method; content:"/dc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678867/; classtype:trojan-activity;sid:84541967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.19.96.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678866/; classtype:trojan-activity;sid:84541966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.250.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678865/; classtype:trojan-activity;sid:84541965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678864)"; flow:established,from_client; content:"GET"; http_method; content:"/in1jpoaecy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t3wn.moxt5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678864/; classtype:trojan-activity;sid:84541964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.116.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678863/; classtype:trojan-activity;sid:84541963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678862)"; flow:established,from_client; content:"GET"; http_method; content:"/w2.google|3f|t=04x3kz89"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bb.rxir-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678862/; classtype:trojan-activity;sid:84541962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.27.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678861/; classtype:trojan-activity;sid:84541961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.237.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678860/; classtype:trojan-activity;sid:84541960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678859)"; flow:established,from_client; content:"GET"; http_method; content:"/2uy.google|3f|t=bglb01ye"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"l5.rxir-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678859/; classtype:trojan-activity;sid:84541959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.141.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678858/; classtype:trojan-activity;sid:84541958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678857)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678857/; classtype:trojan-activity;sid:84541957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678856)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8052963817/oru9g62.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678856/; classtype:trojan-activity;sid:84541956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678855)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6231240258/dut0vyp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678855/; classtype:trojan-activity;sid:84541955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.58.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678854/; classtype:trojan-activity;sid:84541954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.194.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678852/; classtype:trojan-activity;sid:84541952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.250.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678853/; classtype:trojan-activity;sid:84541953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.81.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678851/; classtype:trojan-activity;sid:84541951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678850)"; flow:established,from_client; content:"GET"; http_method; content:"/61bs3ijgcj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p9au.moxt5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678850/; classtype:trojan-activity;sid:84541950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678849)"; flow:established,from_client; content:"GET"; http_method; content:"/bos.check|3f|t=bhbw5ftj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cyc.rxir-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678849/; classtype:trojan-activity;sid:84541949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.89.100.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678848/; classtype:trojan-activity;sid:84541948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.36.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678847/; classtype:trojan-activity;sid:84541947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.164.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678846/; classtype:trojan-activity;sid:84541946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678845)"; flow:established,from_client; content:"GET"; http_method; content:"/wp6bi2roy6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v6yv.moxt5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678845/; classtype:trojan-activity;sid:84541945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678844)"; flow:established,from_client; content:"GET"; http_method; content:"/1b.google|3f|t=1qmo5pol"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v7b.rxir-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678844/; classtype:trojan-activity;sid:84541944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.252.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678843/; classtype:trojan-activity;sid:84541943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.250.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678842/; classtype:trojan-activity;sid:84541942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678841)"; flow:established,from_client; content:"GET"; http_method; content:"/sw.check|3f|t=gu0vmffp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"y7.blyp-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678841/; classtype:trojan-activity;sid:84541941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678840)"; flow:established,from_client; content:"GET"; http_method; content:"/p5y88dcfdh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v6yv.moxt5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678840/; classtype:trojan-activity;sid:84541940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.194.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678839/; classtype:trojan-activity;sid:84541939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678837/; classtype:trojan-activity;sid:84541937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.164.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678838/; classtype:trojan-activity;sid:84541938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.143.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678836/; classtype:trojan-activity;sid:84541936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.233.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678835/; classtype:trojan-activity;sid:84541935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678834)"; flow:established,from_client; content:"GET"; http_method; content:"/cq.google|3f|t=30e62yha"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e9u.blyp-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678834/; classtype:trojan-activity;sid:84541934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678833)"; flow:established,from_client; content:"GET"; http_method; content:"/d8nlpxqs55.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q0rd.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678833/; classtype:trojan-activity;sid:84541933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678831)"; flow:established,from_client; content:"GET"; http_method; content:"/5r7h.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"prixmatech.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678831/; classtype:trojan-activity;sid:84541931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678832)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"prixmatech.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678832/; classtype:trojan-activity;sid:84541932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678830)"; flow:established,from_client; content:"GET"; http_method; content:"/getdllv2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vale-sanete-investment.sbs"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678830/; classtype:trojan-activity;sid:84541930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.192.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678829/; classtype:trojan-activity;sid:84541929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.133.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678827/; classtype:trojan-activity;sid:84541927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678828/; classtype:trojan-activity;sid:84541928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.137.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678819/; classtype:trojan-activity;sid:84541919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.169.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678820/; classtype:trojan-activity;sid:84541920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.193.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678821/; classtype:trojan-activity;sid:84541921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.51.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678822/; classtype:trojan-activity;sid:84541922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.189.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678823/; classtype:trojan-activity;sid:84541923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.79.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678824/; classtype:trojan-activity;sid:84541924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678825/; classtype:trojan-activity;sid:84541925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.16.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678826/; classtype:trojan-activity;sid:84541926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.108.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678818/; classtype:trojan-activity;sid:84541918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.36.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678817/; classtype:trojan-activity;sid:84541917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678816)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678816/; classtype:trojan-activity;sid:84541916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.105.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678814/; classtype:trojan-activity;sid:84541914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678815/; classtype:trojan-activity;sid:84541915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.89.100.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678813/; classtype:trojan-activity;sid:84541913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678812)"; flow:established,from_client; content:"GET"; http_method; content:"/grhaos8n0g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q0rd.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678812/; classtype:trojan-activity;sid:84541912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678811)"; flow:established,from_client; content:"GET"; http_method; content:"/rj.check|3f|t=0o0oa3hi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5c.blyp-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678811/; classtype:trojan-activity;sid:84541911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678810)"; flow:established,from_client; content:"GET"; http_method; content:"/lyas9g2o36.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sx89.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678810/; classtype:trojan-activity;sid:84541910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678809)"; flow:established,from_client; content:"GET"; http_method; content:"/kn.google|3f|t=olv66fi7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"auf.blyp-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678809/; classtype:trojan-activity;sid:84541909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.212.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678808/; classtype:trojan-activity;sid:84541908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.190.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678807/; classtype:trojan-activity;sid:84541907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.71.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678806/; classtype:trojan-activity;sid:84541906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.233.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678805/; classtype:trojan-activity;sid:84541905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678804)"; flow:established,from_client; content:"GET"; http_method; content:"/gqu4zj3wpz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sx89.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678804/; classtype:trojan-activity;sid:84541904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678803)"; flow:established,from_client; content:"GET"; http_method; content:"/o1j.check|3f|t=9vbuhznn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r2.blyp-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678803/; classtype:trojan-activity;sid:84541903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.105.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678802/; classtype:trojan-activity;sid:84541902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.103.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678800/; classtype:trojan-activity;sid:84541900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.165.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678801/; classtype:trojan-activity;sid:84541901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678798)"; flow:established,from_client; content:"GET"; http_method; content:"/yy4t47btmi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f4zi.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678798/; classtype:trojan-activity;sid:84541898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678799)"; flow:established,from_client; content:"GET"; http_method; content:"/323.google|3f|t=fhgx5z76"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"77.blyp-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678799/; classtype:trojan-activity;sid:84541899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.11.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678797/; classtype:trojan-activity;sid:84541897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678796)"; flow:established,from_client; content:"GET"; http_method; content:"/3o.google|3f|t=9thstelu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n0.blyp-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678796/; classtype:trojan-activity;sid:84541896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678795)"; flow:established,from_client; content:"GET"; http_method; content:"/vltldvcgfh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f4zi.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678795/; classtype:trojan-activity;sid:84541895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.113.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678794/; classtype:trojan-activity;sid:84541894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.71.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678793/; classtype:trojan-activity;sid:84541893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.142.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678792/; classtype:trojan-activity;sid:84541892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678791)"; flow:established,from_client; content:"GET"; http_method; content:"/uml.google|3f|t=q2zvet7v"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ar.qcet-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678791/; classtype:trojan-activity;sid:84541891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678790)"; flow:established,from_client; content:"GET"; http_method; content:"/x23ztlbfws.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f4zi.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678790/; classtype:trojan-activity;sid:84541890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.190.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678789/; classtype:trojan-activity;sid:84541889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.123.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678788/; classtype:trojan-activity;sid:84541888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678787)"; flow:established,from_client; content:"GET"; http_method; content:"//nueva%20carpeta/copi.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversapps1.duckdns.org"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678787/; classtype:trojan-activity;sid:84541887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.103.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678786/; classtype:trojan-activity;sid:84541886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678785)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251014233438.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pocopa.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678785/; classtype:trojan-activity;sid:84541885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.133.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678784/; classtype:trojan-activity;sid:84541884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678783)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yhwsqjei2id6ww84jrp3wcmfmd2hvfez"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678783/; classtype:trojan-activity;sid:84541883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678782)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e6ze23kgnkuuaj-hthctniofiybwqif5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678782/; classtype:trojan-activity;sid:84541882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678780)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yo35loqeydx_i3n6x5iuc78jmk-w_lqw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678780/; classtype:trojan-activity;sid:84541880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678781)"; flow:established,from_client; content:"GET"; http_method; content:"/w2jrad.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678781/; classtype:trojan-activity;sid:84541881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678779)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mf37rv-cqqqsd8nopqjr6mylick3pkxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678779/; classtype:trojan-activity;sid:84541879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678778)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1a2y9d5blasttv24wkrvluoy5blmjlajd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678778/; classtype:trojan-activity;sid:84541878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678777)"; flow:established,from_client; content:"GET"; http_method; content:"/cr23rw6i06.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w12r.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678777/; classtype:trojan-activity;sid:84541877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678776)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ed5x5vivfettgc6cughewrts4vtbqx78"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678776/; classtype:trojan-activity;sid:84541876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678775)"; flow:established,from_client; content:"GET"; http_method; content:"/8l.google|3f|t=qp8zywvr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"av.qcet-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678775/; classtype:trojan-activity;sid:84541875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678774)"; flow:established,from_client; content:"GET"; http_method; content:"/hsr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spinmaha.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678774/; classtype:trojan-activity;sid:84541874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.106.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678773/; classtype:trojan-activity;sid:84541873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678772)"; flow:established,from_client; content:"GET"; http_method; content:"/qcxordxffc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w12r.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678772/; classtype:trojan-activity;sid:84541872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678771)"; flow:established,from_client; content:"GET"; http_method; content:"/67.google|3f|t=c2m2lx1i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tx8.qcet-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678771/; classtype:trojan-activity;sid:84541871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.123.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678770/; classtype:trojan-activity;sid:84541870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.11.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678769/; classtype:trojan-activity;sid:84541869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678768)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7726345600/efyqqdt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678768/; classtype:trojan-activity;sid:84541868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678766)"; flow:established,from_client; content:"GET"; http_method; content:"/vw.google|3f|t=tt3zzv08"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bgu.qcet-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678766/; classtype:trojan-activity;sid:84541866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678767)"; flow:established,from_client; content:"GET"; http_method; content:"/a0q05xnhl5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9ux.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678767/; classtype:trojan-activity;sid:84541867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.109.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678765/; classtype:trojan-activity;sid:84541865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678764/; classtype:trojan-activity;sid:84541864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.143.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678763/; classtype:trojan-activity;sid:84541863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.116.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678762/; classtype:trojan-activity;sid:84541862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678761)"; flow:established,from_client; content:"GET"; http_method; content:"/a3o46wfuen.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9ux.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678761/; classtype:trojan-activity;sid:84541861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678760)"; flow:established,from_client; content:"GET"; http_method; content:"/t3.check|3f|t=aommvaqa"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pd.qcet-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678760/; classtype:trojan-activity;sid:84541860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.236.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678759/; classtype:trojan-activity;sid:84541859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.140.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678758/; classtype:trojan-activity;sid:84541858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678757)"; flow:established,from_client; content:"GET"; http_method; content:"/87.google|3f|t=a6r9y107"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hv.qcet-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678757/; classtype:trojan-activity;sid:84541857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678756)"; flow:established,from_client; content:"GET"; http_method; content:"/duxizjl4l4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m3qh.jobt9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678756/; classtype:trojan-activity;sid:84541856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678755/; classtype:trojan-activity;sid:84541855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.189.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678754/; classtype:trojan-activity;sid:84541854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.124.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678753/; classtype:trojan-activity;sid:84541853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.76.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678752/; classtype:trojan-activity;sid:84541852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678751)"; flow:established,from_client; content:"GET"; http_method; content:"/9304favkdq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t5vq.qihs8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678751/; classtype:trojan-activity;sid:84541851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678750)"; flow:established,from_client; content:"GET"; http_method; content:"/kk0.google|3f|t=dvnzmt5i"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"t9f.qcet-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678750/; classtype:trojan-activity;sid:84541850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678749/; classtype:trojan-activity;sid:84541849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.236.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678748/; classtype:trojan-activity;sid:84541848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678747)"; flow:established,from_client; content:"GET"; http_method; content:"/p2lg5liqdt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d7qz.qihs8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678747/; classtype:trojan-activity;sid:84541847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678746)"; flow:established,from_client; content:"GET"; http_method; content:"/o9.google|3f|t=ky691nv7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pau.ckyq-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678746/; classtype:trojan-activity;sid:84541846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678745/; classtype:trojan-activity;sid:84541845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678744)"; flow:established,from_client; content:"GET"; http_method; content:"/wroravkier.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y1me.qihs8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678744/; classtype:trojan-activity;sid:84541844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678743)"; flow:established,from_client; content:"GET"; http_method; content:"/77.google|3f|t=b3cryxot"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nr1.ckyq-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678743/; classtype:trojan-activity;sid:84541843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678742)"; flow:established,from_client; content:"GET"; http_method; content:"/782z5u9rrw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rb56.qihs8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678742/; classtype:trojan-activity;sid:84541842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678741)"; flow:established,from_client; content:"GET"; http_method; content:"/av.google|3f|t=v7g0vi12"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lx6.ckyq-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678741/; classtype:trojan-activity;sid:84541841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.153.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678740/; classtype:trojan-activity;sid:84541840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678738)"; flow:established,from_client; content:"GET"; http_method; content:"/z4a.check|3f|t=rwbnp98g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rq8.ckyq-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678738/; classtype:trojan-activity;sid:84541838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678739)"; flow:established,from_client; content:"GET"; http_method; content:"/dytd7ycqs9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rb56.qihs8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678739/; classtype:trojan-activity;sid:84541839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.244.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678737/; classtype:trojan-activity;sid:84541837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.115.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678736/; classtype:trojan-activity;sid:84541836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.169.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678735/; classtype:trojan-activity;sid:84541835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678734)"; flow:established,from_client; content:"GET"; http_method; content:"/ys477n2h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"428.ckyq-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678734/; classtype:trojan-activity;sid:84541834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678733)"; flow:established,from_client; content:"GET"; http_method; content:"/tgt.check|3f|t=orrwqny7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"428.ckyq-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678733/; classtype:trojan-activity;sid:84541833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678732)"; flow:established,from_client; content:"GET"; http_method; content:"/l1t73wh3ia.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n8yt.qihs8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678732/; classtype:trojan-activity;sid:84541832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678731)"; flow:established,from_client; content:"GET"; http_method; content:"/6c.google|3f|t=8f1s1x70"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oo.ckyq-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678731/; classtype:trojan-activity;sid:84541831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678730)"; flow:established,from_client; content:"GET"; http_method; content:"/5986wvpw06.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g6tc.qihs8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678730/; classtype:trojan-activity;sid:84541830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678729)"; flow:established,from_client; content:"GET"; http_method; content:"/ouz.check|3f|t=1d78yvl3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kt.ckyq-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678729/; classtype:trojan-activity;sid:84541829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.85.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678728/; classtype:trojan-activity;sid:84541828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.127.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678727/; classtype:trojan-activity;sid:84541827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.98.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678726/; classtype:trojan-activity;sid:84541826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678725)"; flow:established,from_client; content:"GET"; http_method; content:"/h10s7dkqkb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g6tc.qihs8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678725/; classtype:trojan-activity;sid:84541825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678724)"; flow:established,from_client; content:"GET"; http_method; content:"/qh.check|3f|t=lbt7c8bv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"7l.ckar-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678724/; classtype:trojan-activity;sid:84541824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.196.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678723/; classtype:trojan-activity;sid:84541823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.244.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678722/; classtype:trojan-activity;sid:84541822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678721)"; flow:established,from_client; content:"GET"; http_method; content:"/8m.google|3f|t=uw3mq792"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"65y.ckar-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678721/; classtype:trojan-activity;sid:84541821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678720)"; flow:established,from_client; content:"GET"; http_method; content:"/dr56938iti.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n8yt.qihs8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678720/; classtype:trojan-activity;sid:84541820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.55.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678719/; classtype:trojan-activity;sid:84541819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678718)"; flow:established,from_client; content:"GET"; http_method; content:"/fdfb1bb517924e3280910056f13f2629_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678718/; classtype:trojan-activity;sid:84541818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678717)"; flow:established,from_client; content:"GET"; http_method; content:"/89dcdc5df83e4ee08674c83883f1d3fa_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678717/; classtype:trojan-activity;sid:84541817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678715)"; flow:established,from_client; content:"GET"; http_method; content:"/0677e1ddb1c848e3b2f078667cbba480_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678715/; classtype:trojan-activity;sid:84541815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678716)"; flow:established,from_client; content:"GET"; http_method; content:"/fa92389652d6433c91f2f6d072b9b8b0_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678716/; classtype:trojan-activity;sid:84541816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678714)"; flow:established,from_client; content:"GET"; http_method; content:"/5dd7127baf2b462bb09bcf362324695e_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678714/; classtype:trojan-activity;sid:84541814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678712)"; flow:established,from_client; content:"GET"; http_method; content:"/f65977f1753048c39a353d8df4590507_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678712/; classtype:trojan-activity;sid:84541812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678713)"; flow:established,from_client; content:"GET"; http_method; content:"/msnnsgbzjdd"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678713/; classtype:trojan-activity;sid:84541813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678708)"; flow:established,from_client; content:"GET"; http_method; content:"/11db870e78ae401d83af0ba258ac0f2c_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678708/; classtype:trojan-activity;sid:84541808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678709)"; flow:established,from_client; content:"GET"; http_method; content:"/57f86ddefbaf4f54b4b4df98a68cb759_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678709/; classtype:trojan-activity;sid:84541809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678710)"; flow:established,from_client; content:"GET"; http_method; content:"/de638fe6affb4b4bab8dc26273c6c083_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678710/; classtype:trojan-activity;sid:84541810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678711)"; flow:established,from_client; content:"GET"; http_method; content:"/82e8b327fe5541c28dd9608c85e676da_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678711/; classtype:trojan-activity;sid:84541811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678707)"; flow:established,from_client; content:"GET"; http_method; content:"/5i7azwwk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"65y.ckar-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678707/; classtype:trojan-activity;sid:84541807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.85.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678706/; classtype:trojan-activity;sid:84541806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.59.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678705/; classtype:trojan-activity;sid:84541805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678704)"; flow:established,from_client; content:"GET"; http_method; content:"/windrivesys.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.67.138.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678704/; classtype:trojan-activity;sid:84541804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678703)"; flow:established,from_client; content:"GET"; http_method; content:"/wsqlxghg.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.67.138.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678703/; classtype:trojan-activity;sid:84541803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678701)"; flow:established,from_client; content:"GET"; http_method; content:"/ikarus.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.175.234.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678701/; classtype:trojan-activity;sid:84541801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.55.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678702/; classtype:trojan-activity;sid:84541802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678700)"; flow:established,from_client; content:"GET"; http_method; content:"/j4.check|3f|t=kxintb27"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mje.ckar-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678700/; classtype:trojan-activity;sid:84541800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678699)"; flow:established,from_client; content:"GET"; http_method; content:"/h9y5xokvrk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n8yt.qihs8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678699/; classtype:trojan-activity;sid:84541799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.196.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678698/; classtype:trojan-activity;sid:84541798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.98.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678697/; classtype:trojan-activity;sid:84541797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678696)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/mofhl1n.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678696/; classtype:trojan-activity;sid:84541796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.110.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678695/; classtype:trojan-activity;sid:84541795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678693)"; flow:established,from_client; content:"GET"; http_method; content:"/bs.check|3f|t=ieaii9n7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"fs.ckar-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678693/; classtype:trojan-activity;sid:84541793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678694)"; flow:established,from_client; content:"GET"; http_method; content:"/p04xku7dcq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c3fs.vorn5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678694/; classtype:trojan-activity;sid:84541794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678692)"; flow:established,from_client; content:"GET"; http_method; content:"/g6y.check|3f|t=m0iy4pz5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"njv.ckar-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678692/; classtype:trojan-activity;sid:84541792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678691)"; flow:established,from_client; content:"GET"; http_method; content:"/1ygkqcl7jk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c3fs.vorn5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678691/; classtype:trojan-activity;sid:84541791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.223.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678690/; classtype:trojan-activity;sid:84541790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.165.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678689/; classtype:trojan-activity;sid:84541789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.59.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678688/; classtype:trojan-activity;sid:84541788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.12.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678687/; classtype:trojan-activity;sid:84541787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678686)"; flow:established,from_client; content:"GET"; http_method; content:"/4hw4nx2v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"08.ckar-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678686/; classtype:trojan-activity;sid:84541786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678685)"; flow:established,from_client; content:"GET"; http_method; content:"/tjd8o89k1d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zz1c.vorn5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678685/; classtype:trojan-activity;sid:84541785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678684)"; flow:established,from_client; content:"GET"; http_method; content:"/ypl.check|3f|t=gojg3wu4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"08.ckar-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678684/; classtype:trojan-activity;sid:84541784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.223.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678683/; classtype:trojan-activity;sid:84541783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.110.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678682/; classtype:trojan-activity;sid:84541782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678680)"; flow:established,from_client; content:"GET"; http_method; content:"/yix.google|3f|t=ba9mak5a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"v8.ckar-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678680/; classtype:trojan-activity;sid:84541780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678681)"; flow:established,from_client; content:"GET"; http_method; content:"/eej50ih2rm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ax75.vorn5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678681/; classtype:trojan-activity;sid:84541781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.12.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678679/; classtype:trojan-activity;sid:84541779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678678/; classtype:trojan-activity;sid:84541778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678677)"; flow:established,from_client; content:"GET"; http_method; content:"/c01phkri"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"g1s.obvp-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678677/; classtype:trojan-activity;sid:84541777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.121.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678676/; classtype:trojan-activity;sid:84541776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678675)"; flow:established,from_client; content:"GET"; http_method; content:"/n4.google|3f|t=z844zcl4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g1s.obvp-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678675/; classtype:trojan-activity;sid:84541775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678674)"; flow:established,from_client; content:"GET"; http_method; content:"/fvmvfzx6yv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p0qh.vorn5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678674/; classtype:trojan-activity;sid:84541774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.58.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678673/; classtype:trojan-activity;sid:84541773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678672)"; flow:established,from_client; content:"GET"; http_method; content:"/g5.google|3f|t=988mfnkf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gi.obvp-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678672/; classtype:trojan-activity;sid:84541772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678671/; classtype:trojan-activity;sid:84541771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.44.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678670/; classtype:trojan-activity;sid:84541770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.199.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678669/; classtype:trojan-activity;sid:84541769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678668)"; flow:established,from_client; content:"GET"; http_method; content:"/vpude4k6zg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p0qh.vorn5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678668/; classtype:trojan-activity;sid:84541768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.89.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678667/; classtype:trojan-activity;sid:84541767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.121.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678666/; classtype:trojan-activity;sid:84541766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.47.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678665/; classtype:trojan-activity;sid:84541765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.242.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678663/; classtype:trojan-activity;sid:84541763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.58.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678664/; classtype:trojan-activity;sid:84541764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.70.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678662/; classtype:trojan-activity;sid:84541762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678661/; classtype:trojan-activity;sid:84541761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.8.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678659/; classtype:trojan-activity;sid:84541759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.113.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678660/; classtype:trojan-activity;sid:84541760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.193.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678658/; classtype:trojan-activity;sid:84541758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.70.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678657/; classtype:trojan-activity;sid:84541757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.9.235"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678656/; classtype:trojan-activity;sid:84541756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.83.163.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678655/; classtype:trojan-activity;sid:84541755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.8.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678654/; classtype:trojan-activity;sid:84541754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.51.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678653/; classtype:trojan-activity;sid:84541753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678652)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678652/; classtype:trojan-activity;sid:84541752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678648)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678648/; classtype:trojan-activity;sid:84541748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678649)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678649/; classtype:trojan-activity;sid:84541749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678650)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678650/; classtype:trojan-activity;sid:84541750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678651)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678651/; classtype:trojan-activity;sid:84541751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678642)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678642/; classtype:trojan-activity;sid:84541742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678643)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678643/; classtype:trojan-activity;sid:84541743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678644)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678644/; classtype:trojan-activity;sid:84541744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678645)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5n"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678645/; classtype:trojan-activity;sid:84541745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678646)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678646/; classtype:trojan-activity;sid:84541746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678647)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"financeiro1412.melhorescoisa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678647/; classtype:trojan-activity;sid:84541747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.243.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678641/; classtype:trojan-activity;sid:84541741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678636)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.60.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678636/; classtype:trojan-activity;sid:84541736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678637)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.60.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678637/; classtype:trojan-activity;sid:84541737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678638)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.60.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678638/; classtype:trojan-activity;sid:84541738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678639)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678639/; classtype:trojan-activity;sid:84541739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678640)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678640/; classtype:trojan-activity;sid:84541740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678633)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.60.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678633/; classtype:trojan-activity;sid:84541733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678634)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678634/; classtype:trojan-activity;sid:84541734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678635)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678635/; classtype:trojan-activity;sid:84541735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678631)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678631/; classtype:trojan-activity;sid:84541731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678632)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.107.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678632/; classtype:trojan-activity;sid:84541732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.114.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678630/; classtype:trojan-activity;sid:84541730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678629/; classtype:trojan-activity;sid:84541729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.211.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678627/; classtype:trojan-activity;sid:84541727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.99.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678628/; classtype:trojan-activity;sid:84541728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678625/; classtype:trojan-activity;sid:84541725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678626/; classtype:trojan-activity;sid:84541726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.99.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678624/; classtype:trojan-activity;sid:84541724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.243.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678623/; classtype:trojan-activity;sid:84541723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678622)"; flow:established,from_client; content:"GET"; http_method; content:"/9fjmym.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678622/; classtype:trojan-activity;sid:84541722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.114.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678621/; classtype:trojan-activity;sid:84541721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.18.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678619/; classtype:trojan-activity;sid:84541719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678620/; classtype:trojan-activity;sid:84541720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678618)"; flow:established,from_client; content:"GET"; http_method; content:"/30/items/msi-pro-with-b-64_20251013/msi_pro_with_b64.png"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ia902807.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678618/; classtype:trojan-activity;sid:84541718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678617)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251014022045.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"wmxncbzx.lovestoblog.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678617/; classtype:trojan-activity;sid:84541717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678616)"; flow:established,from_client; content:"GET"; http_method; content:"/26/items/msi-pro-with-b-64_20251012/msi_pro_with_b64.png"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ia601002.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678616/; classtype:trojan-activity;sid:84541716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678615)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rb_leqxqejufsro6g0ffs3z__jin3ep6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678615/; classtype:trojan-activity;sid:84541715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678613)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15kfgzpohuez5fnrnecpnuzz3hob_qtqd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678613/; classtype:trojan-activity;sid:84541713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678614)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ngcoimnlbqdi-rdlvdsok3doelszt8ui"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678614/; classtype:trojan-activity;sid:84541714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678612)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251014015945.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"wmxncbzx.lovestoblog.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678612/; classtype:trojan-activity;sid:84541712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678609)"; flow:established,from_client; content:"GET"; http_method; content:"/1012.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pub-3df3bd0a00214b4f9102f645511ab7ad.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678609/; classtype:trojan-activity;sid:84541709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678610)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14bsskku6ni8bg299j53szcowy91t7rhs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678610/; classtype:trojan-activity;sid:84541710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678611)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251012232701.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pocopa.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678611/; classtype:trojan-activity;sid:84541711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678608/; classtype:trojan-activity;sid:84541708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678607/; classtype:trojan-activity;sid:84541707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678606)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678606/; classtype:trojan-activity;sid:84541706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.160.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678604/; classtype:trojan-activity;sid:84541704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678605/; classtype:trojan-activity;sid:84541705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678602)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678602/; classtype:trojan-activity;sid:84541702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678603)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678603/; classtype:trojan-activity;sid:84541703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678600)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678600/; classtype:trojan-activity;sid:84541700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678601)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678601/; classtype:trojan-activity;sid:84541701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678595)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678595/; classtype:trojan-activity;sid:84541695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678596)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678596/; classtype:trojan-activity;sid:84541696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678597)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678597/; classtype:trojan-activity;sid:84541697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678598/; classtype:trojan-activity;sid:84541698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678599/; classtype:trojan-activity;sid:84541699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678591)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678591/; classtype:trojan-activity;sid:84541691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678592)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678592/; classtype:trojan-activity;sid:84541692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678593)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678593/; classtype:trojan-activity;sid:84541693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678594)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"seal.bravoteam6.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678594/; classtype:trojan-activity;sid:84541694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.68.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678590/; classtype:trojan-activity;sid:84541690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678588/; classtype:trojan-activity;sid:84541688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.10.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678589/; classtype:trojan-activity;sid:84541689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.242.210.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678587/; classtype:trojan-activity;sid:84541687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.47.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678586/; classtype:trojan-activity;sid:84541686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678585/; classtype:trojan-activity;sid:84541685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.242.210.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678584/; classtype:trojan-activity;sid:84541684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.10.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678583/; classtype:trojan-activity;sid:84541683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.24.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678582/; classtype:trojan-activity;sid:84541682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.99.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678581/; classtype:trojan-activity;sid:84541681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.80.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678580/; classtype:trojan-activity;sid:84541680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.229.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678579/; classtype:trojan-activity;sid:84541679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.63.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678578/; classtype:trojan-activity;sid:84541678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678576)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678576/; classtype:trojan-activity;sid:84541676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678577)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sparc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678577/; classtype:trojan-activity;sid:84541677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.24.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678575/; classtype:trojan-activity;sid:84541675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678574)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.zejak"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678574/; classtype:trojan-activity;sid:84541674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.153.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678573/; classtype:trojan-activity;sid:84541673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678564)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.zejak"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678564/; classtype:trojan-activity;sid:84541664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678565)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.zejak"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678565/; classtype:trojan-activity;sid:84541665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678566)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.zejak"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678566/; classtype:trojan-activity;sid:84541666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678567)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.zejak"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678567/; classtype:trojan-activity;sid:84541667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678568)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.zejak"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678568/; classtype:trojan-activity;sid:84541668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678569)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.zejak"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678569/; classtype:trojan-activity;sid:84541669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678570)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.zejak"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678570/; classtype:trojan-activity;sid:84541670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678571)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.zejak"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678571/; classtype:trojan-activity;sid:84541671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678572)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.zejak"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678572/; classtype:trojan-activity;sid:84541672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678563)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.zejak"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678563/; classtype:trojan-activity;sid:84541663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678562)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.zejak"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678562/; classtype:trojan-activity;sid:84541662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678561)"; flow:established,from_client; content:"GET"; http_method; content:"/n/armv5l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678561/; classtype:trojan-activity;sid:84541661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678559)"; flow:established,from_client; content:"GET"; http_method; content:"/n/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678559/; classtype:trojan-activity;sid:84541659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678560)"; flow:established,from_client; content:"GET"; http_method; content:"/n/armv7l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678560/; classtype:trojan-activity;sid:84541660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678557)"; flow:established,from_client; content:"GET"; http_method; content:"/kk/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678557/; classtype:trojan-activity;sid:84541657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678558)"; flow:established,from_client; content:"GET"; http_method; content:"/n/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678558/; classtype:trojan-activity;sid:84541658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678555)"; flow:established,from_client; content:"GET"; http_method; content:"/kk/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678555/; classtype:trojan-activity;sid:84541655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678556)"; flow:established,from_client; content:"GET"; http_method; content:"/kk/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678556/; classtype:trojan-activity;sid:84541656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i468"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678554/; classtype:trojan-activity;sid:84541654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678550)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678550/; classtype:trojan-activity;sid:84541650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678551)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678551/; classtype:trojan-activity;sid:84541651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678552)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678552/; classtype:trojan-activity;sid:84541652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678553)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678553/; classtype:trojan-activity;sid:84541653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678549)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.i468"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678549/; classtype:trojan-activity;sid:84541649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678543)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678543/; classtype:trojan-activity;sid:84541643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678544)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678544/; classtype:trojan-activity;sid:84541644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678545)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678545/; classtype:trojan-activity;sid:84541645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678546)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sparc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678546/; classtype:trojan-activity;sid:84541646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678547)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678547/; classtype:trojan-activity;sid:84541647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678548/; classtype:trojan-activity;sid:84541648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678539)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678539/; classtype:trojan-activity;sid:84541639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678540)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678540/; classtype:trojan-activity;sid:84541640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678541)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678541/; classtype:trojan-activity;sid:84541641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678542)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678542/; classtype:trojan-activity;sid:84541642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc440fp"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678538/; classtype:trojan-activity;sid:84541638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.89.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678537/; classtype:trojan-activity;sid:84541637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.75.245.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678536/; classtype:trojan-activity;sid:84541636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.182.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678535/; classtype:trojan-activity;sid:84541635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.80.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678534/; classtype:trojan-activity;sid:84541634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678533)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678533/; classtype:trojan-activity;sid:84541633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678532)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678532/; classtype:trojan-activity;sid:84541632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678521)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678521/; classtype:trojan-activity;sid:84541621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678522)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678522/; classtype:trojan-activity;sid:84541622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678523)"; flow:established,from_client; content:"GET"; http_method; content:"/mass"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678523/; classtype:trojan-activity;sid:84541623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678524)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678524/; classtype:trojan-activity;sid:84541624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678525)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678525/; classtype:trojan-activity;sid:84541625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678526)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678526/; classtype:trojan-activity;sid:84541626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678527)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678527/; classtype:trojan-activity;sid:84541627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678528)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678528/; classtype:trojan-activity;sid:84541628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678529)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678529/; classtype:trojan-activity;sid:84541629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678530)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678530/; classtype:trojan-activity;sid:84541630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678531)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678531/; classtype:trojan-activity;sid:84541631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678519)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1760829628/rwfyn3j.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678519/; classtype:trojan-activity;sid:84541619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678520)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7726345600/mrfjy3w.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678520/; classtype:trojan-activity;sid:84541620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678516)"; flow:established,from_client; content:"GET"; http_method; content:"/mode/build.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lordavatar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678516/; classtype:trojan-activity;sid:84541616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678517)"; flow:established,from_client; content:"GET"; http_method; content:"/mode/soulfulness.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lordavatar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678517/; classtype:trojan-activity;sid:84541617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678518)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678518/; classtype:trojan-activity;sid:84541618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678515)"; flow:established,from_client; content:"GET"; http_method; content:"/socvxfejcj68ecxxbau2uw9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"io.comecola.digital"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678515/; classtype:trojan-activity;sid:84541615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678514)"; flow:established,from_client; content:"GET"; http_method; content:"/cla3x3xc76mr9wmigdvbcy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"io.comecola.digital"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678514/; classtype:trojan-activity;sid:84541614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678513)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678513/; classtype:trojan-activity;sid:84541613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678512)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678512/; classtype:trojan-activity;sid:84541612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678509)"; flow:established,from_client; content:"GET"; http_method; content:"/n!lvzxk8/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ux.hioweawou.com.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678509/; classtype:trojan-activity;sid:84541609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678511)"; flow:established,from_client; content:"GET"; http_method; content:"/libs.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.120.165.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678511/; classtype:trojan-activity;sid:84541611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678507)"; flow:established,from_client; content:"GET"; http_method; content:"/files/844803431/o3a8k8x.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678507/; classtype:trojan-activity;sid:84541607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678508)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/mauwsqh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678508/; classtype:trojan-activity;sid:84541608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.63.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678506/; classtype:trojan-activity;sid:84541606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.144.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678505/; classtype:trojan-activity;sid:84541605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.68.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678504/; classtype:trojan-activity;sid:84541604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.91.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678503/; classtype:trojan-activity;sid:84541603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.144.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678502/; classtype:trojan-activity;sid:84541602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.104.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678501/; classtype:trojan-activity;sid:84541601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.157.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678500/; classtype:trojan-activity;sid:84541600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.91.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678499/; classtype:trojan-activity;sid:84541599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.202.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678498/; classtype:trojan-activity;sid:84541598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.100.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678497/; classtype:trojan-activity;sid:84541597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.235.201.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678496/; classtype:trojan-activity;sid:84541596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.113.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678495/; classtype:trojan-activity;sid:84541595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.202.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678494/; classtype:trojan-activity;sid:84541594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.172.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678493/; classtype:trojan-activity;sid:84541593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.98.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678492/; classtype:trojan-activity;sid:84541592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.140.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678491/; classtype:trojan-activity;sid:84541591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.122.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678490/; classtype:trojan-activity;sid:84541590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.235.201.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678489/; classtype:trojan-activity;sid:84541589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678488)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7417834156/hn4junl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678488/; classtype:trojan-activity;sid:84541588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678487)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5983277008/90002ki.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678487/; classtype:trojan-activity;sid:84541587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678486)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1760829628/n2hlqrs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678486/; classtype:trojan-activity;sid:84541586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678485)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8031475696/loplotz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678485/; classtype:trojan-activity;sid:84541585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678484)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8085140108/a42ghrx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678484/; classtype:trojan-activity;sid:84541584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678483)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/19gd9cx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678483/; classtype:trojan-activity;sid:84541583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678482)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6394836594/d3k1lok.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678482/; classtype:trojan-activity;sid:84541582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678480)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7547858198/lwfttsu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678480/; classtype:trojan-activity;sid:84541580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678481)"; flow:established,from_client; content:"GET"; http_method; content:"/files/502259649/8omkid7.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678481/; classtype:trojan-activity;sid:84541581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.98.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678479/; classtype:trojan-activity;sid:84541579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.142.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678478/; classtype:trojan-activity;sid:84541578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.201.120.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678477/; classtype:trojan-activity;sid:84541577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.132.130.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678476/; classtype:trojan-activity;sid:84541576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.29.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678475/; classtype:trojan-activity;sid:84541575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.177.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678474/; classtype:trojan-activity;sid:84541574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678473)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678473/; classtype:trojan-activity;sid:84541573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678466)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678466/; classtype:trojan-activity;sid:84541566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678467)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678467/; classtype:trojan-activity;sid:84541567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678468)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678468/; classtype:trojan-activity;sid:84541568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678469)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678469/; classtype:trojan-activity;sid:84541569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678470)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678470/; classtype:trojan-activity;sid:84541570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678471)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678471/; classtype:trojan-activity;sid:84541571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678472)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678472/; classtype:trojan-activity;sid:84541572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678464)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678464/; classtype:trojan-activity;sid:84541564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678465)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678465/; classtype:trojan-activity;sid:84541565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678463)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678463/; classtype:trojan-activity;sid:84541563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.122.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678462/; classtype:trojan-activity;sid:84541562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678453)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678453/; classtype:trojan-activity;sid:84541553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678454)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678454/; classtype:trojan-activity;sid:84541554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678455)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678455/; classtype:trojan-activity;sid:84541555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678456)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678456/; classtype:trojan-activity;sid:84541556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678457)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678457/; classtype:trojan-activity;sid:84541557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678458)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678458/; classtype:trojan-activity;sid:84541558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678459)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678459/; classtype:trojan-activity;sid:84541559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678460)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678460/; classtype:trojan-activity;sid:84541560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.181.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678461/; classtype:trojan-activity;sid:84541561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678448)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678448/; classtype:trojan-activity;sid:84541548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678449)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678449/; classtype:trojan-activity;sid:84541549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678450)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678450/; classtype:trojan-activity;sid:84541550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678451)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678451/; classtype:trojan-activity;sid:84541551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678452)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.69.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678452/; classtype:trojan-activity;sid:84541552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678447)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678447/; classtype:trojan-activity;sid:84541547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678446)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678446/; classtype:trojan-activity;sid:84541546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678445)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.141.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678445/; classtype:trojan-activity;sid:84541545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.81.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678444/; classtype:trojan-activity;sid:84541544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.69.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678443/; classtype:trojan-activity;sid:84541543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.15.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678442/; classtype:trojan-activity;sid:84541542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.158.61.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678441/; classtype:trojan-activity;sid:84541541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.51.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678440/; classtype:trojan-activity;sid:84541540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.203.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678439/; classtype:trojan-activity;sid:84541539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.51.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678438/; classtype:trojan-activity;sid:84541538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.69.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678437/; classtype:trojan-activity;sid:84541537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678436)"; flow:established,from_client; content:"GET"; http_method; content:"/jmn1ky8u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"it.ibzr-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678436/; classtype:trojan-activity;sid:84541536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.238.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678435/; classtype:trojan-activity;sid:84541535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.199.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678434/; classtype:trojan-activity;sid:84541534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.203.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678433/; classtype:trojan-activity;sid:84541533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.191.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678432/; classtype:trojan-activity;sid:84541532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.1.101"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678431/; classtype:trojan-activity;sid:84541531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.62.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678430/; classtype:trojan-activity;sid:84541530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.169.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678429/; classtype:trojan-activity;sid:84541529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.222.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678428/; classtype:trojan-activity;sid:84541528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.120.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678427/; classtype:trojan-activity;sid:84541527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678426)"; flow:established,from_client; content:"GET"; http_method; content:"/ui.check|3f|t=a149gq21"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"it.ibzr-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678426/; classtype:trojan-activity;sid:84541526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678425)"; flow:established,from_client; content:"GET"; http_method; content:"/5jnavdxs7m.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h7lp.vorn5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678425/; classtype:trojan-activity;sid:84541525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.222.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678424/; classtype:trojan-activity;sid:84541524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.1.101"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678423/; classtype:trojan-activity;sid:84541523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.65.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678422/; classtype:trojan-activity;sid:84541522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.58.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678421/; classtype:trojan-activity;sid:84541521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.57.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678420/; classtype:trojan-activity;sid:84541520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.81.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678419/; classtype:trojan-activity;sid:84541519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.1.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678418/; classtype:trojan-activity;sid:84541518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.196.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678417/; classtype:trojan-activity;sid:84541517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.125.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678416/; classtype:trojan-activity;sid:84541516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.65.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678415/; classtype:trojan-activity;sid:84541515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678414/; classtype:trojan-activity;sid:84541514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.64.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678412/; classtype:trojan-activity;sid:84541512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.113.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678413/; classtype:trojan-activity;sid:84541513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.57.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678411/; classtype:trojan-activity;sid:84541511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.196.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678410/; classtype:trojan-activity;sid:84541510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.172.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678409/; classtype:trojan-activity;sid:84541509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678408)"; flow:established,from_client; content:"GET"; http_method; content:"/hd1uvuyd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pox.ibzr-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678408/; classtype:trojan-activity;sid:84541508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.9.235"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678407/; classtype:trojan-activity;sid:84541507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.102.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678406/; classtype:trojan-activity;sid:84541506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.191.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678405/; classtype:trojan-activity;sid:84541505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.1.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678404/; classtype:trojan-activity;sid:84541504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.209.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678403/; classtype:trojan-activity;sid:84541503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678402)"; flow:established,from_client; content:"GET"; http_method; content:"/bt1b7tllg6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vd3k.nowc8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678402/; classtype:trojan-activity;sid:84541502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678401)"; flow:established,from_client; content:"GET"; http_method; content:"/ak.check|3f|t=77ujimir"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"uhf.ibzr-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678401/; classtype:trojan-activity;sid:84541501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.96.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678400/; classtype:trojan-activity;sid:84541500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678399)"; flow:established,from_client; content:"GET"; http_method; content:"/mem28hn9r9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mt07.nowc8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678399/; classtype:trojan-activity;sid:84541499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678398)"; flow:established,from_client; content:"GET"; http_method; content:"/q5.google|3f|t=wg4lq7gb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6mm.ibzr-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678398/; classtype:trojan-activity;sid:84541498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.191.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678397/; classtype:trojan-activity;sid:84541497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.218.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678396/; classtype:trojan-activity;sid:84541496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678395/; classtype:trojan-activity;sid:84541495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678394)"; flow:established,from_client; content:"GET"; http_method; content:"/73.google|3f|t=xh0f7rbm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ppd.ithc-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678394/; classtype:trojan-activity;sid:84541494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678393)"; flow:established,from_client; content:"GET"; http_method; content:"/s2zxbv11lj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q9py.nowc8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678393/; classtype:trojan-activity;sid:84541493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678392)"; flow:established,from_client; content:"GET"; http_method; content:"/zxw.check|3f|t=w4w1i5is"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wp.ithc-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678392/; classtype:trojan-activity;sid:84541492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678391)"; flow:established,from_client; content:"GET"; http_method; content:"/3hb1wtxpo9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q9py.nowc8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678391/; classtype:trojan-activity;sid:84541491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678390)"; flow:established,from_client; content:"GET"; http_method; content:"/65hkqvmv45.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e2rx.nowc8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678390/; classtype:trojan-activity;sid:84541490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678389)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.check|3f|t=6ecj42x2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"3q6.ithc-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678389/; classtype:trojan-activity;sid:84541489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678388)"; flow:established,from_client; content:"GET"; http_method; content:"/i8y.google|3f|t=xpf0dl3b"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5v.ithc-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678388/; classtype:trojan-activity;sid:84541488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678387)"; flow:established,from_client; content:"GET"; http_method; content:"/uie4l9riyh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ka86.nowc8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678387/; classtype:trojan-activity;sid:84541487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.209.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678386/; classtype:trojan-activity;sid:84541486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678385)"; flow:established,from_client; content:"GET"; http_method; content:"/5je.google|3f|t=sqkzxuu7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"t5.ithc-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678385/; classtype:trojan-activity;sid:84541485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678384)"; flow:established,from_client; content:"GET"; http_method; content:"/fodmcltm94.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s1od.nowc8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678384/; classtype:trojan-activity;sid:84541484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.177.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678383/; classtype:trojan-activity;sid:84541483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.204.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678382/; classtype:trojan-activity;sid:84541482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678381)"; flow:established,from_client; content:"GET"; http_method; content:"/mclqd0yktd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jm5a.desj1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678381/; classtype:trojan-activity;sid:84541481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678380)"; flow:established,from_client; content:"GET"; http_method; content:"/t0m.check|3f|t=g2qsviqn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cmv.ithc-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678380/; classtype:trojan-activity;sid:84541480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.226.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678379/; classtype:trojan-activity;sid:84541479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678378)"; flow:established,from_client; content:"GET"; http_method; content:"/7o8.google|3f|t=elgf6vi8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ghc.ithc-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678378/; classtype:trojan-activity;sid:84541478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678377)"; flow:established,from_client; content:"GET"; http_method; content:"/0hunaf2q4f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jm5a.desj1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678377/; classtype:trojan-activity;sid:84541477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678376)"; flow:established,from_client; content:"GET"; http_method; content:"/s8ajqpfk3o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g0nq.desj1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678376/; classtype:trojan-activity;sid:84541476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678375)"; flow:established,from_client; content:"GET"; http_method; content:"/vk.google|3f|t=nnfaytqi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q2.ozxg-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678375/; classtype:trojan-activity;sid:84541475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.177.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678374/; classtype:trojan-activity;sid:84541474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.177.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678373/; classtype:trojan-activity;sid:84541473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678372)"; flow:established,from_client; content:"GET"; http_method; content:"/gq.google|3f|t=3cfd1txo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"l0.ozxg-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678372/; classtype:trojan-activity;sid:84541472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678371)"; flow:established,from_client; content:"GET"; http_method; content:"/h9vkyho9tf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2cx.desj1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678371/; classtype:trojan-activity;sid:84541471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678370)"; flow:established,from_client; content:"GET"; http_method; content:"/i3hq48jus3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2cx.desj1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678370/; classtype:trojan-activity;sid:84541470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678369)"; flow:established,from_client; content:"GET"; http_method; content:"/lin.check|3f|t=8lcuj9sp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nve.ozxg-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678369/; classtype:trojan-activity;sid:84541469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.73.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678368/; classtype:trojan-activity;sid:84541468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.104.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678367/; classtype:trojan-activity;sid:84541467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678366)"; flow:established,from_client; content:"GET"; http_method; content:"/f1enstvq4i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lt3d.desj1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678366/; classtype:trojan-activity;sid:84541466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678365)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.check|3f|t=yfris86p"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t80.ozxg-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678365/; classtype:trojan-activity;sid:84541465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678364)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678364/; classtype:trojan-activity;sid:84541464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678363)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678363/; classtype:trojan-activity;sid:84541463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678362)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678362/; classtype:trojan-activity;sid:84541462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678352)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678352/; classtype:trojan-activity;sid:84541452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678353)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678353/; classtype:trojan-activity;sid:84541453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678354)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678354/; classtype:trojan-activity;sid:84541454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678355)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678355/; classtype:trojan-activity;sid:84541455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678356)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678356/; classtype:trojan-activity;sid:84541456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678357)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678357/; classtype:trojan-activity;sid:84541457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678358)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678358/; classtype:trojan-activity;sid:84541458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678359)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678359/; classtype:trojan-activity;sid:84541459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678360)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678360/; classtype:trojan-activity;sid:84541460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678361)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678361/; classtype:trojan-activity;sid:84541461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678351)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.177.185.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678351/; classtype:trojan-activity;sid:84541451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678349)"; flow:established,from_client; content:"GET"; http_method; content:"/84d.google|3f|t=za0mln5b"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"4u.ozxg-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678349/; classtype:trojan-activity;sid:84541449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678350)"; flow:established,from_client; content:"GET"; http_method; content:"/k5t30qa3gy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lt3d.desj1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678350/; classtype:trojan-activity;sid:84541450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.149.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678348/; classtype:trojan-activity;sid:84541448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.73.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678347/; classtype:trojan-activity;sid:84541447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678345)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.222.97.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678345/; classtype:trojan-activity;sid:84541445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678346)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.222.97.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678346/; classtype:trojan-activity;sid:84541446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678340)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.222.97.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678340/; classtype:trojan-activity;sid:84541440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678341)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.222.97.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678341/; classtype:trojan-activity;sid:84541441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678342)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.222.97.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678342/; classtype:trojan-activity;sid:84541442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678343)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.222.97.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678343/; classtype:trojan-activity;sid:84541443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678344)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.222.97.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678344/; classtype:trojan-activity;sid:84541444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678338)"; flow:established,from_client; content:"GET"; http_method; content:"/7vs.check|3f|t=h0r32epm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2hu.ozxg-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678338/; classtype:trojan-activity;sid:84541438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678339)"; flow:established,from_client; content:"GET"; http_method; content:"/88ct4m8kw9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w9qm.desj1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678339/; classtype:trojan-activity;sid:84541439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.216.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678337/; classtype:trojan-activity;sid:84541437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678335)"; flow:established,from_client; content:"GET"; http_method; content:"/gsw.check|3f|t=c8fi3gm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vr.ozxg-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678335/; classtype:trojan-activity;sid:84541435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678336)"; flow:established,from_client; content:"GET"; http_method; content:"/rf4pxgv497.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f6ua.desj1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678336/; classtype:trojan-activity;sid:84541436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678334/; classtype:trojan-activity;sid:84541434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.104.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678333/; classtype:trojan-activity;sid:84541433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678332)"; flow:established,from_client; content:"GET"; http_method; content:"/6emas55vsl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f6ua.desj1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678332/; classtype:trojan-activity;sid:84541432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678331)"; flow:established,from_client; content:"GET"; http_method; content:"/pm.check|3f|t=qz38cm1r"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4i1.ussn-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678331/; classtype:trojan-activity;sid:84541431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.9.164.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678330/; classtype:trojan-activity;sid:84541430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678329)"; flow:established,from_client; content:"GET"; http_method; content:"/1omuky1v8ob2s9-u7kefmla39ddkrrfn0er7prgiek"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interactivejsworld.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678329/; classtype:trojan-activity;sid:84541429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678328)"; flow:established,from_client; content:"GET"; http_method; content:"/l4ohvt4ykkxsh9iz1mjah9mf2jnxlxiqvaht9cvsuey"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"javascripterhub.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678328/; classtype:trojan-activity;sid:84541428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.224.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678325/; classtype:trojan-activity;sid:84541425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.130.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678326/; classtype:trojan-activity;sid:84541426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.31.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678327/; classtype:trojan-activity;sid:84541427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.89.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678323/; classtype:trojan-activity;sid:84541423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678324)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.155.8.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678324/; classtype:trojan-activity;sid:84541424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.58.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678322/; classtype:trojan-activity;sid:84541422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.211.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678319/; classtype:trojan-activity;sid:84541419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.89.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678320/; classtype:trojan-activity;sid:84541420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678321/; classtype:trojan-activity;sid:84541421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678318)"; flow:established,from_client; content:"GET"; http_method; content:"/adv.min.js|3f|ver=nbcc6b3uy9yaud7m4qub"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"webdataspace.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678318/; classtype:trojan-activity;sid:84541418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678317/; classtype:trojan-activity;sid:84541417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.219.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678316/; classtype:trojan-activity;sid:84541416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.221.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678315/; classtype:trojan-activity;sid:84541415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678314)"; flow:established,from_client; content:"GET"; http_method; content:"/5quugx9jyh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y3ag.vukm9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678314/; classtype:trojan-activity;sid:84541414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678313)"; flow:established,from_client; content:"GET"; http_method; content:"/4o.google|3f|t=f569hix2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r5.ussn-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678313/; classtype:trojan-activity;sid:84541413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678312/; classtype:trojan-activity;sid:84541412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.138.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678311/; classtype:trojan-activity;sid:84541411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678310)"; flow:established,from_client; content:"GET"; http_method; content:"/c15lr9uu1m.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y3ag.vukm9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678310/; classtype:trojan-activity;sid:84541410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678309)"; flow:established,from_client; content:"GET"; http_method; content:"/v3.google|3f|t=3p3ozofm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kc.ussn-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678309/; classtype:trojan-activity;sid:84541409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678308/; classtype:trojan-activity;sid:84541408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678299)"; flow:established,from_client; content:"GET"; http_method; content:"/v/i686"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678299/; classtype:trojan-activity;sid:84541399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678300)"; flow:established,from_client; content:"GET"; http_method; content:"/v/armv4l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678300/; classtype:trojan-activity;sid:84541400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678301)"; flow:established,from_client; content:"GET"; http_method; content:"/t/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678301/; classtype:trojan-activity;sid:84541401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678302)"; flow:established,from_client; content:"GET"; http_method; content:"/v/armv5l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678302/; classtype:trojan-activity;sid:84541402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678303)"; flow:established,from_client; content:"GET"; http_method; content:"/v/armv7l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678303/; classtype:trojan-activity;sid:84541403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678304)"; flow:established,from_client; content:"GET"; http_method; content:"/v/mips64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678304/; classtype:trojan-activity;sid:84541404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678305)"; flow:established,from_client; content:"GET"; http_method; content:"/v/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678305/; classtype:trojan-activity;sid:84541405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678306)"; flow:established,from_client; content:"GET"; http_method; content:"/v/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678306/; classtype:trojan-activity;sid:84541406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678307)"; flow:established,from_client; content:"GET"; http_method; content:"/v/powerpc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678307/; classtype:trojan-activity;sid:84541407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678298)"; flow:established,from_client; content:"GET"; http_method; content:"/7zgm8x70"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yt6.ussn-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678298/; classtype:trojan-activity;sid:84541398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678297)"; flow:established,from_client; content:"GET"; http_method; content:"/narmv7l"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678297/; classtype:trojan-activity;sid:84541397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678282)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678282/; classtype:trojan-activity;sid:84541382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678283)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678283/; classtype:trojan-activity;sid:84541383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678284)"; flow:established,from_client; content:"GET"; http_method; content:"/lilin.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678284/; classtype:trojan-activity;sid:84541384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678285)"; flow:established,from_client; content:"GET"; http_method; content:"/t/armv5l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678285/; classtype:trojan-activity;sid:84541385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678286)"; flow:established,from_client; content:"GET"; http_method; content:"/t/powerpc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678286/; classtype:trojan-activity;sid:84541386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678287)"; flow:established,from_client; content:"GET"; http_method; content:"/t/i686"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678287/; classtype:trojan-activity;sid:84541387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678288)"; flow:established,from_client; content:"GET"; http_method; content:"/a/armv4l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678288/; classtype:trojan-activity;sid:84541388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678289)"; flow:established,from_client; content:"GET"; http_method; content:"/t/armv4l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678289/; classtype:trojan-activity;sid:84541389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678290)"; flow:established,from_client; content:"GET"; http_method; content:"/v/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678290/; classtype:trojan-activity;sid:84541390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678291)"; flow:established,from_client; content:"GET"; http_method; content:"/a/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678291/; classtype:trojan-activity;sid:84541391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678292)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678292/; classtype:trojan-activity;sid:84541392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678293)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mips64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678293/; classtype:trojan-activity;sid:84541393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678294)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678294/; classtype:trojan-activity;sid:84541394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678295)"; flow:established,from_client; content:"GET"; http_method; content:"/a/armv7l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678295/; classtype:trojan-activity;sid:84541395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678296)"; flow:established,from_client; content:"GET"; http_method; content:"/a/armv5l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678296/; classtype:trojan-activity;sid:84541396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678281)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678281/; classtype:trojan-activity;sid:84541381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678274)"; flow:established,from_client; content:"GET"; http_method; content:"/nmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678274/; classtype:trojan-activity;sid:84541374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678275)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678275/; classtype:trojan-activity;sid:84541375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678276)"; flow:established,from_client; content:"GET"; http_method; content:"/a/i686"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678276/; classtype:trojan-activity;sid:84541376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678277)"; flow:established,from_client; content:"GET"; http_method; content:"/t/armv7l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678277/; classtype:trojan-activity;sid:84541377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678278)"; flow:established,from_client; content:"GET"; http_method; content:"/a/powerpc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678278/; classtype:trojan-activity;sid:84541378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678279)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678279/; classtype:trojan-activity;sid:84541379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678280)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mips64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678280/; classtype:trojan-activity;sid:84541380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.166.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678273/; classtype:trojan-activity;sid:84541373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.218.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678272/; classtype:trojan-activity;sid:84541372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678271)"; flow:established,from_client; content:"GET"; http_method; content:"/kpf3i74qfr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zn5r.vukm9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678271/; classtype:trojan-activity;sid:84541371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678270)"; flow:established,from_client; content:"GET"; http_method; content:"/ve9.google|3f|t=v9yj5akq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"yt6.ussn-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678270/; classtype:trojan-activity;sid:84541370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.49.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678269/; classtype:trojan-activity;sid:84541369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.160.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678268/; classtype:trojan-activity;sid:84541368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678267)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678267/; classtype:trojan-activity;sid:84541367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678266)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.mpsl"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678266/; classtype:trojan-activity;sid:84541366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678265)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678265/; classtype:trojan-activity;sid:84541365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678264)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678264/; classtype:trojan-activity;sid:84541364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678263)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.arm64"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678263/; classtype:trojan-activity;sid:84541363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678261/; classtype:trojan-activity;sid:84541361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678262)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.ppc"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678262/; classtype:trojan-activity;sid:84541362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.73.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678260/; classtype:trojan-activity;sid:84541360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678259)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678259/; classtype:trojan-activity;sid:84541359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678256)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678256/; classtype:trojan-activity;sid:84541356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678257)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.mips"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678257/; classtype:trojan-activity;sid:84541357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678258)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.spc"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678258/; classtype:trojan-activity;sid:84541358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678232)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678232/; classtype:trojan-activity;sid:84541332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678233)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678233/; classtype:trojan-activity;sid:84541333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678234)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678234/; classtype:trojan-activity;sid:84541334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678235)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678235/; classtype:trojan-activity;sid:84541335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678236)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678236/; classtype:trojan-activity;sid:84541336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678237)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678237/; classtype:trojan-activity;sid:84541337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678238)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678238/; classtype:trojan-activity;sid:84541338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678239)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678239/; classtype:trojan-activity;sid:84541339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678240)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678240/; classtype:trojan-activity;sid:84541340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678241)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678241/; classtype:trojan-activity;sid:84541341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678242)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.244.111.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678242/; classtype:trojan-activity;sid:84541342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678243)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.arm7"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678243/; classtype:trojan-activity;sid:84541343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678244)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.x86_64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678244/; classtype:trojan-activity;sid:84541344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678245)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.arm5"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678245/; classtype:trojan-activity;sid:84541345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678246)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/debug"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678246/; classtype:trojan-activity;sid:84541346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678247)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.sh4"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678247/; classtype:trojan-activity;sid:84541347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678248)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.arm"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678248/; classtype:trojan-activity;sid:84541348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678249)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.i686"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678249/; classtype:trojan-activity;sid:84541349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678250)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.arm6"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678250/; classtype:trojan-activity;sid:84541350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678251)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678251/; classtype:trojan-activity;sid:84541351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678252)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.x86"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678252/; classtype:trojan-activity;sid:84541352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678253)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.m68k"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678253/; classtype:trojan-activity;sid:84541353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678254/; classtype:trojan-activity;sid:84541354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678255)"; flow:established,from_client; content:"GET"; http_method; content:"/executorloveyou/executor.arc"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.181.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678255/; classtype:trojan-activity;sid:84541355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678230)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678230/; classtype:trojan-activity;sid:84541330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678231)"; flow:established,from_client; content:"GET"; http_method; content:"/627svho6rd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p8kw.vukm9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678231/; classtype:trojan-activity;sid:84541331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678229)"; flow:established,from_client; content:"GET"; http_method; content:"/wv.google|3f|t=mi5r8e85"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fih.ussn-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678229/; classtype:trojan-activity;sid:84541329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678226)"; flow:established,from_client; content:"GET"; http_method; content:"/9kd.check|3f|t=z365x7cp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y0.ussn-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678226/; classtype:trojan-activity;sid:84541326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678227)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678227/; classtype:trojan-activity;sid:84541327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678228)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678228/; classtype:trojan-activity;sid:84541328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678213)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678213/; classtype:trojan-activity;sid:84541313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678214/; classtype:trojan-activity;sid:84541314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678215)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678215/; classtype:trojan-activity;sid:84541315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678216)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678216/; classtype:trojan-activity;sid:84541316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678217)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678217/; classtype:trojan-activity;sid:84541317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678218)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678218/; classtype:trojan-activity;sid:84541318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678219/; classtype:trojan-activity;sid:84541319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678220/; classtype:trojan-activity;sid:84541320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678221)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678221/; classtype:trojan-activity;sid:84541321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678222/; classtype:trojan-activity;sid:84541322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678223)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678223/; classtype:trojan-activity;sid:84541323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678224)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678224/; classtype:trojan-activity;sid:84541324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678225/; classtype:trojan-activity;sid:84541325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678208)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678208/; classtype:trojan-activity;sid:84541308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678209/; classtype:trojan-activity;sid:84541309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678210/; classtype:trojan-activity;sid:84541310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678211/; classtype:trojan-activity;sid:84541311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678212)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678212/; classtype:trojan-activity;sid:84541312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678204)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678204/; classtype:trojan-activity;sid:84541304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678205)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678205/; classtype:trojan-activity;sid:84541305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678206)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678206/; classtype:trojan-activity;sid:84541306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678207/; classtype:trojan-activity;sid:84541307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678197/; classtype:trojan-activity;sid:84541297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678198)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678198/; classtype:trojan-activity;sid:84541298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678199)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678199/; classtype:trojan-activity;sid:84541299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678200)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678200/; classtype:trojan-activity;sid:84541300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678201)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678201/; classtype:trojan-activity;sid:84541301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678202)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678202/; classtype:trojan-activity;sid:84541302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678203/; classtype:trojan-activity;sid:84541303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678193/; classtype:trojan-activity;sid:84541293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678194/; classtype:trojan-activity;sid:84541294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678195/; classtype:trojan-activity;sid:84541295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678196)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678196/; classtype:trojan-activity;sid:84541296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678190/; classtype:trojan-activity;sid:84541290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678191/; classtype:trojan-activity;sid:84541291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678192/; classtype:trojan-activity;sid:84541292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678188)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678188/; classtype:trojan-activity;sid:84541288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678189)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678189/; classtype:trojan-activity;sid:84541289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678177)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678177/; classtype:trojan-activity;sid:84541277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678178/; classtype:trojan-activity;sid:84541278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678179/; classtype:trojan-activity;sid:84541279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.210.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678180/; classtype:trojan-activity;sid:84541280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678181)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678181/; classtype:trojan-activity;sid:84541281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678182/; classtype:trojan-activity;sid:84541282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678183)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678183/; classtype:trojan-activity;sid:84541283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678184)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678184/; classtype:trojan-activity;sid:84541284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678185/; classtype:trojan-activity;sid:84541285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678186/; classtype:trojan-activity;sid:84541286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678187)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678187/; classtype:trojan-activity;sid:84541287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678176)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678176/; classtype:trojan-activity;sid:84541276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678175/; classtype:trojan-activity;sid:84541275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678167/; classtype:trojan-activity;sid:84541267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678168/; classtype:trojan-activity;sid:84541268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678169)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678169/; classtype:trojan-activity;sid:84541269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678170)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678170/; classtype:trojan-activity;sid:84541270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678171/; classtype:trojan-activity;sid:84541271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678172/; classtype:trojan-activity;sid:84541272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678173)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678173/; classtype:trojan-activity;sid:84541273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678174)"; flow:established,from_client; content:"GET"; http_method; content:"/2m4gk4k7h6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2vf.vukm9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678174/; classtype:trojan-activity;sid:84541274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.218.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678166/; classtype:trojan-activity;sid:84541266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678165)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678165/; classtype:trojan-activity;sid:84541265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678160)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678160/; classtype:trojan-activity;sid:84541260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678161)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678161/; classtype:trojan-activity;sid:84541261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678162)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678162/; classtype:trojan-activity;sid:84541262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678163)"; flow:established,from_client; content:"GET"; http_method; content:"/dls/des70"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678163/; classtype:trojan-activity;sid:84541263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678164)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678164/; classtype:trojan-activity;sid:84541264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678159)"; flow:established,from_client; content:"GET"; http_method; content:"/dls/cloud"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678159/; classtype:trojan-activity;sid:84541259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678158)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678158/; classtype:trojan-activity;sid:84541258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.166.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678157/; classtype:trojan-activity;sid:84541257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678149)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678149/; classtype:trojan-activity;sid:84541249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678150)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678150/; classtype:trojan-activity;sid:84541250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678151)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678151/; classtype:trojan-activity;sid:84541251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678152)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678152/; classtype:trojan-activity;sid:84541252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678153)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678153/; classtype:trojan-activity;sid:84541253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678154)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678154/; classtype:trojan-activity;sid:84541254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678155)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678155/; classtype:trojan-activity;sid:84541255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678156)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678156/; classtype:trojan-activity;sid:84541256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678145)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678145/; classtype:trojan-activity;sid:84541245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678146)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678146/; classtype:trojan-activity;sid:84541246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678147)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678147/; classtype:trojan-activity;sid:84541247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678148)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678148/; classtype:trojan-activity;sid:84541248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.24.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678144/; classtype:trojan-activity;sid:84541244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.49.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678143/; classtype:trojan-activity;sid:84541243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678142)"; flow:established,from_client; content:"GET"; http_method; content:"/6vf3r96cci.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq97.vukm9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678142/; classtype:trojan-activity;sid:84541242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678141)"; flow:established,from_client; content:"GET"; http_method; content:"/f4s.google|3f|t=kuzj2p0y"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49i.ussn-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678141/; classtype:trojan-activity;sid:84541241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.210.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678140/; classtype:trojan-activity;sid:84541240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678139)"; flow:established,from_client; content:"GET"; http_method; content:"/izilzu58va.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hd6p.vukm9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678139/; classtype:trojan-activity;sid:84541239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678138)"; flow:established,from_client; content:"GET"; http_method; content:"/tv.check|3f|t=x8j8wsh7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"8lo.ynmh-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678138/; classtype:trojan-activity;sid:84541238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.64.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678137/; classtype:trojan-activity;sid:84541237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678136)"; flow:established,from_client; content:"GET"; http_method; content:"/gfoxloq9ge.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hd6p.vukm9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678136/; classtype:trojan-activity;sid:84541236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678135)"; flow:established,from_client; content:"GET"; http_method; content:"/4y.google|3f|t=btsfehu2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dei.ynmh-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678135/; classtype:trojan-activity;sid:84541235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678134/; classtype:trojan-activity;sid:84541234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.41.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678133/; classtype:trojan-activity;sid:84541233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678132)"; flow:established,from_client; content:"GET"; http_method; content:"/ayitx3hjvo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q9ne.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678132/; classtype:trojan-activity;sid:84541232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678131)"; flow:established,from_client; content:"GET"; http_method; content:"/jg.google|3f|t=e8446d8i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kyf.ynmh-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678131/; classtype:trojan-activity;sid:84541231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.215.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678130/; classtype:trojan-activity;sid:84541230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.64.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678129/; classtype:trojan-activity;sid:84541229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678128)"; flow:established,from_client; content:"GET"; http_method; content:"/0cevuhqs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7r.ynmh-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678128/; classtype:trojan-activity;sid:84541228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678127)"; flow:established,from_client; content:"GET"; http_method; content:"/4wykinpetk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7uo.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678127/; classtype:trojan-activity;sid:84541227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678126)"; flow:established,from_client; content:"GET"; http_method; content:"/3a6.google|3f|t=p905wysy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7r.ynmh-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678126/; classtype:trojan-activity;sid:84541226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678125/; classtype:trojan-activity;sid:84541225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.223.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678124/; classtype:trojan-activity;sid:84541224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.193.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678123/; classtype:trojan-activity;sid:84541223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678122)"; flow:established,from_client; content:"GET"; http_method; content:"/0hs.check|3f|t=7fpjqujc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"814.ynmh-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678122/; classtype:trojan-activity;sid:84541222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678121)"; flow:established,from_client; content:"GET"; http_method; content:"/y6ntnehltu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7uo.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678121/; classtype:trojan-activity;sid:84541221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.75.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678120/; classtype:trojan-activity;sid:84541220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.145.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678119/; classtype:trojan-activity;sid:84541219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678118)"; flow:established,from_client; content:"GET"; http_method; content:"/s09sz00teq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7uo.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678118/; classtype:trojan-activity;sid:84541218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678117)"; flow:established,from_client; content:"GET"; http_method; content:"/ubi.google|3f|t=ha7mkf4o"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"36.ynmh-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678117/; classtype:trojan-activity;sid:84541217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.75.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678116/; classtype:trojan-activity;sid:84541216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678115)"; flow:established,from_client; content:"GET"; http_method; content:"/m3370v9rhq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y1bd.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678115/; classtype:trojan-activity;sid:84541215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678114)"; flow:established,from_client; content:"GET"; http_method; content:"/0vz.google|3f|t=si0ck4j9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"r58.ynmh-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678114/; classtype:trojan-activity;sid:84541214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.218.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678113/; classtype:trojan-activity;sid:84541213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.215.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678112/; classtype:trojan-activity;sid:84541212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678111)"; flow:established,from_client; content:"GET"; http_method; content:"/15tta6hssr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y1bd.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678111/; classtype:trojan-activity;sid:84541211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678110)"; flow:established,from_client; content:"GET"; http_method; content:"/wo.check|3f|t=0rv6h459"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"78y.ynbr-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678110/; classtype:trojan-activity;sid:84541210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.204.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678109/; classtype:trojan-activity;sid:84541209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.145.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678108/; classtype:trojan-activity;sid:84541208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678107)"; flow:established,from_client; content:"GET"; http_method; content:"/8tqjm1lasu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tk2v.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678107/; classtype:trojan-activity;sid:84541207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678106)"; flow:established,from_client; content:"GET"; http_method; content:"/b4.google|3f|t=ejxl0ysv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"927.ynbr-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678106/; classtype:trojan-activity;sid:84541206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.45.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678105/; classtype:trojan-activity;sid:84541205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678104)"; flow:established,from_client; content:"GET"; http_method; content:"/tbn.check|3f|t=6rg857rh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"llb.ynbr-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678104/; classtype:trojan-activity;sid:84541204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678103)"; flow:established,from_client; content:"GET"; http_method; content:"/iikkor1ela.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tk2v.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678103/; classtype:trojan-activity;sid:84541203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678102)"; flow:established,from_client; content:"GET"; http_method; content:"/vp.google|3f|t=2nosbrzi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1w2.ynbr-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678102/; classtype:trojan-activity;sid:84541202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678101)"; flow:established,from_client; content:"GET"; http_method; content:"/2q2n2r3yso.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m8qa.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678101/; classtype:trojan-activity;sid:84541201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678100/; classtype:trojan-activity;sid:84541200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678098)"; flow:established,from_client; content:"GET"; http_method; content:"/hw.check|3f|t=an7afbcv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"szo.ynbr-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678098/; classtype:trojan-activity;sid:84541198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678099)"; flow:established,from_client; content:"GET"; http_method; content:"/riom4gdzhv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m8qa.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678099/; classtype:trojan-activity;sid:84541199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.201.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678097/; classtype:trojan-activity;sid:84541197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678096)"; flow:established,from_client; content:"GET"; http_method; content:"/oz7mu1dlfx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r5xz.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678096/; classtype:trojan-activity;sid:84541196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678095)"; flow:established,from_client; content:"GET"; http_method; content:"/a9.google|3f|t=oim20z48"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dw.ynbr-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678095/; classtype:trojan-activity;sid:84541195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678093)"; flow:established,from_client; content:"GET"; http_method; content:"/32o0rg913j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r5xz.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678093/; classtype:trojan-activity;sid:84541193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678094)"; flow:established,from_client; content:"GET"; http_method; content:"/ptn.check|3f|t=bxni2q2v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7o.ynbr-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678094/; classtype:trojan-activity;sid:84541194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.87.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678092/; classtype:trojan-activity;sid:84541192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678091)"; flow:established,from_client; content:"GET"; http_method; content:"/k953x46no1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r5xz.pohv3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678091/; classtype:trojan-activity;sid:84541191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678090)"; flow:established,from_client; content:"GET"; http_method; content:"/rg8.google|3f|t=udyqysdw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"me.yffl-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678090/; classtype:trojan-activity;sid:84541190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.199.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678089/; classtype:trojan-activity;sid:84541189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.201.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678088/; classtype:trojan-activity;sid:84541188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.117.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678086/; classtype:trojan-activity;sid:84541186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.238.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678087/; classtype:trojan-activity;sid:84541187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.250.17.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678085/; classtype:trojan-activity;sid:84541185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.250.17.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678084/; classtype:trojan-activity;sid:84541184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.229.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678083/; classtype:trojan-activity;sid:84541183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678082)"; flow:established,from_client; content:"GET"; http_method; content:"/whfu0tbsbm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"869.yffl9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678082/; classtype:trojan-activity;sid:84541182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678081)"; flow:established,from_client; content:"GET"; http_method; content:"/zg.check|3f|t=nl237syj"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"61.yffl-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678081/; classtype:trojan-activity;sid:84541181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678080)"; flow:established,from_client; content:"GET"; http_method; content:"/fnt2f6m73i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rb.yffl9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678080/; classtype:trojan-activity;sid:84541180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678079)"; flow:established,from_client; content:"GET"; http_method; content:"/0d.check|3f|t=4cjblzn3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"jy.yffl-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678079/; classtype:trojan-activity;sid:84541179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.117.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678078/; classtype:trojan-activity;sid:84541178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.164.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678077/; classtype:trojan-activity;sid:84541177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.214.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678076/; classtype:trojan-activity;sid:84541176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678075)"; flow:established,from_client; content:"GET"; http_method; content:"/bdq9r46dhz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rb.yffl9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678075/; classtype:trojan-activity;sid:84541175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678074)"; flow:established,from_client; content:"GET"; http_method; content:"/lista%20actualizada%20de%20contactos%20de%20la%20embajada.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"176.97.76.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678074/; classtype:trojan-activity;sid:84541174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678073)"; flow:established,from_client; content:"GET"; http_method; content:"/6z.check|3f|t=6zuowh73"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"8m.yffl-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678073/; classtype:trojan-activity;sid:84541173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678072)"; flow:established,from_client; content:"GET"; http_method; content:"/lista%20actualizada%20de%20contactos%20de%20la%20embajada.pdf.lnk"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"gob.pub"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678072/; classtype:trojan-activity;sid:84541172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.229.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678071/; classtype:trojan-activity;sid:84541171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678070)"; flow:established,from_client; content:"GET"; http_method; content:"/giilgy6cs7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a8a.yffl9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678070/; classtype:trojan-activity;sid:84541170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678069)"; flow:established,from_client; content:"GET"; http_method; content:"/qy3.check|3f|t=du7hqtnr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pfm.yffl-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678069/; classtype:trojan-activity;sid:84541169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678068)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.251.45.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678068/; classtype:trojan-activity;sid:84541168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678060)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.251.45.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678060/; classtype:trojan-activity;sid:84541160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678061)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.251.45.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678061/; classtype:trojan-activity;sid:84541161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678062)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.251.45.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678062/; classtype:trojan-activity;sid:84541162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678063)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.251.45.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678063/; classtype:trojan-activity;sid:84541163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678064)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"162.251.45.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678064/; classtype:trojan-activity;sid:84541164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678065)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.251.45.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678065/; classtype:trojan-activity;sid:84541165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678066)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.251.45.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678066/; classtype:trojan-activity;sid:84541166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678067)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.251.45.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678067/; classtype:trojan-activity;sid:84541167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.13.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678059/; classtype:trojan-activity;sid:84541159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678052)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.65.105.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678052/; classtype:trojan-activity;sid:84541152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678053)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.65.105.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678053/; classtype:trojan-activity;sid:84541153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678054)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.65.105.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678054/; classtype:trojan-activity;sid:84541154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678055)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.65.105.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678055/; classtype:trojan-activity;sid:84541155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678056)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.65.105.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678056/; classtype:trojan-activity;sid:84541156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678057)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.65.105.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678057/; classtype:trojan-activity;sid:84541157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678058)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.65.105.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678058/; classtype:trojan-activity;sid:84541158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678050)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.65.105.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678050/; classtype:trojan-activity;sid:84541150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678051)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.65.105.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678051/; classtype:trojan-activity;sid:84541151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678048)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.177.149.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678048/; classtype:trojan-activity;sid:84541148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678049)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.177.149.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678049/; classtype:trojan-activity;sid:84541149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678041)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.177.149.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678041/; classtype:trojan-activity;sid:84541141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678042)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.177.149.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678042/; classtype:trojan-activity;sid:84541142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678043)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"151.177.149.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678043/; classtype:trojan-activity;sid:84541143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678044)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.177.149.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678044/; classtype:trojan-activity;sid:84541144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678045)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.177.149.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678045/; classtype:trojan-activity;sid:84541145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678046)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.177.149.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678046/; classtype:trojan-activity;sid:84541146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678047)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.177.149.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678047/; classtype:trojan-activity;sid:84541147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678040)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.225.196.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678040/; classtype:trojan-activity;sid:84541140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678023)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.229.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678023/; classtype:trojan-activity;sid:84541123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678024)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.229.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678024/; classtype:trojan-activity;sid:84541124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678025)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.229.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678025/; classtype:trojan-activity;sid:84541125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678026)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.229.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678026/; classtype:trojan-activity;sid:84541126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678027)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.229.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678027/; classtype:trojan-activity;sid:84541127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678028)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.229.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678028/; classtype:trojan-activity;sid:84541128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678029)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.229.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678029/; classtype:trojan-activity;sid:84541129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678030)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.225.196.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678030/; classtype:trojan-activity;sid:84541130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678031)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"81.225.196.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678031/; classtype:trojan-activity;sid:84541131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678032)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.225.196.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678032/; classtype:trojan-activity;sid:84541132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678033)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.225.196.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678033/; classtype:trojan-activity;sid:84541133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678034)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"81.225.196.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678034/; classtype:trojan-activity;sid:84541134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678035)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"81.225.196.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678035/; classtype:trojan-activity;sid:84541135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678036)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.229.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678036/; classtype:trojan-activity;sid:84541136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678037)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.225.196.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678037/; classtype:trojan-activity;sid:84541137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678038)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.225.196.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678038/; classtype:trojan-activity;sid:84541138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678039)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.229.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678039/; classtype:trojan-activity;sid:84541139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678019)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.129.17.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678019/; classtype:trojan-activity;sid:84541119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678020)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.67.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678020/; classtype:trojan-activity;sid:84541120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678021)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.67.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678021/; classtype:trojan-activity;sid:84541121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678022)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678022/; classtype:trojan-activity;sid:84541122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678018)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.215.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678018/; classtype:trojan-activity;sid:84541118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678017)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.233.252.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678017/; classtype:trojan-activity;sid:84541117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.234.234.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678015/; classtype:trojan-activity;sid:84541115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.23.91.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678016/; classtype:trojan-activity;sid:84541116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.61.100.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678012/; classtype:trojan-activity;sid:84541112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.15.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678013/; classtype:trojan-activity;sid:84541113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.5.111.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678014/; classtype:trojan-activity;sid:84541114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.193.241.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678009/; classtype:trojan-activity;sid:84541109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.166.166.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678010/; classtype:trojan-activity;sid:84541110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.238.207.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678011/; classtype:trojan-activity;sid:84541111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678008)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.184.144.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678008/; classtype:trojan-activity;sid:84541108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.184.239.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678007/; classtype:trojan-activity;sid:84541107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.121.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678005/; classtype:trojan-activity;sid:84541105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678006)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678006/; classtype:trojan-activity;sid:84541106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.147.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678004/; classtype:trojan-activity;sid:84541104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.81.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678001/; classtype:trojan-activity;sid:84541101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678002)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.18.89.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678002/; classtype:trojan-activity;sid:84541102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678003)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.234.173.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678003/; classtype:trojan-activity;sid:84541103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678000)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.137.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678000/; classtype:trojan-activity;sid:84541100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677999)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.25.123.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677999/; classtype:trojan-activity;sid:84541099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.164.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677998/; classtype:trojan-activity;sid:84541098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677997)"; flow:established,from_client; content:"GET"; http_method; content:"/h7v.check|3f|t=tc0jqwd4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sji.ykgw-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677997/; classtype:trojan-activity;sid:84541097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677996)"; flow:established,from_client; content:"GET"; http_method; content:"/625sw046tz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a8a.yffl9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677996/; classtype:trojan-activity;sid:84541096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677995)"; flow:established,from_client; content:"GET"; http_method; content:"/rad.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677995/; classtype:trojan-activity;sid:84541095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.70.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677994/; classtype:trojan-activity;sid:84541094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677993)"; flow:established,from_client; content:"GET"; http_method; content:"/clp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677993/; classtype:trojan-activity;sid:84541093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677992)"; flow:established,from_client; content:"GET"; http_method; content:"/gjmw8bla5s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"1w.yffl9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677992/; classtype:trojan-activity;sid:84541092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677991)"; flow:established,from_client; content:"GET"; http_method; content:"/28.google|3f|t=kc4n4pbm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"971.ykgw-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677991/; classtype:trojan-activity;sid:84541091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677990/; classtype:trojan-activity;sid:84541090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677989)"; flow:established,from_client; content:"GET"; http_method; content:"/wynkglatlr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ohl.yffl9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677989/; classtype:trojan-activity;sid:84541089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677988)"; flow:established,from_client; content:"GET"; http_method; content:"/h35.check|3f|t=1sb406rk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z4k.ykgw-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677988/; classtype:trojan-activity;sid:84541088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677987)"; flow:established,from_client; content:"GET"; http_method; content:"/sfbaazwdvn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ohl.yffl9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677987/; classtype:trojan-activity;sid:84541087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677986)"; flow:established,from_client; content:"GET"; http_method; content:"/bc.check|3f|t=9f0c9rm1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"6cm.ykgw-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677986/; classtype:trojan-activity;sid:84541086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.96.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677985/; classtype:trojan-activity;sid:84541085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.166.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677984/; classtype:trojan-activity;sid:84541084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.154.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677983/; classtype:trojan-activity;sid:84541083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677981)"; flow:established,from_client; content:"GET"; http_method; content:"/zl.check|3f|t=8bxvh1bv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vm.ykgw-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677981/; classtype:trojan-activity;sid:84541081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677982)"; flow:established,from_client; content:"GET"; http_method; content:"/rovw6vc0dz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"uq2.obvp2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677982/; classtype:trojan-activity;sid:84541082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.70.230.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677980/; classtype:trojan-activity;sid:84541080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677979)"; flow:established,from_client; content:"GET"; http_method; content:"/9x.check|3f|t=bgl8zhkm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"69d.ykgw-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677979/; classtype:trojan-activity;sid:84541079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677978)"; flow:established,from_client; content:"GET"; http_method; content:"/lfe3hx1baj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"uq2.obvp2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677978/; classtype:trojan-activity;sid:84541078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.195.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677976/; classtype:trojan-activity;sid:84541076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677977)"; flow:established,from_client; content:"GET"; http_method; content:"/fbhqnp953d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"03.obvp2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677977/; classtype:trojan-activity;sid:84541077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677975)"; flow:established,from_client; content:"GET"; http_method; content:"/g00.google|3f|t=5hpjfzcj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x2.ykgw-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677975/; classtype:trojan-activity;sid:84541075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.199.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677974/; classtype:trojan-activity;sid:84541074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.184.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677973/; classtype:trojan-activity;sid:84541073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677972)"; flow:established,from_client; content:"GET"; http_method; content:"/d.js"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cansupeker.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677972/; classtype:trojan-activity;sid:84541072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.246.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677971/; classtype:trojan-activity;sid:84541071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.161.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677970/; classtype:trojan-activity;sid:84541070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.59.92.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677968/; classtype:trojan-activity;sid:84541068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.96.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677969/; classtype:trojan-activity;sid:84541069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677967/; classtype:trojan-activity;sid:84541067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.240.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677966/; classtype:trojan-activity;sid:84541066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677965)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"188.241.62.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677965/; classtype:trojan-activity;sid:84541065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.104.217.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677964/; classtype:trojan-activity;sid:84541064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.104.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677961/; classtype:trojan-activity;sid:84541061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.100.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677962/; classtype:trojan-activity;sid:84541062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.31.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677963/; classtype:trojan-activity;sid:84541063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.238.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677958/; classtype:trojan-activity;sid:84541058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.49.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677959/; classtype:trojan-activity;sid:84541059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.120.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677960/; classtype:trojan-activity;sid:84541060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677956/; classtype:trojan-activity;sid:84541056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.221.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677957/; classtype:trojan-activity;sid:84541057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.110.181.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677955/; classtype:trojan-activity;sid:84541055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.28.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677954/; classtype:trojan-activity;sid:84541054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677953)"; flow:established,from_client; content:"GET"; http_method; content:"/kr0jfnd11q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8o.obvp2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677953/; classtype:trojan-activity;sid:84541053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677952)"; flow:established,from_client; content:"GET"; http_method; content:"/fe.check|3f|t=kh571ynz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cr0.aclz-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677952/; classtype:trojan-activity;sid:84541052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.243.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677951/; classtype:trojan-activity;sid:84541051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677950/; classtype:trojan-activity;sid:84541050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.184.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677949/; classtype:trojan-activity;sid:84541049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677947)"; flow:established,from_client; content:"GET"; http_method; content:"/01bat2bg7h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8o.obvp2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677947/; classtype:trojan-activity;sid:84541047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677948)"; flow:established,from_client; content:"GET"; http_method; content:"/0th.check|3f|t=4haylfuo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5xw.aclz-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677948/; classtype:trojan-activity;sid:84541048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677946)"; flow:established,from_client; content:"GET"; http_method; content:"/3v7j91fafe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8o.obvp2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677946/; classtype:trojan-activity;sid:84541046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677945)"; flow:established,from_client; content:"GET"; http_method; content:"/m9.check|3f|t=rqq0uqo8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t1.aclz-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677945/; classtype:trojan-activity;sid:84541045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.80.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677944/; classtype:trojan-activity;sid:84541044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.195.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677943/; classtype:trojan-activity;sid:84541043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.72.183.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677942/; classtype:trojan-activity;sid:84541042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677941/; classtype:trojan-activity;sid:84541041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.115.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677940/; classtype:trojan-activity;sid:84541040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.140.129.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677939/; classtype:trojan-activity;sid:84541039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677937)"; flow:established,from_client; content:"GET"; http_method; content:"/kr.check|3f|t=dqpumk4f"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ckr.aclz-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677937/; classtype:trojan-activity;sid:84541037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677938)"; flow:established,from_client; content:"GET"; http_method; content:"/qs2tygjpt4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lz.obvp2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677938/; classtype:trojan-activity;sid:84541038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.243.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677936/; classtype:trojan-activity;sid:84541036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677935)"; flow:established,from_client; content:"GET"; http_method; content:"/hrev898idm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lz.obvp2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677935/; classtype:trojan-activity;sid:84541035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677934)"; flow:established,from_client; content:"GET"; http_method; content:"/ju.check|3f|t=tl6dbj3y"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"50.aclz-9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677934/; classtype:trojan-activity;sid:84541034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677933/; classtype:trojan-activity;sid:84541033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.80.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677932/; classtype:trojan-activity;sid:84541032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677931)"; flow:established,from_client; content:"GET"; http_method; content:"/658lzfc7kd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm.obvp2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677931/; classtype:trojan-activity;sid:84541031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677930)"; flow:established,from_client; content:"GET"; http_method; content:"/ru.check|3f|t=ufmsur70"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"8x4.aclz-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677930/; classtype:trojan-activity;sid:84541030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.72.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677929/; classtype:trojan-activity;sid:84541029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677928)"; flow:established,from_client; content:"GET"; http_method; content:"/x7.google|3f|t=prni5mzc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b5o.aclz-9.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677928/; classtype:trojan-activity;sid:84541028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677927)"; flow:established,from_client; content:"GET"; http_method; content:"/x3garnj0j5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm.obvp2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677927/; classtype:trojan-activity;sid:84541027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677926)"; flow:established,from_client; content:"GET"; http_method; content:"/onionlauncher.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"onionlauncher.space"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677926/; classtype:trojan-activity;sid:84541026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.157.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677925/; classtype:trojan-activity;sid:84541025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677924)"; flow:established,from_client; content:"GET"; http_method; content:"/x55m8kzhh1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"maw.ykgw2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677924/; classtype:trojan-activity;sid:84541024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677923)"; flow:established,from_client; content:"GET"; http_method; content:"/b02.check|3f|t=ylzgodgr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"i8.kdit-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677923/; classtype:trojan-activity;sid:84541023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.72.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677922/; classtype:trojan-activity;sid:84541022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677921)"; flow:established,from_client; content:"GET"; http_method; content:"/241/dsf4sf499dfs9dsf23sfcxv00r9er9vfddfd349fddf00fdgfg34g0g09fdg43dgfdfg9dfgeg943g9.txt"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"107.174.33.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677921/; classtype:trojan-activity;sid:84541021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677919)"; flow:established,from_client; content:"GET"; http_method; content:"/241/dsf4sf499dfs9dsf23sfcxv00r9er9vfddfd349fddf00fdgfg34g0g09fdg43dgfdfg9dfgeg943g9.hta"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"107.174.33.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677919/; classtype:trojan-activity;sid:84541019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677920)"; flow:established,from_client; content:"GET"; http_method; content:"/bbwa/yzmtkafhpdx.dat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"107.174.33.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677920/; classtype:trojan-activity;sid:84541020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.45.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677918/; classtype:trojan-activity;sid:84541018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677917)"; flow:established,from_client; content:"GET"; http_method; content:"/qqwfqzvfgu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"maw.ykgw2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677917/; classtype:trojan-activity;sid:84541017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677916)"; flow:established,from_client; content:"GET"; http_method; content:"/hti.google|3f|t=mfjyymds"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qm0.kdit-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677916/; classtype:trojan-activity;sid:84541016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.70.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677915/; classtype:trojan-activity;sid:84541015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.207.114.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677914/; classtype:trojan-activity;sid:84541014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677913)"; flow:established,from_client; content:"GET"; http_method; content:"/sudoadii/effjdfjdxportsdemobyehellooelfefefnsedjvsmvsdngcnjsdvjsjvsd/raw/refs/heads/main/dee.ps1"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677913/; classtype:trojan-activity;sid:84541013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677912)"; flow:established,from_client; content:"GET"; http_method; content:"/nebebra912-cloud/money/releases/download/bebr2/bypasserupd.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677912/; classtype:trojan-activity;sid:84541012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677908)"; flow:established,from_client; content:"GET"; http_method; content:"/sudoadii/ubiquitous-dollop/raw/refs/heads/main/bttt.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677908/; classtype:trojan-activity;sid:84541008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677909)"; flow:established,from_client; content:"GET"; http_method; content:"/550uf3xq0w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"erv.ykgw2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677909/; classtype:trojan-activity;sid:84541009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677910)"; flow:established,from_client; content:"GET"; http_method; content:"/sudoadii/exeuploaderdoxx/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677910/; classtype:trojan-activity;sid:84541010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677911)"; flow:established,from_client; content:"GET"; http_method; content:"/sudoadii/effjdfjdxportsdemobyehellooelfefefnsedjvsmvsdngcnjsdvjsjvsd/raw/refs/heads/main/qwerty.exe"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677911/; classtype:trojan-activity;sid:84541011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677906)"; flow:established,from_client; content:"GET"; http_method; content:"/nebebra912-cloud/money/releases/download/sdffsdfs/cheatupd.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677906/; classtype:trojan-activity;sid:84541006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677907)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8462225521/k7ohaut.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677907/; classtype:trojan-activity;sid:84541007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677905)"; flow:established,from_client; content:"GET"; http_method; content:"/ygs.check|3f|t=xlo0hn6z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yl.kdit-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677905/; classtype:trojan-activity;sid:84541005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.245.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677904/; classtype:trojan-activity;sid:84541004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677902)"; flow:established,from_client; content:"GET"; http_method; content:"/9sa.google|3f|t=2ycdkjw3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"4d.kdit-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677902/; classtype:trojan-activity;sid:84541002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677903)"; flow:established,from_client; content:"GET"; http_method; content:"/hfh6ze0ojc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u4.ykgw2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677903/; classtype:trojan-activity;sid:84541003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677901/; classtype:trojan-activity;sid:84541001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.70.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677900/; classtype:trojan-activity;sid:84541000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677899)"; flow:established,from_client; content:"GET"; http_method; content:"/8zs59qgbt0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u4.ykgw2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677899/; classtype:trojan-activity;sid:84540999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677898)"; flow:established,from_client; content:"GET"; http_method; content:"/vik.google|3f|t=9ix17ufj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hw.kdit-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677898/; classtype:trojan-activity;sid:84540998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.178.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677896/; classtype:trojan-activity;sid:84540996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.1.251.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677897/; classtype:trojan-activity;sid:84540997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.207.114.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677895/; classtype:trojan-activity;sid:84540995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677894/; classtype:trojan-activity;sid:84540994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677893)"; flow:established,from_client; content:"GET"; http_method; content:"/pg17euri79.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b5h.ykgw2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677893/; classtype:trojan-activity;sid:84540993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677892)"; flow:established,from_client; content:"GET"; http_method; content:"/f5.google|3f|t=kg9ws5e8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cuf.kdit-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677892/; classtype:trojan-activity;sid:84540992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.245.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677891/; classtype:trojan-activity;sid:84540991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.121.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677890/; classtype:trojan-activity;sid:84540990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677888)"; flow:established,from_client; content:"GET"; http_method; content:"/7yo.check|3f|t=z1jtyvdv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"abd.kdit-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677888/; classtype:trojan-activity;sid:84540988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677889)"; flow:established,from_client; content:"GET"; http_method; content:"/ryy4de8opu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gsw.ykgw2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677889/; classtype:trojan-activity;sid:84540989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.46.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677887/; classtype:trojan-activity;sid:84540987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677886/; classtype:trojan-activity;sid:84540986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677885/; classtype:trojan-activity;sid:84540985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677884)"; flow:established,from_client; content:"GET"; http_method; content:"/z0.google|3f|t=kiy37pff"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"je.tvil-0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677884/; classtype:trojan-activity;sid:84540984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677883)"; flow:established,from_client; content:"GET"; http_method; content:"/qvclg9zt7n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p7.ykgw2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677883/; classtype:trojan-activity;sid:84540983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677882/; classtype:trojan-activity;sid:84540982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.52.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677881/; classtype:trojan-activity;sid:84540981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.60.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677880/; classtype:trojan-activity;sid:84540980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.19.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677879/; classtype:trojan-activity;sid:84540979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677878)"; flow:established,from_client; content:"GET"; http_method; content:"/50erc1qomd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"9xp.aclz9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677878/; classtype:trojan-activity;sid:84540978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677877)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1.check|3f|t=qeyu754i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hoy.tvil-0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677877/; classtype:trojan-activity;sid:84540977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.19.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677876/; classtype:trojan-activity;sid:84540976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.121.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677875/; classtype:trojan-activity;sid:84540975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677874/; classtype:trojan-activity;sid:84540974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.167.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677873/; classtype:trojan-activity;sid:84540973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.56.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677872/; classtype:trojan-activity;sid:84540972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmx7qf2b09.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fp.aclz9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677871/; classtype:trojan-activity;sid:84540971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677870)"; flow:established,from_client; content:"GET"; http_method; content:"/s4s.check|3f|t=zk3kdw5g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q1h.tvil-0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677870/; classtype:trojan-activity;sid:84540970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.246.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677869/; classtype:trojan-activity;sid:84540969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677868)"; flow:established,from_client; content:"GET"; http_method; content:"/crypted.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"115.187.41.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677868/; classtype:trojan-activity;sid:84540968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.78.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677867/; classtype:trojan-activity;sid:84540967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677866)"; flow:established,from_client; content:"GET"; http_method; content:"/j3.google|3f|t=dym8z9ho"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bwj.tvil-0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677866/; classtype:trojan-activity;sid:84540966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677865)"; flow:established,from_client; content:"GET"; http_method; content:"/ylbbjxwunbygjeg93.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91126069-0-20221021003910.webstarterz.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677865/; classtype:trojan-activity;sid:84540965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677864)"; flow:established,from_client; content:"GET"; http_method; content:"/wmshvsglj34.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91126069-0-20221021003910.webstarterz.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677864/; classtype:trojan-activity;sid:84540964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677863)"; flow:established,from_client; content:"GET"; http_method; content:"/slimpsiest.aaf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91126069-0-20221021003910.webstarterz.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677863/; classtype:trojan-activity;sid:84540963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677862)"; flow:established,from_client; content:"GET"; http_method; content:"/pghadyen81.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nws.aclz9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677862/; classtype:trojan-activity;sid:84540962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677861/; classtype:trojan-activity;sid:84540961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.60.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677860/; classtype:trojan-activity;sid:84540960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677859)"; flow:established,from_client; content:"GET"; http_method; content:"/mix2pgycdbf4pdnytz"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.120.219.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677859/; classtype:trojan-activity;sid:84540959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677858)"; flow:established,from_client; content:"GET"; http_method; content:"/gxuamdyt5d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nws.aclz9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677858/; classtype:trojan-activity;sid:84540958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677857)"; flow:established,from_client; content:"GET"; http_method; content:"/b5.google|3f|t=2k1ozune"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"o29.tvil-0.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677857/; classtype:trojan-activity;sid:84540957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677856/; classtype:trojan-activity;sid:84540956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677855)"; flow:established,from_client; content:"GET"; http_method; content:"/syrbnk7oay.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nws.aclz9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677855/; classtype:trojan-activity;sid:84540955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677854)"; flow:established,from_client; content:"GET"; http_method; content:"/w6.google|3f|t=b120kxrr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fgq.llim-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677854/; classtype:trojan-activity;sid:84540954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677847)"; flow:established,from_client; content:"GET"; http_method; content:"/uamurzdtrwkwbxdsuky127.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"107.175.88.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677847/; classtype:trojan-activity;sid:84540947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677848)"; flow:established,from_client; content:"GET"; http_method; content:"/zmvzitlltwsjems113.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.175.88.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677848/; classtype:trojan-activity;sid:84540948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677849)"; flow:established,from_client; content:"GET"; http_method; content:"/tkvrsezirbrvawzyeqsjmg11.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"107.175.88.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677849/; classtype:trojan-activity;sid:84540949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677850)"; flow:established,from_client; content:"GET"; http_method; content:"/vljsiv7.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.175.88.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677850/; classtype:trojan-activity;sid:84540950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677851)"; flow:established,from_client; content:"GET"; http_method; content:"/kgmrnfgdgbdwpwmujm247.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"107.175.88.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677851/; classtype:trojan-activity;sid:84540951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677852)"; flow:established,from_client; content:"GET"; http_method; content:"/gyjvzmzufx166.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.175.88.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677852/; classtype:trojan-activity;sid:84540952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677853)"; flow:established,from_client; content:"GET"; http_method; content:"/spacebarftpconvertedfile.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"107.175.88.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677853/; classtype:trojan-activity;sid:84540953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677846)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677846/; classtype:trojan-activity;sid:84540946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677845)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677845/; classtype:trojan-activity;sid:84540945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677844)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677844/; classtype:trojan-activity;sid:84540944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677843)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677843/; classtype:trojan-activity;sid:84540943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677842)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677842/; classtype:trojan-activity;sid:84540942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677841)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677841/; classtype:trojan-activity;sid:84540941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677840)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677840/; classtype:trojan-activity;sid:84540940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677839)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677839/; classtype:trojan-activity;sid:84540939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677838)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677838/; classtype:trojan-activity;sid:84540938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677836)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677836/; classtype:trojan-activity;sid:84540936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677837)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677837/; classtype:trojan-activity;sid:84540937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677835)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677835/; classtype:trojan-activity;sid:84540935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677834)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677834/; classtype:trojan-activity;sid:84540934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677833)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677833/; classtype:trojan-activity;sid:84540933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677832)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677832/; classtype:trojan-activity;sid:84540932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677831)"; flow:established,from_client; content:"GET"; http_method; content:"/spmain_spcc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677831/; classtype:trojan-activity;sid:84540931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.172.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677830/; classtype:trojan-activity;sid:84540930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677828)"; flow:established,from_client; content:"GET"; http_method; content:"/co.google|3f|t=tbr6yjar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"j5.llim-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677828/; classtype:trojan-activity;sid:84540928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677829)"; flow:established,from_client; content:"GET"; http_method; content:"/jmkk1ut6ot.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tm.aclz9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677829/; classtype:trojan-activity;sid:84540929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677827)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ddrz2qwzkckg5w8/cy86v5u2dc73423tpilj3.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677827/; classtype:trojan-activity;sid:84540927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677826)"; flow:established,from_client; content:"GET"; http_method; content:"/file/qg5qpt61h7wtoc2/nw2prfdi7gg86011142fmsr.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677826/; classtype:trojan-activity;sid:84540926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677825)"; flow:established,from_client; content:"GET"; http_method; content:"/file/v2vg4xnb1jn04w8/hdej3pj66runxipxq8bvk.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677825/; classtype:trojan-activity;sid:84540925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677824)"; flow:established,from_client; content:"GET"; http_method; content:"/file/y4n5r3lbzydf7bz/hd4n89v3ryxm8y6311y43d.iso/file"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677824/; classtype:trojan-activity;sid:84540924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677823)"; flow:established,from_client; content:"GET"; http_method; content:"/file/sec7xvpnb99p3ap/nw390f0k41pcc84k1314s.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677823/; classtype:trojan-activity;sid:84540923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677822)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2xyemz42xuo82t4/hdg175nxm07yc7pv89vuy0.iso/file"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677822/; classtype:trojan-activity;sid:84540922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677821/; classtype:trojan-activity;sid:84540921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677817)"; flow:established,from_client; content:"GET"; http_method; content:"/file/qtdh7u93eqfx8ko/nw4kse7ifjst4dqkcx6p.iso/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677817/; classtype:trojan-activity;sid:84540917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677818)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6vfpk0ijsutcvwj/hd2t2ym016665e9efbx0ifch.iso/file"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677818/; classtype:trojan-activity;sid:84540918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677819)"; flow:established,from_client; content:"GET"; http_method; content:"/file/sh4y6oo69h7uzq2/hdzr0r9o635t6gd9e1xfm.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677819/; classtype:trojan-activity;sid:84540919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677820)"; flow:established,from_client; content:"GET"; http_method; content:"/file/gzdlz2vz3qx87yj/nw1z96y93im1r68do9y.iso/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677820/; classtype:trojan-activity;sid:84540920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677812)"; flow:established,from_client; content:"GET"; http_method; content:"/file/0jnp1r6bp7z2t2w/nwnx0q47ex6a6vylzf4jel3.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677812/; classtype:trojan-activity;sid:84540912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677813)"; flow:established,from_client; content:"GET"; http_method; content:"/file/emd6m5s6njlwl6d/nw7yn6b0v1cm120zr0a5o.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677813/; classtype:trojan-activity;sid:84540913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677814)"; flow:established,from_client; content:"GET"; http_method; content:"/file/pmyuadp6bkozw4k/nxx48fpxtv3u39x67lp4.iso/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677814/; classtype:trojan-activity;sid:84540914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677815)"; flow:established,from_client; content:"GET"; http_method; content:"/file/g8gign22k13zwqn/hd8h9g59nt01339sjm0019u3h.iso/file"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677815/; classtype:trojan-activity;sid:84540915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677816)"; flow:established,from_client; content:"GET"; http_method; content:"/file/tjdkvq3ux2ss4xz/cy591jjxd6mn33t9aqz7b.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677816/; classtype:trojan-activity;sid:84540916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677810)"; flow:established,from_client; content:"GET"; http_method; content:"/file/vi8zgxbn41rjby2/nwbf48k3y448jcb5nmzn1b3.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677810/; classtype:trojan-activity;sid:84540910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677811)"; flow:established,from_client; content:"GET"; http_method; content:"/file/nmxsxde9mzmio9y/cyaj1ncf91vcn041y6the8.iso/file"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677811/; classtype:trojan-activity;sid:84540911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677804)"; flow:established,from_client; content:"GET"; http_method; content:"/file/as67aqm08wv9jne/nxjt6py8bka92hs5xytpba.iso/file"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677804/; classtype:trojan-activity;sid:84540904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677805)"; flow:established,from_client; content:"GET"; http_method; content:"/file/w47slhg51a43oj9/nx5x4v1uj72j6d92si3342.iso/file"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677805/; classtype:trojan-activity;sid:84540905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677806)"; flow:established,from_client; content:"GET"; http_method; content:"/file/h3f98fc6j00x8jp/hdzq6j4kji4jcoxtnkv4jp.iso/file"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677806/; classtype:trojan-activity;sid:84540906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.246.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677807/; classtype:trojan-activity;sid:84540907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677808)"; flow:established,from_client; content:"GET"; http_method; content:"/file/nzpim9ta6uj633i/cy6do774n800l7thd7um9.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677808/; classtype:trojan-activity;sid:84540908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677809)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ry27kdky42uzgdh/nxei776h504u3h531h14.iso/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677809/; classtype:trojan-activity;sid:84540909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677801)"; flow:established,from_client; content:"GET"; http_method; content:"/file/m490i7tz8ybtl54/nw6vn6kcfud3jem4g6k.iso/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677801/; classtype:trojan-activity;sid:84540901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677802)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ey0tz6160agbxdn/hd5ojxy4416m1z9xk14k7e.iso/file"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677802/; classtype:trojan-activity;sid:84540902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677803)"; flow:established,from_client; content:"GET"; http_method; content:"/file/jc3muh54c7cx7zk/nxlz92tntjcbipm6vrbvm219.iso/file"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677803/; classtype:trojan-activity;sid:84540903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677797)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ddwtdh46e69ce4t/cy204exq965sztczk6r1f.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677797/; classtype:trojan-activity;sid:84540897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677798)"; flow:established,from_client; content:"GET"; http_method; content:"/file/jcd5aobkyulf43p/nw04zs7ez6gpv9h51218.iso/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677798/; classtype:trojan-activity;sid:84540898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677799)"; flow:established,from_client; content:"GET"; http_method; content:"/file/39gdkht8zjpsmpp/nw1833i7e2b3i6b40kmzf6r.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677799/; classtype:trojan-activity;sid:84540899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677800)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8idosbc3opg8si8/nxq0y32018yrksfojkq6.iso/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677800/; classtype:trojan-activity;sid:84540900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677796)"; flow:established,from_client; content:"GET"; http_method; content:"/npm.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.168.75.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677796/; classtype:trojan-activity;sid:84540896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677795)"; flow:established,from_client; content:"GET"; http_method; content:"/file/vq79wj50q7aw943/nx8rg774j79t5q262mbc9.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677795/; classtype:trojan-activity;sid:84540895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677794)"; flow:established,from_client; content:"GET"; http_method; content:"/file/o996xujg7oz0scs/hdzx0l77i1xrkng0g6jkj5.iso/file"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677794/; classtype:trojan-activity;sid:84540894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677792)"; flow:established,from_client; content:"GET"; http_method; content:"/file/txfrtx2xqnthhzh/nw2j78yjk1r6y7zrgjfq.iso/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677792/; classtype:trojan-activity;sid:84540892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677793)"; flow:established,from_client; content:"GET"; http_method; content:"/file/bk9cvpx6x0te40p/cyq1alld6o2jsl98o58x4isy.iso/file"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677793/; classtype:trojan-activity;sid:84540893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677790)"; flow:established,from_client; content:"GET"; http_method; content:"/file/qe91ykq7mvnzuih/hdq540fa0ote8n0s87d4.iso/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677790/; classtype:trojan-activity;sid:84540890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677791)"; flow:established,from_client; content:"GET"; http_method; content:"/file/zjhvvw61hfzs53u/nx4302rbcoln336uh4kt4sp.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677791/; classtype:trojan-activity;sid:84540891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.109.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677789/; classtype:trojan-activity;sid:84540889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677788)"; flow:established,from_client; content:"GET"; http_method; content:"/file/nhtlrc47lhxg9if/nx72bl03duxfmajitm18.iso/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677788/; classtype:trojan-activity;sid:84540888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677783)"; flow:established,from_client; content:"GET"; http_method; content:"/file/rq1hiltiorm5es2/hdullbulegm95527ski.iso/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677783/; classtype:trojan-activity;sid:84540883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677784)"; flow:established,from_client; content:"GET"; http_method; content:"/file/l6rmk6of0lcl92j/hdy1b5p7ybc54aqgg61lt.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677784/; classtype:trojan-activity;sid:84540884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677785)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b9tnmhirbzxzjj6/hdm28uhisab0i4ud4s21i.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677785/; classtype:trojan-activity;sid:84540885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677786)"; flow:established,from_client; content:"GET"; http_method; content:"/file/1540qpt9gigob8r/cyeo5up142r8e2eme5lng.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677786/; classtype:trojan-activity;sid:84540886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677787)"; flow:established,from_client; content:"GET"; http_method; content:"/file/hekmmfm5xy0gnda/hdy7e7tahzu05d2e7fxpkj29.iso/file"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677787/; classtype:trojan-activity;sid:84540887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677778)"; flow:established,from_client; content:"GET"; http_method; content:"/file/dn6568uo9q44c61/nw5jnipr2f098z6m4f179vr4.iso/file"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677778/; classtype:trojan-activity;sid:84540878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677779)"; flow:established,from_client; content:"GET"; http_method; content:"/file/m8syiabehkeld7n/nxso8csrg170kk51860o.iso/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677779/; classtype:trojan-activity;sid:84540879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677780)"; flow:established,from_client; content:"GET"; http_method; content:"/file/x9xyvlpp2i0im6c/nxshar0j9ms52ms005x9nnc.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677780/; classtype:trojan-activity;sid:84540880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677781)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8blkxej7loi941t/nwsnana5me4jx905ify3.iso/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677781/; classtype:trojan-activity;sid:84540881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677782)"; flow:established,from_client; content:"GET"; http_method; content:"/file/pwlpd998pycwfz9/nw6m943b23x1gf6d3pk9bashz.iso/file"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677782/; classtype:trojan-activity;sid:84540882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677774)"; flow:established,from_client; content:"GET"; http_method; content:"/file/1i2g2r2km4s5sta/nxy0u4klkk47guio60gvr57.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677774/; classtype:trojan-activity;sid:84540874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677775)"; flow:established,from_client; content:"GET"; http_method; content:"/file/eq2lhcmeaul88uf/cyy1dmdc448y6578t49g71dp7.iso/file"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677775/; classtype:trojan-activity;sid:84540875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677776)"; flow:established,from_client; content:"GET"; http_method; content:"/file/omttq55nxkeg91i/nwur9aglirzqcjx8x1gqs974.iso/file"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677776/; classtype:trojan-activity;sid:84540876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677777)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7aipngxhq1ydvsj/nx453d7y26cg0d27nxx1j3a.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677777/; classtype:trojan-activity;sid:84540877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677773)"; flow:established,from_client; content:"GET"; http_method; content:"/file/w1blegz6sr0gscn/cyk62560xvq56j33qx7948g9b.iso/file"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677773/; classtype:trojan-activity;sid:84540873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677769)"; flow:established,from_client; content:"GET"; http_method; content:"/file/3vltbet00afsuxq/nwzz79z3n92k7848y1cdffce.iso/file"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677769/; classtype:trojan-activity;sid:84540869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677770)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8cg24mtdz9v0rkk/hdj3c72yx7gm674a8z0f6.iso/file"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677770/; classtype:trojan-activity;sid:84540870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677771)"; flow:established,from_client; content:"GET"; http_method; content:"/file/touqgzovjzp8n3o/hd8v06hnj6ddotc3m5mskf5.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677771/; classtype:trojan-activity;sid:84540871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677772)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8k2p2c4xhqttzrm/nx08f9gcnhkq031ppql850196.iso/file"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677772/; classtype:trojan-activity;sid:84540872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677767)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6d5hxq63birymba/cyco9b2c19og9r9g4pgjkbq.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677767/; classtype:trojan-activity;sid:84540867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677768)"; flow:established,from_client; content:"GET"; http_method; content:"/file/43yesggfebsihdg/cync73n48sb75xe2v03sf7v1z.iso/file"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677768/; classtype:trojan-activity;sid:84540868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677766)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fl6i15ibh8jbska/cyv97hz30hn4l5qn9m8f2o7.iso/file"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677766/; classtype:trojan-activity;sid:84540866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.172.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677765/; classtype:trojan-activity;sid:84540865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.68.162.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677764/; classtype:trojan-activity;sid:84540864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677763)"; flow:established,from_client; content:"GET"; http_method; content:"/hzgyvk18nt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bzf.aclz9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677763/; classtype:trojan-activity;sid:84540863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677762)"; flow:established,from_client; content:"GET"; http_method; content:"/2x.check|3f|t=o141d8aa"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"d8i.llim-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677762/; classtype:trojan-activity;sid:84540862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677761/; classtype:trojan-activity;sid:84540861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677760)"; flow:established,from_client; content:"GET"; http_method; content:"/sudoadii/myrepo/raw/refs/heads/main/systemupdate.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677760/; classtype:trojan-activity;sid:84540860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677759)"; flow:established,from_client; content:"GET"; http_method; content:"/bt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"effjdfjdxportsdemobyehellooelfefefn.vercel.app"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677759/; classtype:trojan-activity;sid:84540859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677758)"; flow:established,from_client; content:"GET"; http_method; content:"/sudoadii/effjdfjdxportsdemobyehellooelfefefnsedjvsmvsdngcnjsdvjsjvsd/raw/refs/heads/main/bt.exe"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677758/; classtype:trojan-activity;sid:84540858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677757/; classtype:trojan-activity;sid:84540857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677756)"; flow:established,from_client; content:"GET"; http_method; content:"/3x85j8tbbd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dp.aclz9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677756/; classtype:trojan-activity;sid:84540856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677755)"; flow:established,from_client; content:"GET"; http_method; content:"/9k8.google|3f|t=wa27xa4d"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"yt.llim-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677755/; classtype:trojan-activity;sid:84540855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.109.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677754/; classtype:trojan-activity;sid:84540854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.115.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677753/; classtype:trojan-activity;sid:84540853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.162.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677752/; classtype:trojan-activity;sid:84540852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677751)"; flow:established,from_client; content:"GET"; http_method; content:"/xt.google|3f|t=ltydxvuu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wxe.llim-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677751/; classtype:trojan-activity;sid:84540851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677750)"; flow:established,from_client; content:"GET"; http_method; content:"/4y6l45qr72.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k3.ussn7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677750/; classtype:trojan-activity;sid:84540850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677749)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.200.159.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677749/; classtype:trojan-activity;sid:84540849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677748)"; flow:established,from_client; content:"GET"; http_method; content:"/adobeloader/download.php"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"graniteguyservices.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677748/; classtype:trojan-activity;sid:84540848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.27.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677747/; classtype:trojan-activity;sid:84540847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677745)"; flow:established,from_client; content:"GET"; http_method; content:"/fzw7v0lnth.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"6l.ussn7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677745/; classtype:trojan-activity;sid:84540845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677746)"; flow:established,from_client; content:"GET"; http_method; content:"/bsw.google|3f|t=5ekpb5bt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"t0.llim-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677746/; classtype:trojan-activity;sid:84540846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677744)"; flow:established,from_client; content:"GET"; http_method; content:"/h8sioxhd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t0.llim-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677744/; classtype:trojan-activity;sid:84540844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.89.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677743/; classtype:trojan-activity;sid:84540843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677742)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/d5rq8zr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677742/; classtype:trojan-activity;sid:84540842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.219.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677741/; classtype:trojan-activity;sid:84540841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677740)"; flow:established,from_client; content:"GET"; http_method; content:"/kk057fbgt9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"6l.ussn7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677740/; classtype:trojan-activity;sid:84540840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677739)"; flow:established,from_client; content:"GET"; http_method; content:"/yuh.google|3f|t=cw7ikbpk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"75.fkur-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677739/; classtype:trojan-activity;sid:84540839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.84.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677738/; classtype:trojan-activity;sid:84540838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.57.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677737/; classtype:trojan-activity;sid:84540837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.27.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677736/; classtype:trojan-activity;sid:84540836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677735)"; flow:established,from_client; content:"GET"; http_method; content:"/sh7eau8k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.fkur-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677735/; classtype:trojan-activity;sid:84540835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677734)"; flow:established,from_client; content:"GET"; http_method; content:"/effc16"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"f6.ce1im.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677734/; classtype:trojan-activity;sid:84540834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.104.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677733/; classtype:trojan-activity;sid:84540833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677732)"; flow:established,from_client; content:"GET"; http_method; content:"/vygj3d24zp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pz.ussn7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677732/; classtype:trojan-activity;sid:84540832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677731)"; flow:established,from_client; content:"GET"; http_method; content:"/qj.check|3f|t=q9dmj2ch"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"60.fkur-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677731/; classtype:trojan-activity;sid:84540831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677730)"; flow:established,from_client; content:"GET"; http_method; content:"/tm9.google|3f|t=16mlraeu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dr.fkur-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677730/; classtype:trojan-activity;sid:84540830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677729)"; flow:established,from_client; content:"GET"; http_method; content:"/1ydgye4uvo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"3o.ussn7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677729/; classtype:trojan-activity;sid:84540829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.122.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677728/; classtype:trojan-activity;sid:84540828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.11.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677726/; classtype:trojan-activity;sid:84540826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.205.12.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677727/; classtype:trojan-activity;sid:84540827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677725/; classtype:trojan-activity;sid:84540825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677724)"; flow:established,from_client; content:"GET"; http_method; content:"/h21o03m732.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"3o.ussn7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677724/; classtype:trojan-activity;sid:84540824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677723)"; flow:established,from_client; content:"GET"; http_method; content:"/60.google|3f|t=4em7m2t6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pse.fkur-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677723/; classtype:trojan-activity;sid:84540823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.57.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677722/; classtype:trojan-activity;sid:84540822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677721/; classtype:trojan-activity;sid:84540821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677719)"; flow:established,from_client; content:"GET"; http_method; content:"/gat.check|3f|t=3txf0bpn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qph.fkur-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677719/; classtype:trojan-activity;sid:84540819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677720)"; flow:established,from_client; content:"GET"; http_method; content:"/h3zbw6ezxr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"3o.ussn7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677720/; classtype:trojan-activity;sid:84540820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677718/; classtype:trojan-activity;sid:84540818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677717/; classtype:trojan-activity;sid:84540817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677715)"; flow:established,from_client; content:"GET"; http_method; content:"/fsvy9zuxeu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"eq.ussn7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677715/; classtype:trojan-activity;sid:84540815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677716)"; flow:established,from_client; content:"GET"; http_method; content:"/pqk.check|3f|t=gstufnuz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"i6.kqag-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677716/; classtype:trojan-activity;sid:84540816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.205.12.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677714/; classtype:trojan-activity;sid:84540814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"166.48.10.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677713/; classtype:trojan-activity;sid:84540813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.71.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677712/; classtype:trojan-activity;sid:84540812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677711)"; flow:established,from_client; content:"GET"; http_method; content:"/q5x5ck8s8k.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.ussn7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677711/; classtype:trojan-activity;sid:84540811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677710)"; flow:established,from_client; content:"GET"; http_method; content:"/cij.check|3f|t=s018sdqx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8y.kqag-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677710/; classtype:trojan-activity;sid:84540810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677709)"; flow:established,from_client; content:"GET"; http_method; content:"/nk2hqpobgf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1.ussn7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677709/; classtype:trojan-activity;sid:84540809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677708)"; flow:established,from_client; content:"GET"; http_method; content:"/p0j.google|3f|t=j4fdwksf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7u.kqag-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677708/; classtype:trojan-activity;sid:84540808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.233.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677706/; classtype:trojan-activity;sid:84540806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.71.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677707/; classtype:trojan-activity;sid:84540807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677705)"; flow:established,from_client; content:"GET"; http_method; content:"/f8.check|3f|t=fldlvee0"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zo.kqag-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677705/; classtype:trojan-activity;sid:84540805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677704)"; flow:established,from_client; content:"GET"; http_method; content:"/9ixc2k520v.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j9pd.0-9pr.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677704/; classtype:trojan-activity;sid:84540804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677703)"; flow:established,from_client; content:"GET"; http_method; content:"/8aem6m74"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zo.kqag-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677703/; classtype:trojan-activity;sid:84540803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677702)"; flow:established,from_client; content:"GET"; http_method; content:"/effc16"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"f6.b-18a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677702/; classtype:trojan-activity;sid:84540802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.178.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677701/; classtype:trojan-activity;sid:84540801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.171.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677700/; classtype:trojan-activity;sid:84540800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677699)"; flow:established,from_client; content:"GET"; http_method; content:"/hrcg7udd1w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0wf.0-9pr.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677699/; classtype:trojan-activity;sid:84540799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677698)"; flow:established,from_client; content:"GET"; http_method; content:"/55p.check|3f|t=ik0nnmn7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q8.kqag-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677698/; classtype:trojan-activity;sid:84540798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.48.10.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677697/; classtype:trojan-activity;sid:84540797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.73.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677696/; classtype:trojan-activity;sid:84540796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.111.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677695/; classtype:trojan-activity;sid:84540795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.92.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677694/; classtype:trojan-activity;sid:84540794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677693)"; flow:established,from_client; content:"GET"; http_method; content:"/22dmhgzgit.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0wf.0-9pr.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677693/; classtype:trojan-activity;sid:84540793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677692)"; flow:established,from_client; content:"GET"; http_method; content:"/diu.google|3f|t=8ntcsf8o"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5n.kqag-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677692/; classtype:trojan-activity;sid:84540792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677691)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677691/; classtype:trojan-activity;sid:84540791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677689)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677689/; classtype:trojan-activity;sid:84540789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677690)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677690/; classtype:trojan-activity;sid:84540790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.212.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677688/; classtype:trojan-activity;sid:84540788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.179.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677687/; classtype:trojan-activity;sid:84540787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677680)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677680/; classtype:trojan-activity;sid:84540780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677681)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677681/; classtype:trojan-activity;sid:84540781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677682)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677682/; classtype:trojan-activity;sid:84540782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677683)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677683/; classtype:trojan-activity;sid:84540783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677684)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677684/; classtype:trojan-activity;sid:84540784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677685)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677685/; classtype:trojan-activity;sid:84540785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.224.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677686/; classtype:trojan-activity;sid:84540786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677674)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677674/; classtype:trojan-activity;sid:84540774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.167.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677675/; classtype:trojan-activity;sid:84540775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.168.0.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677676/; classtype:trojan-activity;sid:84540776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677677/; classtype:trojan-activity;sid:84540777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.216.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677678/; classtype:trojan-activity;sid:84540778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.56.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677679/; classtype:trojan-activity;sid:84540779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.129.211.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677669/; classtype:trojan-activity;sid:84540769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677670)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677670/; classtype:trojan-activity;sid:84540770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677671)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677671/; classtype:trojan-activity;sid:84540771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677672)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677672/; classtype:trojan-activity;sid:84540772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677673)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677673/; classtype:trojan-activity;sid:84540773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677661)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677661/; classtype:trojan-activity;sid:84540761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677662/; classtype:trojan-activity;sid:84540762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677663)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677663/; classtype:trojan-activity;sid:84540763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677664)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677664/; classtype:trojan-activity;sid:84540764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677665)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677665/; classtype:trojan-activity;sid:84540765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677666)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677666/; classtype:trojan-activity;sid:84540766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677667)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677667/; classtype:trojan-activity;sid:84540767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677668)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677668/; classtype:trojan-activity;sid:84540768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677658/; classtype:trojan-activity;sid:84540758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677659/; classtype:trojan-activity;sid:84540759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677660/; classtype:trojan-activity;sid:84540760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi714278.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677657/; classtype:trojan-activity;sid:84540757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677656/; classtype:trojan-activity;sid:84540756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677654/; classtype:trojan-activity;sid:84540754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677655/; classtype:trojan-activity;sid:84540755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677652/; classtype:trojan-activity;sid:84540752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677653/; classtype:trojan-activity;sid:84540753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677646/; classtype:trojan-activity;sid:84540746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677647/; classtype:trojan-activity;sid:84540747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677648/; classtype:trojan-activity;sid:84540748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677649/; classtype:trojan-activity;sid:84540749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677650)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677650/; classtype:trojan-activity;sid:84540750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.163.176.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677651/; classtype:trojan-activity;sid:84540751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.88.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677645/; classtype:trojan-activity;sid:84540745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677644)"; flow:established,from_client; content:"GET"; http_method; content:"/wr27guynhw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z5kb.0-9pr.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677644/; classtype:trojan-activity;sid:84540744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677643)"; flow:established,from_client; content:"GET"; http_method; content:"/usg.google|3f|t=8olhonjv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ff0.kqag-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677643/; classtype:trojan-activity;sid:84540743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.242.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677642/; classtype:trojan-activity;sid:84540742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677641)"; flow:established,from_client; content:"GET"; http_method; content:"/lz4bjhz43g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z5kb.0-9pr.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677641/; classtype:trojan-activity;sid:84540741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677640)"; flow:established,from_client; content:"GET"; http_method; content:"/t63.check|3f|t=9p5shesh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vg.plig-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677640/; classtype:trojan-activity;sid:84540740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.111.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677639/; classtype:trojan-activity;sid:84540739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.73.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677638/; classtype:trojan-activity;sid:84540738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.92.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677637/; classtype:trojan-activity;sid:84540737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677636)"; flow:established,from_client; content:"GET"; http_method; content:"/wiww0f0dtv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c4tz.0-9pr.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677636/; classtype:trojan-activity;sid:84540736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677635)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677635/; classtype:trojan-activity;sid:84540735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677625)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677625/; classtype:trojan-activity;sid:84540725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677626)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677626/; classtype:trojan-activity;sid:84540726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677627/; classtype:trojan-activity;sid:84540727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677628)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677628/; classtype:trojan-activity;sid:84540728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677629)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677629/; classtype:trojan-activity;sid:84540729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677630)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677630/; classtype:trojan-activity;sid:84540730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677631)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677631/; classtype:trojan-activity;sid:84540731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677632/; classtype:trojan-activity;sid:84540732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677633/; classtype:trojan-activity;sid:84540733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677634/; classtype:trojan-activity;sid:84540734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677624)"; flow:established,from_client; content:"GET"; http_method; content:"/8h.google|3f|t=72vruwss"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ok.plig-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677624/; classtype:trojan-activity;sid:84540724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.242.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677623/; classtype:trojan-activity;sid:84540723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677622)"; flow:established,from_client; content:"GET"; http_method; content:"/xxig0yxgqx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r7nc.0-9pr.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677622/; classtype:trojan-activity;sid:84540722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677621)"; flow:established,from_client; content:"GET"; http_method; content:"/63.google|3f|t=6fjr8dv7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ig.plig-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677621/; classtype:trojan-activity;sid:84540721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.32.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677620/; classtype:trojan-activity;sid:84540720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677619)"; flow:established,from_client; content:"GET"; http_method; content:"/app.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"145614.spottedhatless.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677619/; classtype:trojan-activity;sid:84540719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677618)"; flow:established,from_client; content:"GET"; http_method; content:"/k0r19cxqvo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h2dp.7-5xc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677618/; classtype:trojan-activity;sid:84540718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677617)"; flow:established,from_client; content:"GET"; http_method; content:"/1i2.google|3f|t=l7sjdgbc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wnn.plig-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677617/; classtype:trojan-activity;sid:84540717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677615)"; flow:established,from_client; content:"GET"; http_method; content:"/mp.check|3f|t=6pgdhs1f"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"q9.plig-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677615/; classtype:trojan-activity;sid:84540715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677616)"; flow:established,from_client; content:"GET"; http_method; content:"/43pm6onklv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1mz.7-5xc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677616/; classtype:trojan-activity;sid:84540716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677614)"; flow:established,from_client; content:"GET"; http_method; content:"/td.check|3f|t=ewr71r4n"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nc.plig-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677614/; classtype:trojan-activity;sid:84540714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677613)"; flow:established,from_client; content:"GET"; http_method; content:"/npf0r5pz2w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1mz.7-5xc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677613/; classtype:trojan-activity;sid:84540713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677612)"; flow:established,from_client; content:"GET"; http_method; content:"/09s.google|3f|t=wia3dn8l"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"er.plig-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677612/; classtype:trojan-activity;sid:84540712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.226.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677611/; classtype:trojan-activity;sid:84540711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677610)"; flow:established,from_client; content:"GET"; http_method; content:"/cyzbvyd875.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l8qg.7-5xc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677610/; classtype:trojan-activity;sid:84540710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.214.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677609/; classtype:trojan-activity;sid:84540709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677608)"; flow:established,from_client; content:"GET"; http_method; content:"/zmumod81dr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l8qg.7-5xc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677608/; classtype:trojan-activity;sid:84540708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677607)"; flow:established,from_client; content:"GET"; http_method; content:"/yfp.google|3f|t=9dmbmhvb"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"s3.bvum-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677607/; classtype:trojan-activity;sid:84540707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.80.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677606/; classtype:trojan-activity;sid:84540706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.124.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677605/; classtype:trojan-activity;sid:84540705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.51.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677604/; classtype:trojan-activity;sid:84540704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.79.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677603/; classtype:trojan-activity;sid:84540703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677602)"; flow:established,from_client; content:"GET"; http_method; content:"/pve6njqcne.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t3wp.7-5xc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677602/; classtype:trojan-activity;sid:84540702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677601)"; flow:established,from_client; content:"GET"; http_method; content:"/48p.check|3f|t=jj37en20"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8k.bvum-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677601/; classtype:trojan-activity;sid:84540701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.3.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677600/; classtype:trojan-activity;sid:84540700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677599)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1760829628/khe9p36.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677599/; classtype:trojan-activity;sid:84540699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677598)"; flow:established,from_client; content:"GET"; http_method; content:"/ylu.check|3f|t=m4eixsig"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9n.bvum-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677598/; classtype:trojan-activity;sid:84540698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677597)"; flow:established,from_client; content:"GET"; http_method; content:"/qdy8r95itp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p9at.7-5xc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677597/; classtype:trojan-activity;sid:84540697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.79.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677596/; classtype:trojan-activity;sid:84540696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677595)"; flow:established,from_client; content:"GET"; http_method; content:"/t30sjfnxra.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v6yu.7-5xc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677595/; classtype:trojan-activity;sid:84540695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677594)"; flow:established,from_client; content:"GET"; http_method; content:"/ohp.google|3f|t=001424j0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fk8.bvum-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677594/; classtype:trojan-activity;sid:84540694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.80.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677593/; classtype:trojan-activity;sid:84540693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.51.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677592/; classtype:trojan-activity;sid:84540692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677591)"; flow:established,from_client; content:"GET"; http_method; content:"/7brkhezi71.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v6yu.7-5xc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677591/; classtype:trojan-activity;sid:84540691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677590)"; flow:established,from_client; content:"GET"; http_method; content:"/tn7.check|3f|t=932dgdjr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iiu.bvum-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677590/; classtype:trojan-activity;sid:84540690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.3.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677589/; classtype:trojan-activity;sid:84540689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.181.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677588/; classtype:trojan-activity;sid:84540688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677587/; classtype:trojan-activity;sid:84540687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677585)"; flow:established,from_client; content:"GET"; http_method; content:"/w1h.google|3f|t=xduhgi77"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2h.bvum-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677585/; classtype:trojan-activity;sid:84540685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677586)"; flow:established,from_client; content:"GET"; http_method; content:"/emyzmw7agu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sx88.6-3tm.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677586/; classtype:trojan-activity;sid:84540686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677584)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677584/; classtype:trojan-activity;sid:84540684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677583)"; flow:established,from_client; content:"GET"; http_method; content:"/k"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677583/; classtype:trojan-activity;sid:84540683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677582)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677582/; classtype:trojan-activity;sid:84540682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677581)"; flow:established,from_client; content:"GET"; http_method; content:"/9dw1e6s8ju.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f4zj.6-3tm.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677581/; classtype:trojan-activity;sid:84540681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677580)"; flow:established,from_client; content:"GET"; http_method; content:"/c2.google|3f|t=0tbpz6vi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y6w.bvum-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677580/; classtype:trojan-activity;sid:84540680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.17.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677579/; classtype:trojan-activity;sid:84540679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677578)"; flow:established,from_client; content:"GET"; http_method; content:"/c2.google|3f|t=fgsquqia"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y6w.bvum-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677578/; classtype:trojan-activity;sid:84540678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677577)"; flow:established,from_client; content:"GET"; http_method; content:"/lv5eaxa3hr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f4zj.6-3tm.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677577/; classtype:trojan-activity;sid:84540677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.217.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677576/; classtype:trojan-activity;sid:84540676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677575)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677575/; classtype:trojan-activity;sid:84540675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677574)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677574/; classtype:trojan-activity;sid:84540674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677572)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677572/; classtype:trojan-activity;sid:84540672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677573)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677573/; classtype:trojan-activity;sid:84540673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677571)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677571/; classtype:trojan-activity;sid:84540671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677570)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sparc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677570/; classtype:trojan-activity;sid:84540670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677560)"; flow:established,from_client; content:"GET"; http_method; content:"/main_i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677560/; classtype:trojan-activity;sid:84540660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677561)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677561/; classtype:trojan-activity;sid:84540661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677562)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677562/; classtype:trojan-activity;sid:84540662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677563)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677563/; classtype:trojan-activity;sid:84540663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677564)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677564/; classtype:trojan-activity;sid:84540664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677565)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677565/; classtype:trojan-activity;sid:84540665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677566)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677566/; classtype:trojan-activity;sid:84540666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677567)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677567/; classtype:trojan-activity;sid:84540667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677568)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677568/; classtype:trojan-activity;sid:84540668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677569)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677569/; classtype:trojan-activity;sid:84540669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677559)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677559/; classtype:trojan-activity;sid:84540659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677557)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.i468"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677557/; classtype:trojan-activity;sid:84540657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677558)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677558/; classtype:trojan-activity;sid:84540658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677556)"; flow:established,from_client; content:"GET"; http_method; content:"/main_i468"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.141.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677556/; classtype:trojan-activity;sid:84540656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677549)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677549/; classtype:trojan-activity;sid:84540649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677550)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677550/; classtype:trojan-activity;sid:84540650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677551)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.i686"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677551/; classtype:trojan-activity;sid:84540651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677552)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677552/; classtype:trojan-activity;sid:84540652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677553)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677553/; classtype:trojan-activity;sid:84540653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677554)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677554/; classtype:trojan-activity;sid:84540654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677555)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677555/; classtype:trojan-activity;sid:84540655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677546)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677546/; classtype:trojan-activity;sid:84540646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677547)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677547/; classtype:trojan-activity;sid:84540647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677548)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677548/; classtype:trojan-activity;sid:84540648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.2.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677545/; classtype:trojan-activity;sid:84540645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.208.44.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677543/; classtype:trojan-activity;sid:84540643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.56.68.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677544/; classtype:trojan-activity;sid:84540644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677542/; classtype:trojan-activity;sid:84540642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677540)"; flow:established,from_client; content:"GET"; http_method; content:"/wycn9zjuhk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w12q.6-3tm.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677540/; classtype:trojan-activity;sid:84540640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677541)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677541/; classtype:trojan-activity;sid:84540641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677539)"; flow:established,from_client; content:"GET"; http_method; content:"/u2g.check|3f|t=lwv646pj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"624.zzax-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677539/; classtype:trojan-activity;sid:84540639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677538)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677538/; classtype:trojan-activity;sid:84540638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677537)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677537/; classtype:trojan-activity;sid:84540637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677536)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677536/; classtype:trojan-activity;sid:84540636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677534)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677534/; classtype:trojan-activity;sid:84540634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677535)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677535/; classtype:trojan-activity;sid:84540635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677533)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677533/; classtype:trojan-activity;sid:84540633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677532)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677532/; classtype:trojan-activity;sid:84540632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677531)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677531/; classtype:trojan-activity;sid:84540631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677530)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677530/; classtype:trojan-activity;sid:84540630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677529)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677529/; classtype:trojan-activity;sid:84540629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677528)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677528/; classtype:trojan-activity;sid:84540628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677527)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677527/; classtype:trojan-activity;sid:84540627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677525)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677525/; classtype:trojan-activity;sid:84540625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677526)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677526/; classtype:trojan-activity;sid:84540626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677524)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677524/; classtype:trojan-activity;sid:84540624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677523)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677523/; classtype:trojan-activity;sid:84540623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677522)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677522/; classtype:trojan-activity;sid:84540622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677520)"; flow:established,from_client; content:"GET"; http_method; content:"/1634577654/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677520/; classtype:trojan-activity;sid:84540620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677521/; classtype:trojan-activity;sid:84540621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677519)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677519/; classtype:trojan-activity;sid:84540619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677518)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677518/; classtype:trojan-activity;sid:84540618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677516)"; flow:established,from_client; content:"GET"; http_method; content:"/dls/grep80"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677516/; classtype:trojan-activity;sid:84540616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677517)"; flow:established,from_client; content:"GET"; http_method; content:"/1634426553/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677517/; classtype:trojan-activity;sid:84540617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.193.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677515/; classtype:trojan-activity;sid:84540615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677514)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677514/; classtype:trojan-activity;sid:84540614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677513/; classtype:trojan-activity;sid:84540613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677512)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677512/; classtype:trojan-activity;sid:84540612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677510)"; flow:established,from_client; content:"GET"; http_method; content:"/sm"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677510/; classtype:trojan-activity;sid:84540610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.238.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677511/; classtype:trojan-activity;sid:84540611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677508)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677508/; classtype:trojan-activity;sid:84540608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677509)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677509/; classtype:trojan-activity;sid:84540609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677507)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677507/; classtype:trojan-activity;sid:84540607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677506)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677506/; classtype:trojan-activity;sid:84540606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677503)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677503/; classtype:trojan-activity;sid:84540603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677504)"; flow:established,from_client; content:"GET"; http_method; content:"/c/qq1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nexpal.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677504/; classtype:trojan-activity;sid:84540604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677505)"; flow:established,from_client; content:"GET"; http_method; content:"/upload.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.117.91.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677505/; classtype:trojan-activity;sid:84540605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.64.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677501/; classtype:trojan-activity;sid:84540601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677502)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677502/; classtype:trojan-activity;sid:84540602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677497)"; flow:established,from_client; content:"GET"; http_method; content:"/all"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677497/; classtype:trojan-activity;sid:84540597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677498)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677498/; classtype:trojan-activity;sid:84540598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.218.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677499/; classtype:trojan-activity;sid:84540599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.218.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677500/; classtype:trojan-activity;sid:84540600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677496)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677496/; classtype:trojan-activity;sid:84540596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677494)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677494/; classtype:trojan-activity;sid:84540594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677495)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677495/; classtype:trojan-activity;sid:84540595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677491)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677491/; classtype:trojan-activity;sid:84540591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677492)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677492/; classtype:trojan-activity;sid:84540592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677493)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"151.242.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677493/; classtype:trojan-activity;sid:84540593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.203.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677487/; classtype:trojan-activity;sid:84540587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677488)"; flow:established,from_client; content:"GET"; http_method; content:"/c/qq2"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nexpal.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677488/; classtype:trojan-activity;sid:84540588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677489)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677489/; classtype:trojan-activity;sid:84540589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677490)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677490/; classtype:trojan-activity;sid:84540590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677484)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677484/; classtype:trojan-activity;sid:84540584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.149.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677485/; classtype:trojan-activity;sid:84540585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677486)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677486/; classtype:trojan-activity;sid:84540586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677482)"; flow:established,from_client; content:"GET"; http_method; content:"/c/ak1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nexpal.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677482/; classtype:trojan-activity;sid:84540582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677483)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677483/; classtype:trojan-activity;sid:84540583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677477)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677477/; classtype:trojan-activity;sid:84540577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677478)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/dlr_arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677478/; classtype:trojan-activity;sid:84540578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677479)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677479/; classtype:trojan-activity;sid:84540579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677480)"; flow:established,from_client; content:"GET"; http_method; content:"/karm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677480/; classtype:trojan-activity;sid:84540580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677481)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677481/; classtype:trojan-activity;sid:84540581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677472)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677472/; classtype:trojan-activity;sid:84540572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677473)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677473/; classtype:trojan-activity;sid:84540573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677474)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677474/; classtype:trojan-activity;sid:84540574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677475)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677475/; classtype:trojan-activity;sid:84540575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677476)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677476/; classtype:trojan-activity;sid:84540576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677467)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677467/; classtype:trojan-activity;sid:84540567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.218.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677468/; classtype:trojan-activity;sid:84540568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677469)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/dlr_mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677469/; classtype:trojan-activity;sid:84540569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677470)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677470/; classtype:trojan-activity;sid:84540570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677471)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677471/; classtype:trojan-activity;sid:84540571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677466)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677466/; classtype:trojan-activity;sid:84540566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677457)"; flow:established,from_client; content:"GET"; http_method; content:"/lil"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677457/; classtype:trojan-activity;sid:84540557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677458)"; flow:established,from_client; content:"GET"; http_method; content:"/ww.check|3f|t=d29tzkbg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"jv.zzax-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677458/; classtype:trojan-activity;sid:84540558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677459)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677459/; classtype:trojan-activity;sid:84540559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.218.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677460/; classtype:trojan-activity;sid:84540560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677461)"; flow:established,from_client; content:"GET"; http_method; content:"/q"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677461/; classtype:trojan-activity;sid:84540561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677462)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677462/; classtype:trojan-activity;sid:84540562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677463)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677463/; classtype:trojan-activity;sid:84540563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677464)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677464/; classtype:trojan-activity;sid:84540564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677465)"; flow:established,from_client; content:"GET"; http_method; content:"/wt"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677465/; classtype:trojan-activity;sid:84540565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677450)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677450/; classtype:trojan-activity;sid:84540550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677451)"; flow:established,from_client; content:"GET"; http_method; content:"/c/qq4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nexpal.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677451/; classtype:trojan-activity;sid:84540551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677452)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677452/; classtype:trojan-activity;sid:84540552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677453)"; flow:established,from_client; content:"GET"; http_method; content:"/dv"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677453/; classtype:trojan-activity;sid:84540553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677454)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677454/; classtype:trojan-activity;sid:84540554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677455)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677455/; classtype:trojan-activity;sid:84540555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677456)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677456/; classtype:trojan-activity;sid:84540556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677446)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677446/; classtype:trojan-activity;sid:84540546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677447)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677447/; classtype:trojan-activity;sid:84540547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677448)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677448/; classtype:trojan-activity;sid:84540548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677449)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677449/; classtype:trojan-activity;sid:84540549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677444)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677444/; classtype:trojan-activity;sid:84540544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677445)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677445/; classtype:trojan-activity;sid:84540545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677443)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677443/; classtype:trojan-activity;sid:84540543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677436)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677436/; classtype:trojan-activity;sid:84540536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677437)"; flow:established,from_client; content:"GET"; http_method; content:"/update/vdataupdate.arc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677437/; classtype:trojan-activity;sid:84540537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677438)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677438/; classtype:trojan-activity;sid:84540538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677439)"; flow:established,from_client; content:"GET"; http_method; content:"/karm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677439/; classtype:trojan-activity;sid:84540539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677440)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677440/; classtype:trojan-activity;sid:84540540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677441)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677441/; classtype:trojan-activity;sid:84540541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677442)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677442/; classtype:trojan-activity;sid:84540542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677431)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/dlr_x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677431/; classtype:trojan-activity;sid:84540531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677432)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677432/; classtype:trojan-activity;sid:84540532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677433)"; flow:established,from_client; content:"GET"; http_method; content:"/d04bumhyuf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9uw.6-3tm.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677433/; classtype:trojan-activity;sid:84540533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677434)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677434/; classtype:trojan-activity;sid:84540534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677435)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2847209.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677435/; classtype:trojan-activity;sid:84540535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677421)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677421/; classtype:trojan-activity;sid:84540521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677422)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677422/; classtype:trojan-activity;sid:84540522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677423)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677423/; classtype:trojan-activity;sid:84540523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677424)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677424/; classtype:trojan-activity;sid:84540524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677425)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677425/; classtype:trojan-activity;sid:84540525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677426)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677426/; classtype:trojan-activity;sid:84540526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677427)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677427/; classtype:trojan-activity;sid:84540527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677428)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677428/; classtype:trojan-activity;sid:84540528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677429)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677429/; classtype:trojan-activity;sid:84540529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677430)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677430/; classtype:trojan-activity;sid:84540530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677418)"; flow:established,from_client; content:"GET"; http_method; content:"/razor.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.128.189.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677418/; classtype:trojan-activity;sid:84540518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677419)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677419/; classtype:trojan-activity;sid:84540519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677420)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677420/; classtype:trojan-activity;sid:84540520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677417)"; flow:established,from_client; content:"GET"; http_method; content:"/c/qq3"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nexpal.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677417/; classtype:trojan-activity;sid:84540517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677416)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677416/; classtype:trojan-activity;sid:84540516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677415)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/dlr_mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677415/; classtype:trojan-activity;sid:84540515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677414)"; flow:established,from_client; content:"GET"; http_method; content:"/razor.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677414/; classtype:trojan-activity;sid:84540514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677413)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse.aspx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.37.123.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677413/; classtype:trojan-activity;sid:84540513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677412)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677412/; classtype:trojan-activity;sid:84540512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677407)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677407/; classtype:trojan-activity;sid:84540507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677408)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677408/; classtype:trojan-activity;sid:84540508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677409)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677409/; classtype:trojan-activity;sid:84540509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677410)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677410/; classtype:trojan-activity;sid:84540510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677411)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677411/; classtype:trojan-activity;sid:84540511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677404/; classtype:trojan-activity;sid:84540504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677405)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677405/; classtype:trojan-activity;sid:84540505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677406)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677406/; classtype:trojan-activity;sid:84540506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677402)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/dlr_x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677402/; classtype:trojan-activity;sid:84540502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677403)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/dlr_arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677403/; classtype:trojan-activity;sid:84540503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677398)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.175.23.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677398/; classtype:trojan-activity;sid:84540498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677399)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677399/; classtype:trojan-activity;sid:84540499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677400)"; flow:established,from_client; content:"GET"; http_method; content:"/r4z0r.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677400/; classtype:trojan-activity;sid:84540500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677401)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677401/; classtype:trojan-activity;sid:84540501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677397)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ec2-47-128-189-30.ap-southeast-1.compute.amazonaws.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677397/; classtype:trojan-activity;sid:84540497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.208.44.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677396/; classtype:trojan-activity;sid:84540496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.56.68.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677395/; classtype:trojan-activity;sid:84540495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677394)"; flow:established,from_client; content:"GET"; http_method; content:"/o40k6gon4z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9uw.6-3tm.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677394/; classtype:trojan-activity;sid:84540494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677393)"; flow:established,from_client; content:"GET"; http_method; content:"/6jvsiwlst2.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"qq7.wqix5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677393/; classtype:trojan-activity;sid:84540493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677391)"; flow:established,from_client; content:"GET"; http_method; content:"/j77raf0l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1f.zzax-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677391/; classtype:trojan-activity;sid:84540491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677392)"; flow:established,from_client; content:"GET"; http_method; content:"/rm8.google|3f|t=g68d4un3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"1f.zzax-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677392/; classtype:trojan-activity;sid:84540492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.64.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677390/; classtype:trojan-activity;sid:84540490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677389)"; flow:established,from_client; content:"GET"; http_method; content:"/ucwz4rpd7d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m3qf.6-3tm.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677389/; classtype:trojan-activity;sid:84540489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677388)"; flow:established,from_client; content:"GET"; http_method; content:"/82n.check|3f|t=6ab9wj61"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s4f.zzax-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677388/; classtype:trojan-activity;sid:84540488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.199.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677387/; classtype:trojan-activity;sid:84540487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.86.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677386/; classtype:trojan-activity;sid:84540486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.123.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677385/; classtype:trojan-activity;sid:84540485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677384)"; flow:established,from_client; content:"GET"; http_method; content:"/0zb18uqlna.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"7ue.wqix5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677384/; classtype:trojan-activity;sid:84540484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677383)"; flow:established,from_client; content:"GET"; http_method; content:"/lm65r2zw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.zzax-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677383/; classtype:trojan-activity;sid:84540483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677382)"; flow:established,from_client; content:"GET"; http_method; content:"/5vh8muw0os.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t5vp.0-1gc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677382/; classtype:trojan-activity;sid:84540482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677381)"; flow:established,from_client; content:"GET"; http_method; content:"/y6q.check|3f|t=rarscgvk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"59.zzax-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677381/; classtype:trojan-activity;sid:84540481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.226.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677380/; classtype:trojan-activity;sid:84540480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677379)"; flow:established,from_client; content:"GET"; http_method; content:"/464i7pby08.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t5vp.0-1gc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677379/; classtype:trojan-activity;sid:84540479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677378)"; flow:established,from_client; content:"GET"; http_method; content:"/44n.google|3f|t=2a12xtb9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q77.zzax-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677378/; classtype:trojan-activity;sid:84540478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.27.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677377/; classtype:trojan-activity;sid:84540477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677376)"; flow:established,from_client; content:"GET"; http_method; content:"/z9po5u8a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q77.zzax-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677376/; classtype:trojan-activity;sid:84540476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677375)"; flow:established,from_client; content:"GET"; http_method; content:"/su26zefnsw.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"gkh.wqix5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677375/; classtype:trojan-activity;sid:84540475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677374/; classtype:trojan-activity;sid:84540474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677373)"; flow:established,from_client; content:"GET"; http_method; content:"/vj60bups2n.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"gkh.wqix5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677373/; classtype:trojan-activity;sid:84540473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677371)"; flow:established,from_client; content:"GET"; http_method; content:"/af781oxitp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d7qy.0-1gc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677371/; classtype:trojan-activity;sid:84540471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677372)"; flow:established,from_client; content:"GET"; http_method; content:"/kn06wowt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vb.kpyw-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677372/; classtype:trojan-activity;sid:84540472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677370)"; flow:established,from_client; content:"GET"; http_method; content:"/k83.check|3f|t=i541qgvv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vb.kpyw-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677370/; classtype:trojan-activity;sid:84540470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.137.30.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677369/; classtype:trojan-activity;sid:84540469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.86.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677368/; classtype:trojan-activity;sid:84540468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677367)"; flow:established,from_client; content:"GET"; http_method; content:"/9y.check|3f|t=om6l2bbq"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zb.kpyw-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677367/; classtype:trojan-activity;sid:84540467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677366)"; flow:established,from_client; content:"GET"; http_method; content:"/yv7gqd8wox.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y1md.0-1gc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677366/; classtype:trojan-activity;sid:84540466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.148.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677365/; classtype:trojan-activity;sid:84540465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677364/; classtype:trojan-activity;sid:84540464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677363)"; flow:established,from_client; content:"GET"; http_method; content:"/6vvicrv5l9.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1rs.wqix5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677363/; classtype:trojan-activity;sid:84540463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677362)"; flow:established,from_client; content:"GET"; http_method; content:"/5x4k95ag"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t84.kpyw-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677362/; classtype:trojan-activity;sid:84540462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677361)"; flow:established,from_client; content:"GET"; http_method; content:"/li7502lrmi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y1md.0-1gc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677361/; classtype:trojan-activity;sid:84540461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677360)"; flow:established,from_client; content:"GET"; http_method; content:"/vai.google|3f|t=h0nf1ks9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"t84.kpyw-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677360/; classtype:trojan-activity;sid:84540460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677359)"; flow:established,from_client; content:"GET"; http_method; content:"/anfldxnzmo.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1rs.wqix5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677359/; classtype:trojan-activity;sid:84540459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677358)"; flow:established,from_client; content:"GET"; http_method; content:"/vrof5r3h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vr.kpyw-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677358/; classtype:trojan-activity;sid:84540458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.247.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677357/; classtype:trojan-activity;sid:84540457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677356)"; flow:established,from_client; content:"GET"; http_method; content:"/g3ixczqwp0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rb55.0-1gc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677356/; classtype:trojan-activity;sid:84540456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677355)"; flow:established,from_client; content:"GET"; http_method; content:"/2u.check|3f|t=eal97f39"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vr.kpyw-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677355/; classtype:trojan-activity;sid:84540455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.133.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677354/; classtype:trojan-activity;sid:84540454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677353)"; flow:established,from_client; content:"GET"; http_method; content:"/vn.google|3f|t=dfm2jeel"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nb.kpyw-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677353/; classtype:trojan-activity;sid:84540453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677352)"; flow:established,from_client; content:"GET"; http_method; content:"/6jn9qy394i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rb55.0-1gc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677352/; classtype:trojan-activity;sid:84540452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.189.104.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677351/; classtype:trojan-activity;sid:84540451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677350)"; flow:established,from_client; content:"GET"; http_method; content:"/uu4pokqn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nb.kpyw-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677350/; classtype:trojan-activity;sid:84540450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677349)"; flow:established,from_client; content:"GET"; http_method; content:"/ihwf92720v.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vfn.wqix5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677349/; classtype:trojan-activity;sid:84540449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.102.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677348/; classtype:trojan-activity;sid:84540448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677347)"; flow:established,from_client; content:"GET"; http_method; content:"/e9v.check|3f|t=g4oiy62l"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kx.kpyw-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677347/; classtype:trojan-activity;sid:84540447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677346)"; flow:established,from_client; content:"GET"; http_method; content:"/1lqjwz4kdd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g6tb.0-1gc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677346/; classtype:trojan-activity;sid:84540446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.133.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677345/; classtype:trojan-activity;sid:84540445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677344/; classtype:trojan-activity;sid:84540444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677343)"; flow:established,from_client; content:"GET"; http_method; content:"/cfxcd6kqk2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n8ys.0-1gc.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677343/; classtype:trojan-activity;sid:84540443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677342)"; flow:established,from_client; content:"GET"; http_method; content:"/dnm.check|3f|t=jx6r05qy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"w2.kpyw-8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677342/; classtype:trojan-activity;sid:84540442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.18.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677341/; classtype:trojan-activity;sid:84540441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677340)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6216846624/wsxasls.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677340/; classtype:trojan-activity;sid:84540440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677338)"; flow:established,from_client; content:"GET"; http_method; content:"/files/889380751/mvltlo6.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677338/; classtype:trojan-activity;sid:84540438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677339)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1242384682/f5h0ue6.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677339/; classtype:trojan-activity;sid:84540439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677337)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1663837285/jryhhns.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677337/; classtype:trojan-activity;sid:84540437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.16.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677336/; classtype:trojan-activity;sid:84540436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677335)"; flow:established,from_client; content:"GET"; http_method; content:"/f087389ucf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c3fp.3-2pd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677335/; classtype:trojan-activity;sid:84540435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677334)"; flow:established,from_client; content:"GET"; http_method; content:"/2f.check|3f|t=dm8s6zh1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"907.nmys-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677334/; classtype:trojan-activity;sid:84540434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677333)"; flow:established,from_client; content:"GET"; http_method; content:"/35uwq12khu.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cq.ckyq9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677333/; classtype:trojan-activity;sid:84540433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677332)"; flow:established,from_client; content:"GET"; http_method; content:"/cdat9yoa"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hr5.nmys-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677332/; classtype:trojan-activity;sid:84540432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.107.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677331/; classtype:trojan-activity;sid:84540431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677330)"; flow:established,from_client; content:"GET"; http_method; content:"/zz8rputgmn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zz1a.3-2pd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677330/; classtype:trojan-activity;sid:84540430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677329)"; flow:established,from_client; content:"GET"; http_method; content:"/08.check|3f|t=teg45q2y"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hr5.nmys-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677329/; classtype:trojan-activity;sid:84540429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.76.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677328/; classtype:trojan-activity;sid:84540428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677326/; classtype:trojan-activity;sid:84540426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677327/; classtype:trojan-activity;sid:84540427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677325)"; flow:established,from_client; content:"GET"; http_method; content:"/3vt6a8zaw8.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"lk.ckyq9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677325/; classtype:trojan-activity;sid:84540425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677324)"; flow:established,from_client; content:"GET"; http_method; content:"/rl7nc075"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fd.nmys-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677324/; classtype:trojan-activity;sid:84540424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.18.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677323/; classtype:trojan-activity;sid:84540423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677322)"; flow:established,from_client; content:"GET"; http_method; content:"/gh5npfimrh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ax74.3-2pd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677322/; classtype:trojan-activity;sid:84540422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677321)"; flow:established,from_client; content:"GET"; http_method; content:"/zr.check|3f|t=mizlzrnx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"fd.nmys-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677321/; classtype:trojan-activity;sid:84540421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.10.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677320/; classtype:trojan-activity;sid:84540420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.76.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677319/; classtype:trojan-activity;sid:84540419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.32.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677318/; classtype:trojan-activity;sid:84540418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.16.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677317/; classtype:trojan-activity;sid:84540417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677316)"; flow:established,from_client; content:"GET"; http_method; content:"/d6dx3tir01.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p0qf.3-2pd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677316/; classtype:trojan-activity;sid:84540416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677315)"; flow:established,from_client; content:"GET"; http_method; content:"/dal.google|3f|t=ppuyqai8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fn.nmys-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677315/; classtype:trojan-activity;sid:84540415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.144.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677314/; classtype:trojan-activity;sid:84540414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.77.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677313/; classtype:trojan-activity;sid:84540413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677312)"; flow:established,from_client; content:"GET"; http_method; content:"/99wo05b07d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p0qf.3-2pd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677312/; classtype:trojan-activity;sid:84540412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677311)"; flow:established,from_client; content:"GET"; http_method; content:"/mrl.check|3f|t=wga09glx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"19.nmys-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677311/; classtype:trojan-activity;sid:84540411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.235.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677310/; classtype:trojan-activity;sid:84540410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677309)"; flow:established,from_client; content:"GET"; http_method; content:"/39nyjq28o1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u4xv.3-2pd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677309/; classtype:trojan-activity;sid:84540409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677308)"; flow:established,from_client; content:"GET"; http_method; content:"/cxa.check|3f|t=c2erv9z9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dnm.nmys-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677308/; classtype:trojan-activity;sid:84540408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.32.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677307/; classtype:trojan-activity;sid:84540407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677306/; classtype:trojan-activity;sid:84540406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.46.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677304/; classtype:trojan-activity;sid:84540404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.113.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677305/; classtype:trojan-activity;sid:84540405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677302/; classtype:trojan-activity;sid:84540402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.194.227.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677303/; classtype:trojan-activity;sid:84540403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.248.83.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677299/; classtype:trojan-activity;sid:84540399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677300/; classtype:trojan-activity;sid:84540400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.10.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677301/; classtype:trojan-activity;sid:84540401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.237.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677298/; classtype:trojan-activity;sid:84540398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677297)"; flow:established,from_client; content:"GET"; http_method; content:"/thjul5b07j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h7ln.3-2pd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677297/; classtype:trojan-activity;sid:84540397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677296)"; flow:established,from_client; content:"GET"; http_method; content:"/nf.google|3f|t=c58lveaj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oc6.nmys-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677296/; classtype:trojan-activity;sid:84540396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.152.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677295/; classtype:trojan-activity;sid:84540395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677294/; classtype:trojan-activity;sid:84540394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677293)"; flow:established,from_client; content:"GET"; http_method; content:"/9m.check|3f|t=niymdk7v"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p9e.hpap-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677293/; classtype:trojan-activity;sid:84540393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677292)"; flow:established,from_client; content:"GET"; http_method; content:"/ezrnp7qd59.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vd3j.6-0sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677292/; classtype:trojan-activity;sid:84540392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677291)"; flow:established,from_client; content:"GET"; http_method; content:"/w5r.check|3f|t=lsemi3hy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ye.hpap-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677291/; classtype:trojan-activity;sid:84540391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677290)"; flow:established,from_client; content:"GET"; http_method; content:"/xfpwai93jd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vd3j.6-0sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677290/; classtype:trojan-activity;sid:84540390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.147.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677289/; classtype:trojan-activity;sid:84540389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677287)"; flow:established,from_client; content:"GET"; http_method; content:"/hm4lwppu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ye.hpap-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677287/; classtype:trojan-activity;sid:84540387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677288)"; flow:established,from_client; content:"GET"; http_method; content:"/aifz9kq01k.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zok.ckyq9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677288/; classtype:trojan-activity;sid:84540388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677286)"; flow:established,from_client; content:"GET"; http_method; content:"/ig0d1n2t"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aj.hpap-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677286/; classtype:trojan-activity;sid:84540386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677284)"; flow:established,from_client; content:"GET"; http_method; content:"/5by32ho22i.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"4t.ckyq9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677284/; classtype:trojan-activity;sid:84540384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677285)"; flow:established,from_client; content:"GET"; http_method; content:"/jmzfbk15p9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mt06.6-0sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677285/; classtype:trojan-activity;sid:84540385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677283)"; flow:established,from_client; content:"GET"; http_method; content:"/dp.google|3f|t=h3t6t65p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aj.hpap-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677283/; classtype:trojan-activity;sid:84540383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.18.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677282/; classtype:trojan-activity;sid:84540382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.174.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677281/; classtype:trojan-activity;sid:84540381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677280/; classtype:trojan-activity;sid:84540380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677279)"; flow:established,from_client; content:"GET"; http_method; content:"/lrek1yh8rt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q9px.6-0sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677279/; classtype:trojan-activity;sid:84540379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677278)"; flow:established,from_client; content:"GET"; http_method; content:"/af5.check|3f|t=vi85mzts"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hid.hpap-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677278/; classtype:trojan-activity;sid:84540378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.171.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677277/; classtype:trojan-activity;sid:84540377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.160.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677276/; classtype:trojan-activity;sid:84540376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677275)"; flow:established,from_client; content:"GET"; http_method; content:"/og92c6hlwo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e2rw.6-0sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677275/; classtype:trojan-activity;sid:84540375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677274)"; flow:established,from_client; content:"GET"; http_method; content:"/bbk.check|3f|t=5133b369"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nf.hpap-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677274/; classtype:trojan-activity;sid:84540374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.147.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677273/; classtype:trojan-activity;sid:84540373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677272)"; flow:established,from_client; content:"GET"; http_method; content:"/sv1wf41mco.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xq.ckyq9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677272/; classtype:trojan-activity;sid:84540372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677271)"; flow:established,from_client; content:"GET"; http_method; content:"/bnxh6c7i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nf.hpap-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677271/; classtype:trojan-activity;sid:84540371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677270)"; flow:established,from_client; content:"GET"; http_method; content:"/yy8zie6tuc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ka85.6-0sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677270/; classtype:trojan-activity;sid:84540370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677269)"; flow:established,from_client; content:"GET"; http_method; content:"/m2j.check|3f|t=jvt00dai"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"va.hpap-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677269/; classtype:trojan-activity;sid:84540369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677268)"; flow:established,from_client; content:"GET"; http_method; content:"/pniqiagq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"va.hpap-6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677268/; classtype:trojan-activity;sid:84540368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677267)"; flow:established,from_client; content:"GET"; http_method; content:"/ei0mt449ek.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sf5.ckyq9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677267/; classtype:trojan-activity;sid:84540367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.18.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677266/; classtype:trojan-activity;sid:84540366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677265)"; flow:established,from_client; content:"GET"; http_method; content:"/1gv.check|3f|t=t9w58dro"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"72k.hpap-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677265/; classtype:trojan-activity;sid:84540365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677264)"; flow:established,from_client; content:"GET"; http_method; content:"/ojmgnikj8u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s1oc.6-0sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677264/; classtype:trojan-activity;sid:84540364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677263)"; flow:established,from_client; content:"GET"; http_method; content:"/p3yvw3at"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72k.hpap-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677263/; classtype:trojan-activity;sid:84540363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677262)"; flow:established,from_client; content:"GET"; http_method; content:"/itzr27hmyk.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"py.wqix5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677262/; classtype:trojan-activity;sid:84540362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.174.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677261/; classtype:trojan-activity;sid:84540361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.245.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677260/; classtype:trojan-activity;sid:84540360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677258/; classtype:trojan-activity;sid:84540358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.160.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677259/; classtype:trojan-activity;sid:84540359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.160.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677257/; classtype:trojan-activity;sid:84540357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.171.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677256/; classtype:trojan-activity;sid:84540356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.106.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677255/; classtype:trojan-activity;sid:84540355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.182.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677254/; classtype:trojan-activity;sid:84540354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.191.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677253/; classtype:trojan-activity;sid:84540353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.9.224.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677252/; classtype:trojan-activity;sid:84540352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.32.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677250/; classtype:trojan-activity;sid:84540350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.182.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677251/; classtype:trojan-activity;sid:84540351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.100.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677249/; classtype:trojan-activity;sid:84540349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677248)"; flow:established,from_client; content:"GET"; http_method; content:"/i92czxl5ce.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xkp.rxir9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677248/; classtype:trojan-activity;sid:84540348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677247)"; flow:established,from_client; content:"GET"; http_method; content:"/34uekb3u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dp.sxuj-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677247/; classtype:trojan-activity;sid:84540347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.88.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677246/; classtype:trojan-activity;sid:84540346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.218.232.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677245/; classtype:trojan-activity;sid:84540345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677244)"; flow:established,from_client; content:"GET"; http_method; content:"/ismgg42xx1.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xd5.rxir9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677244/; classtype:trojan-activity;sid:84540344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677243)"; flow:established,from_client; content:"GET"; http_method; content:"/igofj17j"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hwj.sxuj-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677243/; classtype:trojan-activity;sid:84540343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.216.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677242/; classtype:trojan-activity;sid:84540342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677241/; classtype:trojan-activity;sid:84540341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677240)"; flow:established,from_client; content:"GET"; http_method; content:"/kuo8gm5lp9.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xd5.rxir9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677240/; classtype:trojan-activity;sid:84540340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677239)"; flow:established,from_client; content:"GET"; http_method; content:"/d8nkmyyq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"o4k.sxuj-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677239/; classtype:trojan-activity;sid:84540339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677238/; classtype:trojan-activity;sid:84540338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677237)"; flow:established,from_client; content:"GET"; http_method; content:"/9wqz3ypzow.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"po4.rxir9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677237/; classtype:trojan-activity;sid:84540337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677236)"; flow:established,from_client; content:"GET"; http_method; content:"/j0kzwb8h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"35i.sxuj-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677236/; classtype:trojan-activity;sid:84540336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.38.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677235/; classtype:trojan-activity;sid:84540335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.232.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677234/; classtype:trojan-activity;sid:84540334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677233)"; flow:established,from_client; content:"GET"; http_method; content:"/jca.check|3f|t=bdvu8zow"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u9.sxuj-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677233/; classtype:trojan-activity;sid:84540333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677232)"; flow:established,from_client; content:"GET"; http_method; content:"/m7ar37nlz4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jm59.4-5sq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677232/; classtype:trojan-activity;sid:84540332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677231)"; flow:established,from_client; content:"GET"; http_method; content:"/6gv.check|3f|t=69g9ocaa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wj.gtus-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677231/; classtype:trojan-activity;sid:84540331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677230)"; flow:established,from_client; content:"GET"; http_method; content:"/ndyr004pf4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g0nz.4-5sq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677230/; classtype:trojan-activity;sid:84540330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677229)"; flow:established,from_client; content:"GET"; http_method; content:"/384vm2ay"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wj.gtus-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677229/; classtype:trojan-activity;sid:84540329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677228)"; flow:established,from_client; content:"GET"; http_method; content:"/fmoakg00kl.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"3x.rxir9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677228/; classtype:trojan-activity;sid:84540328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.216.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677227/; classtype:trojan-activity;sid:84540327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.163.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677226/; classtype:trojan-activity;sid:84540326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677225)"; flow:established,from_client; content:"GET"; http_method; content:"/yny6tj5oxx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g0nz.4-5sq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677225/; classtype:trojan-activity;sid:84540325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677224)"; flow:established,from_client; content:"GET"; http_method; content:"/ozc.google|3f|t=buemi4nd"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"4c.gtus-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677224/; classtype:trojan-activity;sid:84540324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677223/; classtype:trojan-activity;sid:84540323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677222)"; flow:established,from_client; content:"GET"; http_method; content:"/2he2iqk7s2.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ug.rxir9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677222/; classtype:trojan-activity;sid:84540322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677221)"; flow:established,from_client; content:"GET"; http_method; content:"/hb69c9sp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4c.gtus-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677221/; classtype:trojan-activity;sid:84540321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677220)"; flow:established,from_client; content:"GET"; http_method; content:"/neiy7byo9w.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.rxir9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677220/; classtype:trojan-activity;sid:84540320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677219)"; flow:established,from_client; content:"GET"; http_method; content:"/tq7d408s"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"syl.gtus-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677219/; classtype:trojan-activity;sid:84540319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677217)"; flow:established,from_client; content:"GET"; http_method; content:"/678.check|3f|t=w2szohe2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"syl.gtus-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677217/; classtype:trojan-activity;sid:84540317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677218)"; flow:established,from_client; content:"GET"; http_method; content:"/5m0xfkqcam.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2cy.4-5sq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677218/; classtype:trojan-activity;sid:84540318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677216)"; flow:established,from_client; content:"GET"; http_method; content:"/40ds91rijb.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5q.ckar4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677216/; classtype:trojan-activity;sid:84540316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677215)"; flow:established,from_client; content:"GET"; http_method; content:"/mkmhekvh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pb.gtus-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677215/; classtype:trojan-activity;sid:84540315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677214)"; flow:established,from_client; content:"GET"; http_method; content:"/yt10o4whp8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lt3c.4-5sq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677214/; classtype:trojan-activity;sid:84540314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677213)"; flow:established,from_client; content:"GET"; http_method; content:"/h2m.check|3f|t=gjq30ro8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pb.gtus-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677213/; classtype:trojan-activity;sid:84540313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677211)"; flow:established,from_client; content:"GET"; http_method; content:"/4qndnrij"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t4.gtus-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677211/; classtype:trojan-activity;sid:84540311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677212)"; flow:established,from_client; content:"GET"; http_method; content:"/ps9wyagtrn.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5q.ckar4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677212/; classtype:trojan-activity;sid:84540312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677210/; classtype:trojan-activity;sid:84540310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677209)"; flow:established,from_client; content:"GET"; http_method; content:"/az2af9s8vy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w9ql.4-5sq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677209/; classtype:trojan-activity;sid:84540309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677208)"; flow:established,from_client; content:"GET"; http_method; content:"/eg.google|3f|t=86gr3t0b"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t4.gtus-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677208/; classtype:trojan-activity;sid:84540308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677207)"; flow:established,from_client; content:"GET"; http_method; content:"/d1.google|3f|t=3462prul"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hs.gtus-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677207/; classtype:trojan-activity;sid:84540307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677206)"; flow:established,from_client; content:"GET"; http_method; content:"/ph8aafhydf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w9ql.4-5sq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677206/; classtype:trojan-activity;sid:84540306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677205)"; flow:established,from_client; content:"GET"; http_method; content:"/n37a713iu9.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"19s.ckar4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677205/; classtype:trojan-activity;sid:84540305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677204)"; flow:established,from_client; content:"GET"; http_method; content:"/2fwq3hp5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tpa.gtus-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677204/; classtype:trojan-activity;sid:84540304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.193.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677203/; classtype:trojan-activity;sid:84540303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677202)"; flow:established,from_client; content:"GET"; http_method; content:"/3d.check|3f|t=7ctlwjbz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tpa.gtus-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677202/; classtype:trojan-activity;sid:84540302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677201)"; flow:established,from_client; content:"GET"; http_method; content:"/epgbf75r0h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f6ue.4-5sq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677201/; classtype:trojan-activity;sid:84540301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677200)"; flow:established,from_client; content:"GET"; http_method; content:"/7p.google|3f|t=4f3wmvrl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yz.dlun-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677200/; classtype:trojan-activity;sid:84540300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677199)"; flow:established,from_client; content:"GET"; http_method; content:"/7elelnnjb8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f6ue.4-5sq.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677199/; classtype:trojan-activity;sid:84540299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677198)"; flow:established,from_client; content:"GET"; http_method; content:"/ywhdpipw28.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"do.ckar4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677198/; classtype:trojan-activity;sid:84540298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677197)"; flow:established,from_client; content:"GET"; http_method; content:"/fcx53dq3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yz.dlun-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677197/; classtype:trojan-activity;sid:84540297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677196)"; flow:established,from_client; content:"GET"; http_method; content:"/kyrr8cwhpv.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9c.ckar4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677196/; classtype:trojan-activity;sid:84540296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677195)"; flow:established,from_client; content:"GET"; http_method; content:"/whznhb2v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b9.dlun-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677195/; classtype:trojan-activity;sid:84540295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677194)"; flow:established,from_client; content:"GET"; http_method; content:"/10kgq99jat.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y3ak.7-5wd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677194/; classtype:trojan-activity;sid:84540294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677193)"; flow:established,from_client; content:"GET"; http_method; content:"/rj.google|3f|t=o4mgoydn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b9.dlun-7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677193/; classtype:trojan-activity;sid:84540293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677192)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677192/; classtype:trojan-activity;sid:84540292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.230.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677191/; classtype:trojan-activity;sid:84540291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677186)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677186/; classtype:trojan-activity;sid:84540286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677187)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677187/; classtype:trojan-activity;sid:84540287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677188)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677188/; classtype:trojan-activity;sid:84540288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677189)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677189/; classtype:trojan-activity;sid:84540289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677190)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677190/; classtype:trojan-activity;sid:84540290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677185)"; flow:established,from_client; content:"GET"; http_method; content:"/lu7rzsmi96.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9c.ckar4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677185/; classtype:trojan-activity;sid:84540285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677184)"; flow:established,from_client; content:"GET"; http_method; content:"/699gixh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3w5.dlun-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677184/; classtype:trojan-activity;sid:84540284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677183)"; flow:established,from_client; content:"GET"; http_method; content:"/wnnmj4jdan.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zn5e.7-5wd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677183/; classtype:trojan-activity;sid:84540283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677182)"; flow:established,from_client; content:"GET"; http_method; content:"/kk.check|3f|t=xdrnwd5x"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"3w5.dlun-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677182/; classtype:trojan-activity;sid:84540282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677181)"; flow:established,from_client; content:"GET"; http_method; content:"/qyik2e9hwp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p8km.7-5wd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677181/; classtype:trojan-activity;sid:84540281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677180)"; flow:established,from_client; content:"GET"; http_method; content:"/yx.google|3f|t=rfon4v2r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"o5b.dlun-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677180/; classtype:trojan-activity;sid:84540280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677179)"; flow:established,from_client; content:"GET"; http_method; content:"/r8adsf2x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"o5b.dlun-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677179/; classtype:trojan-activity;sid:84540279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677178)"; flow:established,from_client; content:"GET"; http_method; content:"/gpvuxdvcvk.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mn.ckar4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677178/; classtype:trojan-activity;sid:84540278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677177)"; flow:established,from_client; content:"GET"; http_method; content:"/2blizlxzq1.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mn.ckar4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677177/; classtype:trojan-activity;sid:84540277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677176)"; flow:established,from_client; content:"GET"; http_method; content:"/wey4y0rb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0pv.dlun-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677176/; classtype:trojan-activity;sid:84540276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677175)"; flow:established,from_client; content:"GET"; http_method; content:"/2fzpcppfth.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p8km.7-5wd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677175/; classtype:trojan-activity;sid:84540275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677174)"; flow:established,from_client; content:"GET"; http_method; content:"/7r3.check|3f|t=75wrf4o9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0pv.dlun-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677174/; classtype:trojan-activity;sid:84540274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.135.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677173/; classtype:trojan-activity;sid:84540273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677172)"; flow:established,from_client; content:"GET"; http_method; content:"/wsum05k6u7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2vu.7-5wd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677172/; classtype:trojan-activity;sid:84540272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677171)"; flow:established,from_client; content:"GET"; http_method; content:"/bmy.google|3f|t=yru6ttbu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3t6.dlun-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677171/; classtype:trojan-activity;sid:84540271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677170)"; flow:established,from_client; content:"GET"; http_method; content:"/9lep160gpq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"08p.ckar4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677170/; classtype:trojan-activity;sid:84540270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677169)"; flow:established,from_client; content:"GET"; http_method; content:"/szkzh96r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3t6.dlun-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677169/; classtype:trojan-activity;sid:84540269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.213.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677168/; classtype:trojan-activity;sid:84540268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677167)"; flow:established,from_client; content:"GET"; http_method; content:"/be1je82v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3bm.dlun-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677167/; classtype:trojan-activity;sid:84540267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677166)"; flow:established,from_client; content:"GET"; http_method; content:"/eqcd7lqazx.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"08p.ckar4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677166/; classtype:trojan-activity;sid:84540266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677165)"; flow:established,from_client; content:"GET"; http_method; content:"/xkai93ojaz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2vu.7-5wd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677165/; classtype:trojan-activity;sid:84540265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677164)"; flow:established,from_client; content:"GET"; http_method; content:"/fu.google|3f|t=ob9hz799"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3bm.dlun-7.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677164/; classtype:trojan-activity;sid:84540264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677163/; classtype:trojan-activity;sid:84540263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.213.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677162/; classtype:trojan-activity;sid:84540262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.135.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677161/; classtype:trojan-activity;sid:84540261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.109.86.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677160/; classtype:trojan-activity;sid:84540260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677158)"; flow:established,from_client; content:"GET"; http_method; content:"/pwdlwjbqqx.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"f0.wduh8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677158/; classtype:trojan-activity;sid:84540258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677159)"; flow:established,from_client; content:"GET"; http_method; content:"/hq3dot7hcb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq92.7-5wd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677159/; classtype:trojan-activity;sid:84540259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677157)"; flow:established,from_client; content:"GET"; http_method; content:"/5dqcaqds"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ixa.qzad-3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677157/; classtype:trojan-activity;sid:84540257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677156)"; flow:established,from_client; content:"GET"; http_method; content:"/ttq.check|3f|t=v7evmbzv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ixa.qzad-3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677156/; classtype:trojan-activity;sid:84540256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.70.230.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677155/; classtype:trojan-activity;sid:84540255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.101.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677154/; classtype:trojan-activity;sid:84540254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677153)"; flow:established,from_client; content:"GET"; http_method; content:"/6v.google|3f|t=n8mw9s2i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fr.qzad-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677153/; classtype:trojan-activity;sid:84540253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677152)"; flow:established,from_client; content:"GET"; http_method; content:"/2j4stmbhy8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hd6r.7-5wd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677152/; classtype:trojan-activity;sid:84540252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.120.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677151/; classtype:trojan-activity;sid:84540251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677150)"; flow:established,from_client; content:"GET"; http_method; content:"/ot30fodv9c.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.wduh8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677150/; classtype:trojan-activity;sid:84540250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677149)"; flow:established,from_client; content:"GET"; http_method; content:"/nh1jvvy0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bi4.qzad-3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677149/; classtype:trojan-activity;sid:84540249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.149.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677148/; classtype:trojan-activity;sid:84540248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.238.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677147/; classtype:trojan-activity;sid:84540247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.40.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677145/; classtype:trojan-activity;sid:84540245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.28.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677146/; classtype:trojan-activity;sid:84540246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.241.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677143/; classtype:trojan-activity;sid:84540243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.44.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677144/; classtype:trojan-activity;sid:84540244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677142)"; flow:established,from_client; content:"GET"; http_method; content:"/925dyxs.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lextran.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677142/; classtype:trojan-activity;sid:84540242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677141)"; flow:established,from_client; content:"GET"; http_method; content:"/i1b.check|3f|t=hzgne4ye"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bi4.qzad-3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677141/; classtype:trojan-activity;sid:84540241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677140)"; flow:established,from_client; content:"GET"; http_method; content:"/2h5c2b00jc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hd6r.7-5wd.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677140/; classtype:trojan-activity;sid:84540240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677139)"; flow:established,from_client; content:"GET"; http_method; content:"/2pwwlpaxc1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q4wt.9-1pv.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677139/; classtype:trojan-activity;sid:84540239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677138)"; flow:established,from_client; content:"GET"; http_method; content:"/qk9.google|3f|t=ylge3y0b"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"zn.qzad-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677138/; classtype:trojan-activity;sid:84540238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.101.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677137/; classtype:trojan-activity;sid:84540237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677136)"; flow:established,from_client; content:"GET"; http_method; content:"/fex7b3sjvy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7pz.9-1pv.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677136/; classtype:trojan-activity;sid:84540236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677135)"; flow:established,from_client; content:"GET"; http_method; content:"/py.google|3f|t=m817qg9f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pzi.qzad-3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677135/; classtype:trojan-activity;sid:84540235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677134)"; flow:established,from_client; content:"GET"; http_method; content:"/q22zvb5r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pzi.qzad-3.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677134/; classtype:trojan-activity;sid:84540234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677133)"; flow:established,from_client; content:"GET"; http_method; content:"/tbgabt7d1c.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1j9.wduh8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677133/; classtype:trojan-activity;sid:84540233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.99.77.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677132/; classtype:trojan-activity;sid:84540232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.43.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677131/; classtype:trojan-activity;sid:84540231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677130)"; flow:established,from_client; content:"GET"; http_method; content:"/x.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"115.187.41.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677130/; classtype:trojan-activity;sid:84540230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677128)"; flow:established,from_client; content:"GET"; http_method; content:"/main.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"extraordinary-malasada-f7721f.netlify.app"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677128/; classtype:trojan-activity;sid:84540228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677129)"; flow:established,from_client; content:"GET"; http_method; content:"/x.vbs"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"115.187.41.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677129/; classtype:trojan-activity;sid:84540229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677127)"; flow:established,from_client; content:"GET"; http_method; content:"/final.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"extraordinary-malasada-f7721f.netlify.app"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677127/; classtype:trojan-activity;sid:84540227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.186.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677126/; classtype:trojan-activity;sid:84540226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677125)"; flow:established,from_client; content:"GET"; http_method; content:"/lte.google|3f|t=30mw6g58"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"e8.qzad-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677125/; classtype:trojan-activity;sid:84540225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677124)"; flow:established,from_client; content:"GET"; http_method; content:"/8v7igp1tpj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m3yl.9-1pv.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677124/; classtype:trojan-activity;sid:84540224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677123)"; flow:established,from_client; content:"GET"; http_method; content:"/umn9bi9yhz.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mi.wduh8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677123/; classtype:trojan-activity;sid:84540223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677122)"; flow:established,from_client; content:"GET"; http_method; content:"/d70arfcf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e8.qzad-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677122/; classtype:trojan-activity;sid:84540222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.155.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677121/; classtype:trojan-activity;sid:84540221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.132.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677120/; classtype:trojan-activity;sid:84540220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677119)"; flow:established,from_client; content:"GET"; http_method; content:"/html/cnr.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677119/; classtype:trojan-activity;sid:84540219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677115)"; flow:established,from_client; content:"GET"; http_method; content:"/html/jaws.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677115/; classtype:trojan-activity;sid:84540215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677116)"; flow:established,from_client; content:"GET"; http_method; content:"/html/tvt.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677116/; classtype:trojan-activity;sid:84540216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677117)"; flow:established,from_client; content:"GET"; http_method; content:"/html/yarn.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677117/; classtype:trojan-activity;sid:84540217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677118)"; flow:established,from_client; content:"GET"; http_method; content:"/html/dvr.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677118/; classtype:trojan-activity;sid:84540218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677114)"; flow:established,from_client; content:"GET"; http_method; content:"/html/faith.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677114/; classtype:trojan-activity;sid:84540214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677112)"; flow:established,from_client; content:"GET"; http_method; content:"/html/libdvr.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677112/; classtype:trojan-activity;sid:84540212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677113)"; flow:established,from_client; content:"GET"; http_method; content:"/html/avtech.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677113/; classtype:trojan-activity;sid:84540213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.99.77.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677111/; classtype:trojan-activity;sid:84540211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677110)"; flow:established,from_client; content:"GET"; http_method; content:"/9px23lo569.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m3yl.9-1pv.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677110/; classtype:trojan-activity;sid:84540210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677109)"; flow:established,from_client; content:"GET"; http_method; content:"/5j.check|3f|t=y18gydid"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"y4.qzad-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677109/; classtype:trojan-activity;sid:84540209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677060)"; flow:established,from_client; content:"GET"; http_method; content:"/1su0fkwha9.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"x7m.wduh8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677060/; classtype:trojan-activity;sid:84540160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677059)"; flow:established,from_client; content:"GET"; http_method; content:"/pr1m7w6u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y4.qzad-3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677059/; classtype:trojan-activity;sid:84540159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677058)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677058/; classtype:trojan-activity;sid:84540158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677057)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677057/; classtype:trojan-activity;sid:84540157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677056)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677056/; classtype:trojan-activity;sid:84540156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677055)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677055/; classtype:trojan-activity;sid:84540155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677053)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677053/; classtype:trojan-activity;sid:84540153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677054)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677054/; classtype:trojan-activity;sid:84540154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.43.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677052/; classtype:trojan-activity;sid:84540152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677051)"; flow:established,from_client; content:"GET"; http_method; content:"/2bfi07whei.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vk2x.9-1pv.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677051/; classtype:trojan-activity;sid:84540151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677050)"; flow:established,from_client; content:"GET"; http_method; content:"/5u.google|3f|t=5aii8xlb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1sw.stix-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677050/; classtype:trojan-activity;sid:84540150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.90.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677049/; classtype:trojan-activity;sid:84540149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.186.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677048/; classtype:trojan-activity;sid:84540148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677047)"; flow:established,from_client; content:"GET"; http_method; content:"/hdtzo4icjx.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tt.wduh8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677047/; classtype:trojan-activity;sid:84540147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677046)"; flow:established,from_client; content:"GET"; http_method; content:"/kocp52fg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pu.stix-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677046/; classtype:trojan-activity;sid:84540146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.155.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677045/; classtype:trojan-activity;sid:84540145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677044)"; flow:established,from_client; content:"GET"; http_method; content:"/o4ahevhf3e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tz9q.9-1pv.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677044/; classtype:trojan-activity;sid:84540144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677043)"; flow:established,from_client; content:"GET"; http_method; content:"/kwv.check|3f|t=8ysptmtg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pu.stix-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677043/; classtype:trojan-activity;sid:84540143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.235.153.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677042/; classtype:trojan-activity;sid:84540142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677041)"; flow:established,from_client; content:"GET"; http_method; content:"/afac6h9p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ca.stix-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677041/; classtype:trojan-activity;sid:84540141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677040)"; flow:established,from_client; content:"GET"; http_method; content:"/4bmanhxylo.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tt.wduh8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677040/; classtype:trojan-activity;sid:84540140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677039)"; flow:established,from_client; content:"GET"; http_method; content:"/sozj8l3gil.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gx1m.9-1pv.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677039/; classtype:trojan-activity;sid:84540139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677038)"; flow:established,from_client; content:"GET"; http_method; content:"/7sr.google|3f|t=cgs6erro"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ca.stix-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677038/; classtype:trojan-activity;sid:84540138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677037)"; flow:established,from_client; content:"GET"; http_method; content:"/bejx4q2e95.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gx1m.9-1pv.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677037/; classtype:trojan-activity;sid:84540137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677036)"; flow:established,from_client; content:"GET"; http_method; content:"/zp0.google|3f|t=z5umcmk3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ciy.stix-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677036/; classtype:trojan-activity;sid:84540136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.90.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677035/; classtype:trojan-activity;sid:84540135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.153.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677034/; classtype:trojan-activity;sid:84540134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.250.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677032/; classtype:trojan-activity;sid:84540132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.230.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677033/; classtype:trojan-activity;sid:84540133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.40.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677031/; classtype:trojan-activity;sid:84540131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677030/; classtype:trojan-activity;sid:84540130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677028/; classtype:trojan-activity;sid:84540128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677029/; classtype:trojan-activity;sid:84540129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677027)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.37.123.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677027/; classtype:trojan-activity;sid:84540127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.94.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677023/; classtype:trojan-activity;sid:84540123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677024)"; flow:established,from_client; content:"GET"; http_method; content:"/encryptor.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"159.203.110.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677024/; classtype:trojan-activity;sid:84540124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677025)"; flow:established,from_client; content:"GET"; http_method; content:"/chromelevator_x64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"159.203.110.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677025/; classtype:trojan-activity;sid:84540125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.36.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677026/; classtype:trojan-activity;sid:84540126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677021)"; flow:established,from_client; content:"GET"; http_method; content:"/chromelevator_arm64.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"159.203.110.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677021/; classtype:trojan-activity;sid:84540121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.188.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677022/; classtype:trojan-activity;sid:84540122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677016)"; flow:established,from_client; content:"GET"; http_method; content:"/y5otlpkpdd.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"q7.kdit5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677016/; classtype:trojan-activity;sid:84540116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677017)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"159.203.110.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677017/; classtype:trojan-activity;sid:84540117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677018)"; flow:established,from_client; content:"GET"; http_method; content:"/svc-host.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.37.123.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677018/; classtype:trojan-activity;sid:84540118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677019)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.37.123.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677019/; classtype:trojan-activity;sid:84540119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677020)"; flow:established,from_client; content:"GET"; http_method; content:"/ihi0gdhu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"280.ldef-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677020/; classtype:trojan-activity;sid:84540120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677015/; classtype:trojan-activity;sid:84540115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677011/; classtype:trojan-activity;sid:84540111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677012/; classtype:trojan-activity;sid:84540112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677013)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677013/; classtype:trojan-activity;sid:84540113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677014/; classtype:trojan-activity;sid:84540114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677007/; classtype:trojan-activity;sid:84540107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677008/; classtype:trojan-activity;sid:84540108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677009/; classtype:trojan-activity;sid:84540109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677010/; classtype:trojan-activity;sid:84540110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677005/; classtype:trojan-activity;sid:84540105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677006/; classtype:trojan-activity;sid:84540106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676996/; classtype:trojan-activity;sid:84540096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676997/; classtype:trojan-activity;sid:84540097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676998/; classtype:trojan-activity;sid:84540098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676999/; classtype:trojan-activity;sid:84540099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677000/; classtype:trojan-activity;sid:84540100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677001/; classtype:trojan-activity;sid:84540101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677002/; classtype:trojan-activity;sid:84540102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677003/; classtype:trojan-activity;sid:84540103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677004/; classtype:trojan-activity;sid:84540104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676995/; classtype:trojan-activity;sid:84540095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676993/; classtype:trojan-activity;sid:84540093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676994/; classtype:trojan-activity;sid:84540094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676991/; classtype:trojan-activity;sid:84540091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676992/; classtype:trojan-activity;sid:84540092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676989/; classtype:trojan-activity;sid:84540089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676990/; classtype:trojan-activity;sid:84540090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676988/; classtype:trojan-activity;sid:84540088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676986)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.232.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676986/; classtype:trojan-activity;sid:84540086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676987)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676987/; classtype:trojan-activity;sid:84540087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676968)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676968/; classtype:trojan-activity;sid:84540068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676969)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676969/; classtype:trojan-activity;sid:84540069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676970)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676970/; classtype:trojan-activity;sid:84540070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676971)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676971/; classtype:trojan-activity;sid:84540071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676972/; classtype:trojan-activity;sid:84540072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676973/; classtype:trojan-activity;sid:84540073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676974)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676974/; classtype:trojan-activity;sid:84540074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676975/; classtype:trojan-activity;sid:84540075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676976/; classtype:trojan-activity;sid:84540076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676977/; classtype:trojan-activity;sid:84540077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676978/; classtype:trojan-activity;sid:84540078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676979)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676979/; classtype:trojan-activity;sid:84540079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676980/; classtype:trojan-activity;sid:84540080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676981/; classtype:trojan-activity;sid:84540081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676982/; classtype:trojan-activity;sid:84540082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676983/; classtype:trojan-activity;sid:84540083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676984/; classtype:trojan-activity;sid:84540084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676985/; classtype:trojan-activity;sid:84540085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676966)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676966/; classtype:trojan-activity;sid:84540066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676967)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676967/; classtype:trojan-activity;sid:84540067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676965)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676965/; classtype:trojan-activity;sid:84540065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676962)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676962/; classtype:trojan-activity;sid:84540062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676963)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676963/; classtype:trojan-activity;sid:84540063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676964/; classtype:trojan-activity;sid:84540064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676958/; classtype:trojan-activity;sid:84540058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676959/; classtype:trojan-activity;sid:84540059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676960/; classtype:trojan-activity;sid:84540060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676961/; classtype:trojan-activity;sid:84540061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676955)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676955/; classtype:trojan-activity;sid:84540055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676956/; classtype:trojan-activity;sid:84540056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676957)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676957/; classtype:trojan-activity;sid:84540057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676952/; classtype:trojan-activity;sid:84540052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676953/; classtype:trojan-activity;sid:84540053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676954/; classtype:trojan-activity;sid:84540054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676947/; classtype:trojan-activity;sid:84540047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676948/; classtype:trojan-activity;sid:84540048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676949/; classtype:trojan-activity;sid:84540049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676950/; classtype:trojan-activity;sid:84540050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676951/; classtype:trojan-activity;sid:84540051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676945)"; flow:established,from_client; content:"GET"; http_method; content:"/release/xeno%20rat%20server.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"106.70.228.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676945/; classtype:trojan-activity;sid:84540045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676946)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676946/; classtype:trojan-activity;sid:84540046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676937/; classtype:trojan-activity;sid:84540037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676938/; classtype:trojan-activity;sid:84540038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676939/; classtype:trojan-activity;sid:84540039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676940/; classtype:trojan-activity;sid:84540040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676941/; classtype:trojan-activity;sid:84540041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676942/; classtype:trojan-activity;sid:84540042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676943/; classtype:trojan-activity;sid:84540043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676944/; classtype:trojan-activity;sid:84540044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676935/; classtype:trojan-activity;sid:84540035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676936)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676936/; classtype:trojan-activity;sid:84540036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676930/; classtype:trojan-activity;sid:84540030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676931)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676931/; classtype:trojan-activity;sid:84540031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676932/; classtype:trojan-activity;sid:84540032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676933/; classtype:trojan-activity;sid:84540033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676934/; classtype:trojan-activity;sid:84540034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676924)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676924/; classtype:trojan-activity;sid:84540024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676925)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676925/; classtype:trojan-activity;sid:84540025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676926)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676926/; classtype:trojan-activity;sid:84540026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676927/; classtype:trojan-activity;sid:84540027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676928/; classtype:trojan-activity;sid:84540028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676929)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676929/; classtype:trojan-activity;sid:84540029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676923/; classtype:trojan-activity;sid:84540023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676914/; classtype:trojan-activity;sid:84540014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676915/; classtype:trojan-activity;sid:84540015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676916/; classtype:trojan-activity;sid:84540016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676917/; classtype:trojan-activity;sid:84540017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676918/; classtype:trojan-activity;sid:84540018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676919/; classtype:trojan-activity;sid:84540019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676920)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676920/; classtype:trojan-activity;sid:84540020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676921/; classtype:trojan-activity;sid:84540021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676922/; classtype:trojan-activity;sid:84540022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676913/; classtype:trojan-activity;sid:84540013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676911/; classtype:trojan-activity;sid:84540011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676912/; classtype:trojan-activity;sid:84540012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676909/; classtype:trojan-activity;sid:84540009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676910/; classtype:trojan-activity;sid:84540010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676904/; classtype:trojan-activity;sid:84540004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676905/; classtype:trojan-activity;sid:84540005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676906/; classtype:trojan-activity;sid:84540006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676907/; classtype:trojan-activity;sid:84540007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676908/; classtype:trojan-activity;sid:84540008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676899/; classtype:trojan-activity;sid:84539999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676900/; classtype:trojan-activity;sid:84540000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676901/; classtype:trojan-activity;sid:84540001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676902/; classtype:trojan-activity;sid:84540002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676903/; classtype:trojan-activity;sid:84540003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676898/; classtype:trojan-activity;sid:84539998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676897/; classtype:trojan-activity;sid:84539997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676888/; classtype:trojan-activity;sid:84539988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676889/; classtype:trojan-activity;sid:84539989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676890/; classtype:trojan-activity;sid:84539990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676891)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676891/; classtype:trojan-activity;sid:84539991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676892)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676892/; classtype:trojan-activity;sid:84539992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676893/; classtype:trojan-activity;sid:84539993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676894/; classtype:trojan-activity;sid:84539994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676895/; classtype:trojan-activity;sid:84539995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676896/; classtype:trojan-activity;sid:84539996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676885/; classtype:trojan-activity;sid:84539985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676886/; classtype:trojan-activity;sid:84539986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676887/; classtype:trojan-activity;sid:84539987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676877/; classtype:trojan-activity;sid:84539977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676878/; classtype:trojan-activity;sid:84539978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676879/; classtype:trojan-activity;sid:84539979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676880/; classtype:trojan-activity;sid:84539980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676881/; classtype:trojan-activity;sid:84539981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676882/; classtype:trojan-activity;sid:84539982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676883/; classtype:trojan-activity;sid:84539983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676884)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676884/; classtype:trojan-activity;sid:84539984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676876)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676876/; classtype:trojan-activity;sid:84539976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676873/; classtype:trojan-activity;sid:84539973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676874/; classtype:trojan-activity;sid:84539974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676875/; classtype:trojan-activity;sid:84539975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676866/; classtype:trojan-activity;sid:84539966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676867/; classtype:trojan-activity;sid:84539967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676868/; classtype:trojan-activity;sid:84539968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676869/; classtype:trojan-activity;sid:84539969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676870/; classtype:trojan-activity;sid:84539970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676871/; classtype:trojan-activity;sid:84539971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676872/; classtype:trojan-activity;sid:84539972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676860)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676860/; classtype:trojan-activity;sid:84539960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676861/; classtype:trojan-activity;sid:84539961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676862/; classtype:trojan-activity;sid:84539962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676863/; classtype:trojan-activity;sid:84539963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676864/; classtype:trojan-activity;sid:84539964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676865/; classtype:trojan-activity;sid:84539965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676848/; classtype:trojan-activity;sid:84539948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676849/; classtype:trojan-activity;sid:84539949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676850)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676850/; classtype:trojan-activity;sid:84539950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676851)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676851/; classtype:trojan-activity;sid:84539951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676852/; classtype:trojan-activity;sid:84539952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676853/; classtype:trojan-activity;sid:84539953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676854/; classtype:trojan-activity;sid:84539954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676855)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676855/; classtype:trojan-activity;sid:84539955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676856)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676856/; classtype:trojan-activity;sid:84539956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676857)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676857/; classtype:trojan-activity;sid:84539957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676858)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676858/; classtype:trojan-activity;sid:84539958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676859/; classtype:trojan-activity;sid:84539959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676846/; classtype:trojan-activity;sid:84539946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676847/; classtype:trojan-activity;sid:84539947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676843/; classtype:trojan-activity;sid:84539943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676844)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676844/; classtype:trojan-activity;sid:84539944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676845/; classtype:trojan-activity;sid:84539945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676836/; classtype:trojan-activity;sid:84539936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676837/; classtype:trojan-activity;sid:84539937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676838/; classtype:trojan-activity;sid:84539938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676839/; classtype:trojan-activity;sid:84539939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676840/; classtype:trojan-activity;sid:84539940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676841/; classtype:trojan-activity;sid:84539941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676842/; classtype:trojan-activity;sid:84539942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676834/; classtype:trojan-activity;sid:84539934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676835/; classtype:trojan-activity;sid:84539935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676828/; classtype:trojan-activity;sid:84539928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676829/; classtype:trojan-activity;sid:84539929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676830)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676830/; classtype:trojan-activity;sid:84539930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676831/; classtype:trojan-activity;sid:84539931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676832/; classtype:trojan-activity;sid:84539932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676833/; classtype:trojan-activity;sid:84539933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676826/; classtype:trojan-activity;sid:84539926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676827)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676827/; classtype:trojan-activity;sid:84539927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676824/; classtype:trojan-activity;sid:84539924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676825)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676825/; classtype:trojan-activity;sid:84539925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676821/; classtype:trojan-activity;sid:84539921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676822)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676822/; classtype:trojan-activity;sid:84539922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676823/; classtype:trojan-activity;sid:84539923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676820/; classtype:trojan-activity;sid:84539920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676816/; classtype:trojan-activity;sid:84539916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676817/; classtype:trojan-activity;sid:84539917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676818/; classtype:trojan-activity;sid:84539918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676819)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676819/; classtype:trojan-activity;sid:84539919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676808/; classtype:trojan-activity;sid:84539908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676809/; classtype:trojan-activity;sid:84539909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676810/; classtype:trojan-activity;sid:84539910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676811/; classtype:trojan-activity;sid:84539911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676812/; classtype:trojan-activity;sid:84539912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676813/; classtype:trojan-activity;sid:84539913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676814/; classtype:trojan-activity;sid:84539914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676815/; classtype:trojan-activity;sid:84539915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676799/; classtype:trojan-activity;sid:84539899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676800/; classtype:trojan-activity;sid:84539900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676801/; classtype:trojan-activity;sid:84539901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676802/; classtype:trojan-activity;sid:84539902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676803/; classtype:trojan-activity;sid:84539903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676804/; classtype:trojan-activity;sid:84539904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676805/; classtype:trojan-activity;sid:84539905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676806/; classtype:trojan-activity;sid:84539906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676807/; classtype:trojan-activity;sid:84539907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676796/; classtype:trojan-activity;sid:84539896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676797/; classtype:trojan-activity;sid:84539897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676798/; classtype:trojan-activity;sid:84539898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676791)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676791/; classtype:trojan-activity;sid:84539891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676792)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676792/; classtype:trojan-activity;sid:84539892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676793/; classtype:trojan-activity;sid:84539893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676794/; classtype:trojan-activity;sid:84539894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676795/; classtype:trojan-activity;sid:84539895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676790)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676790/; classtype:trojan-activity;sid:84539890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676789/; classtype:trojan-activity;sid:84539889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676788/; classtype:trojan-activity;sid:84539888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676787/; classtype:trojan-activity;sid:84539887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676754)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676754/; classtype:trojan-activity;sid:84539854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676755)"; flow:established,from_client; content:"GET"; http_method; content:"/a.out"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676755/; classtype:trojan-activity;sid:84539855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676756/; classtype:trojan-activity;sid:84539856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676757/; classtype:trojan-activity;sid:84539857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676758/; classtype:trojan-activity;sid:84539858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676759/; classtype:trojan-activity;sid:84539859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676760/; classtype:trojan-activity;sid:84539860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676761/; classtype:trojan-activity;sid:84539861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676762/; classtype:trojan-activity;sid:84539862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676763/; classtype:trojan-activity;sid:84539863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676764/; classtype:trojan-activity;sid:84539864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676765/; classtype:trojan-activity;sid:84539865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676766/; classtype:trojan-activity;sid:84539866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676767/; classtype:trojan-activity;sid:84539867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676768/; classtype:trojan-activity;sid:84539868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676769/; classtype:trojan-activity;sid:84539869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676770/; classtype:trojan-activity;sid:84539870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676771/; classtype:trojan-activity;sid:84539871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676772/; classtype:trojan-activity;sid:84539872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676773/; classtype:trojan-activity;sid:84539873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676774/; classtype:trojan-activity;sid:84539874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676775/; classtype:trojan-activity;sid:84539875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676776/; classtype:trojan-activity;sid:84539876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676777/; classtype:trojan-activity;sid:84539877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676778/; classtype:trojan-activity;sid:84539878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676779/; classtype:trojan-activity;sid:84539879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676780/; classtype:trojan-activity;sid:84539880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676781/; classtype:trojan-activity;sid:84539881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676782/; classtype:trojan-activity;sid:84539882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676783/; classtype:trojan-activity;sid:84539883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676784/; classtype:trojan-activity;sid:84539884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676785/; classtype:trojan-activity;sid:84539885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676786/; classtype:trojan-activity;sid:84539886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676752/; classtype:trojan-activity;sid:84539852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676753)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676753/; classtype:trojan-activity;sid:84539853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676751)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676751/; classtype:trojan-activity;sid:84539851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676750)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676750/; classtype:trojan-activity;sid:84539850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676747/; classtype:trojan-activity;sid:84539847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676748/; classtype:trojan-activity;sid:84539848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676749)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676749/; classtype:trojan-activity;sid:84539849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676730)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676730/; classtype:trojan-activity;sid:84539830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676731)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676731/; classtype:trojan-activity;sid:84539831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676732/; classtype:trojan-activity;sid:84539832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676733)"; flow:established,from_client; content:"GET"; http_method; content:"/xdzdfxzf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676733/; classtype:trojan-activity;sid:84539833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676734)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676734/; classtype:trojan-activity;sid:84539834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676735/; classtype:trojan-activity;sid:84539835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676736/; classtype:trojan-activity;sid:84539836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676737/; classtype:trojan-activity;sid:84539837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676738/; classtype:trojan-activity;sid:84539838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676739/; classtype:trojan-activity;sid:84539839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676740/; classtype:trojan-activity;sid:84539840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676741/; classtype:trojan-activity;sid:84539841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676742/; classtype:trojan-activity;sid:84539842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676743/; classtype:trojan-activity;sid:84539843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676744/; classtype:trojan-activity;sid:84539844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676745/; classtype:trojan-activity;sid:84539845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676746/; classtype:trojan-activity;sid:84539846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676727/; classtype:trojan-activity;sid:84539827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676728/; classtype:trojan-activity;sid:84539828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676729/; classtype:trojan-activity;sid:84539829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676721)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676721/; classtype:trojan-activity;sid:84539821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676722)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676722/; classtype:trojan-activity;sid:84539822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676723)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676723/; classtype:trojan-activity;sid:84539823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676724)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676724/; classtype:trojan-activity;sid:84539824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676725)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676725/; classtype:trojan-activity;sid:84539825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676726/; classtype:trojan-activity;sid:84539826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676713/; classtype:trojan-activity;sid:84539813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676714)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676714/; classtype:trojan-activity;sid:84539814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676715/; classtype:trojan-activity;sid:84539815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676716)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676716/; classtype:trojan-activity;sid:84539816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676717)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676717/; classtype:trojan-activity;sid:84539817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676718/; classtype:trojan-activity;sid:84539818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676719)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676719/; classtype:trojan-activity;sid:84539819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676720)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676720/; classtype:trojan-activity;sid:84539820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676709/; classtype:trojan-activity;sid:84539809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676710/; classtype:trojan-activity;sid:84539810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676711/; classtype:trojan-activity;sid:84539811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676712)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676712/; classtype:trojan-activity;sid:84539812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676708/; classtype:trojan-activity;sid:84539808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676707/; classtype:trojan-activity;sid:84539807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676706/; classtype:trojan-activity;sid:84539806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676704/; classtype:trojan-activity;sid:84539804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676705/; classtype:trojan-activity;sid:84539805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676698)"; flow:established,from_client; content:"GET"; http_method; content:"/xdzdfxzf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676698/; classtype:trojan-activity;sid:84539798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676699/; classtype:trojan-activity;sid:84539799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676700/; classtype:trojan-activity;sid:84539800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676701/; classtype:trojan-activity;sid:84539801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676702/; classtype:trojan-activity;sid:84539802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676703/; classtype:trojan-activity;sid:84539803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676687/; classtype:trojan-activity;sid:84539787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676688/; classtype:trojan-activity;sid:84539788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676689/; classtype:trojan-activity;sid:84539789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676690/; classtype:trojan-activity;sid:84539790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676691/; classtype:trojan-activity;sid:84539791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676692/; classtype:trojan-activity;sid:84539792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676693/; classtype:trojan-activity;sid:84539793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676694/; classtype:trojan-activity;sid:84539794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676695/; classtype:trojan-activity;sid:84539795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676696/; classtype:trojan-activity;sid:84539796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676697/; classtype:trojan-activity;sid:84539797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676677/; classtype:trojan-activity;sid:84539777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676678/; classtype:trojan-activity;sid:84539778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676679/; classtype:trojan-activity;sid:84539779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676680/; classtype:trojan-activity;sid:84539780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676681/; classtype:trojan-activity;sid:84539781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676682/; classtype:trojan-activity;sid:84539782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676683/; classtype:trojan-activity;sid:84539783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676684/; classtype:trojan-activity;sid:84539784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676685/; classtype:trojan-activity;sid:84539785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676686/; classtype:trojan-activity;sid:84539786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676676/; classtype:trojan-activity;sid:84539776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676674/; classtype:trojan-activity;sid:84539774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676675/; classtype:trojan-activity;sid:84539775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676673/; classtype:trojan-activity;sid:84539773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676672/; classtype:trojan-activity;sid:84539772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676671)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"81.232.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676671/; classtype:trojan-activity;sid:84539771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676667)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676667/; classtype:trojan-activity;sid:84539767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676668)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676668/; classtype:trojan-activity;sid:84539768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676669)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676669/; classtype:trojan-activity;sid:84539769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676670/; classtype:trojan-activity;sid:84539770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676664)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676664/; classtype:trojan-activity;sid:84539764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676665)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676665/; classtype:trojan-activity;sid:84539765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676666)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676666/; classtype:trojan-activity;sid:84539766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676651/; classtype:trojan-activity;sid:84539751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676652/; classtype:trojan-activity;sid:84539752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676653/; classtype:trojan-activity;sid:84539753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676654/; classtype:trojan-activity;sid:84539754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676655/; classtype:trojan-activity;sid:84539755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676656/; classtype:trojan-activity;sid:84539756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676657/; classtype:trojan-activity;sid:84539757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676658/; classtype:trojan-activity;sid:84539758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676659)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676659/; classtype:trojan-activity;sid:84539759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676660/; classtype:trojan-activity;sid:84539760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676661)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676661/; classtype:trojan-activity;sid:84539761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676662/; classtype:trojan-activity;sid:84539762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676663)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676663/; classtype:trojan-activity;sid:84539763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676649/; classtype:trojan-activity;sid:84539749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676650)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676650/; classtype:trojan-activity;sid:84539750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676627/; classtype:trojan-activity;sid:84539727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676628)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676628/; classtype:trojan-activity;sid:84539728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676629)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676629/; classtype:trojan-activity;sid:84539729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676630)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676630/; classtype:trojan-activity;sid:84539730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676631)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676631/; classtype:trojan-activity;sid:84539731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676632/; classtype:trojan-activity;sid:84539732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676633/; classtype:trojan-activity;sid:84539733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676634/; classtype:trojan-activity;sid:84539734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676635)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676635/; classtype:trojan-activity;sid:84539735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676636/; classtype:trojan-activity;sid:84539736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676637)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676637/; classtype:trojan-activity;sid:84539737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676638)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676638/; classtype:trojan-activity;sid:84539738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676639)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676639/; classtype:trojan-activity;sid:84539739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676640)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676640/; classtype:trojan-activity;sid:84539740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676641/; classtype:trojan-activity;sid:84539741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676642/; classtype:trojan-activity;sid:84539742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676643)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676643/; classtype:trojan-activity;sid:84539743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676644)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676644/; classtype:trojan-activity;sid:84539744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676645)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676645/; classtype:trojan-activity;sid:84539745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676646/; classtype:trojan-activity;sid:84539746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676647/; classtype:trojan-activity;sid:84539747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676648/; classtype:trojan-activity;sid:84539748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676624)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676624/; classtype:trojan-activity;sid:84539724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676625)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676625/; classtype:trojan-activity;sid:84539725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676626)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676626/; classtype:trojan-activity;sid:84539726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676617)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676617/; classtype:trojan-activity;sid:84539717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676618)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676618/; classtype:trojan-activity;sid:84539718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676619)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676619/; classtype:trojan-activity;sid:84539719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676620)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676620/; classtype:trojan-activity;sid:84539720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676621)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676621/; classtype:trojan-activity;sid:84539721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676622)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676622/; classtype:trojan-activity;sid:84539722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676623)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676623/; classtype:trojan-activity;sid:84539723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676615)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676615/; classtype:trojan-activity;sid:84539715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676616)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676616/; classtype:trojan-activity;sid:84539716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676609)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676609/; classtype:trojan-activity;sid:84539709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676610)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676610/; classtype:trojan-activity;sid:84539710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676611)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676611/; classtype:trojan-activity;sid:84539711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676612)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676612/; classtype:trojan-activity;sid:84539712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676613)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676613/; classtype:trojan-activity;sid:84539713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676614)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676614/; classtype:trojan-activity;sid:84539714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676606)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676606/; classtype:trojan-activity;sid:84539706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676607/; classtype:trojan-activity;sid:84539707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676608/; classtype:trojan-activity;sid:84539708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676599/; classtype:trojan-activity;sid:84539699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676600)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676600/; classtype:trojan-activity;sid:84539700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676601)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676601/; classtype:trojan-activity;sid:84539701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676602)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676602/; classtype:trojan-activity;sid:84539702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676603)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676603/; classtype:trojan-activity;sid:84539703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676604)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676604/; classtype:trojan-activity;sid:84539704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676605)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676605/; classtype:trojan-activity;sid:84539705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676598/; classtype:trojan-activity;sid:84539698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676592)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676592/; classtype:trojan-activity;sid:84539692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676593)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676593/; classtype:trojan-activity;sid:84539693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676594)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676594/; classtype:trojan-activity;sid:84539694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676595)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676595/; classtype:trojan-activity;sid:84539695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676596)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676596/; classtype:trojan-activity;sid:84539696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676597)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676597/; classtype:trojan-activity;sid:84539697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676572/; classtype:trojan-activity;sid:84539672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676573/; classtype:trojan-activity;sid:84539673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676574/; classtype:trojan-activity;sid:84539674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676575/; classtype:trojan-activity;sid:84539675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676576/; classtype:trojan-activity;sid:84539676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676577/; classtype:trojan-activity;sid:84539677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676578/; classtype:trojan-activity;sid:84539678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676579/; classtype:trojan-activity;sid:84539679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676580/; classtype:trojan-activity;sid:84539680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676581)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676581/; classtype:trojan-activity;sid:84539681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676582)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676582/; classtype:trojan-activity;sid:84539682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676583)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676583/; classtype:trojan-activity;sid:84539683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676584)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676584/; classtype:trojan-activity;sid:84539684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676585)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676585/; classtype:trojan-activity;sid:84539685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676586)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676586/; classtype:trojan-activity;sid:84539686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676587)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676587/; classtype:trojan-activity;sid:84539687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676588)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676588/; classtype:trojan-activity;sid:84539688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676589)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676589/; classtype:trojan-activity;sid:84539689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676590)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676590/; classtype:trojan-activity;sid:84539690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676591)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676591/; classtype:trojan-activity;sid:84539691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676570/; classtype:trojan-activity;sid:84539670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676571/; classtype:trojan-activity;sid:84539671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676565/; classtype:trojan-activity;sid:84539665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676566)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.232.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676566/; classtype:trojan-activity;sid:84539666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676567/; classtype:trojan-activity;sid:84539667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676568/; classtype:trojan-activity;sid:84539668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676569/; classtype:trojan-activity;sid:84539669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676554/; classtype:trojan-activity;sid:84539654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676555/; classtype:trojan-activity;sid:84539655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676556/; classtype:trojan-activity;sid:84539656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676557/; classtype:trojan-activity;sid:84539657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676558/; classtype:trojan-activity;sid:84539658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676559/; classtype:trojan-activity;sid:84539659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676560/; classtype:trojan-activity;sid:84539660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676561/; classtype:trojan-activity;sid:84539661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676562/; classtype:trojan-activity;sid:84539662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676563/; classtype:trojan-activity;sid:84539663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676564/; classtype:trojan-activity;sid:84539664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676553/; classtype:trojan-activity;sid:84539653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676545/; classtype:trojan-activity;sid:84539645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676546/; classtype:trojan-activity;sid:84539646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676547/; classtype:trojan-activity;sid:84539647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676548/; classtype:trojan-activity;sid:84539648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676549/; classtype:trojan-activity;sid:84539649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676550/; classtype:trojan-activity;sid:84539650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676551/; classtype:trojan-activity;sid:84539651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676552/; classtype:trojan-activity;sid:84539652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676535/; classtype:trojan-activity;sid:84539635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676536)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676536/; classtype:trojan-activity;sid:84539636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676537/; classtype:trojan-activity;sid:84539637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676538/; classtype:trojan-activity;sid:84539638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676539/; classtype:trojan-activity;sid:84539639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676540/; classtype:trojan-activity;sid:84539640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676541/; classtype:trojan-activity;sid:84539641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676542/; classtype:trojan-activity;sid:84539642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676543/; classtype:trojan-activity;sid:84539643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676544/; classtype:trojan-activity;sid:84539644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676529)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676529/; classtype:trojan-activity;sid:84539629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676530)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676530/; classtype:trojan-activity;sid:84539630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676531)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676531/; classtype:trojan-activity;sid:84539631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676532)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676532/; classtype:trojan-activity;sid:84539632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676533)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676533/; classtype:trojan-activity;sid:84539633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676534/; classtype:trojan-activity;sid:84539634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676521)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676521/; classtype:trojan-activity;sid:84539621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676522/; classtype:trojan-activity;sid:84539622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676523)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676523/; classtype:trojan-activity;sid:84539623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676524)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676524/; classtype:trojan-activity;sid:84539624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676525/; classtype:trojan-activity;sid:84539625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676526/; classtype:trojan-activity;sid:84539626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676527)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676527/; classtype:trojan-activity;sid:84539627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676528)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676528/; classtype:trojan-activity;sid:84539628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676520)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676520/; classtype:trojan-activity;sid:84539620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676501)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676501/; classtype:trojan-activity;sid:84539601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676502)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676502/; classtype:trojan-activity;sid:84539602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676503)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676503/; classtype:trojan-activity;sid:84539603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676504)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676504/; classtype:trojan-activity;sid:84539604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676505)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676505/; classtype:trojan-activity;sid:84539605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676506)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676506/; classtype:trojan-activity;sid:84539606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676507)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676507/; classtype:trojan-activity;sid:84539607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676508)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676508/; classtype:trojan-activity;sid:84539608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676509/; classtype:trojan-activity;sid:84539609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676510)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676510/; classtype:trojan-activity;sid:84539610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676511/; classtype:trojan-activity;sid:84539611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676512)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xdzdfxzf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676512/; classtype:trojan-activity;sid:84539612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676513/; classtype:trojan-activity;sid:84539613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676514)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676514/; classtype:trojan-activity;sid:84539614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676515)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676515/; classtype:trojan-activity;sid:84539615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676516)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676516/; classtype:trojan-activity;sid:84539616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676517)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676517/; classtype:trojan-activity;sid:84539617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676518)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676518/; classtype:trojan-activity;sid:84539618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676519)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676519/; classtype:trojan-activity;sid:84539619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676484/; classtype:trojan-activity;sid:84539584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676485/; classtype:trojan-activity;sid:84539585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676486/; classtype:trojan-activity;sid:84539586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676487/; classtype:trojan-activity;sid:84539587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676488)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676488/; classtype:trojan-activity;sid:84539588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676489)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676489/; classtype:trojan-activity;sid:84539589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676490)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676490/; classtype:trojan-activity;sid:84539590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676491)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676491/; classtype:trojan-activity;sid:84539591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676492)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676492/; classtype:trojan-activity;sid:84539592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676493)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676493/; classtype:trojan-activity;sid:84539593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676494/; classtype:trojan-activity;sid:84539594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676495)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676495/; classtype:trojan-activity;sid:84539595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676496)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676496/; classtype:trojan-activity;sid:84539596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676497)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676497/; classtype:trojan-activity;sid:84539597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676498)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676498/; classtype:trojan-activity;sid:84539598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676499)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676499/; classtype:trojan-activity;sid:84539599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676500)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676500/; classtype:trojan-activity;sid:84539600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676483)"; flow:established,from_client; content:"GET"; http_method; content:"/yjpo98ux"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"v30.ldef-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676483/; classtype:trojan-activity;sid:84539583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676477/; classtype:trojan-activity;sid:84539577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676478/; classtype:trojan-activity;sid:84539578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676479)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676479/; classtype:trojan-activity;sid:84539579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676480)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676480/; classtype:trojan-activity;sid:84539580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676481)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676481/; classtype:trojan-activity;sid:84539581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676482/; classtype:trojan-activity;sid:84539582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676472/; classtype:trojan-activity;sid:84539572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676473/; classtype:trojan-activity;sid:84539573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676474/; classtype:trojan-activity;sid:84539574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676475)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676475/; classtype:trojan-activity;sid:84539575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676476/; classtype:trojan-activity;sid:84539576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676465/; classtype:trojan-activity;sid:84539565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676466/; classtype:trojan-activity;sid:84539566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676467)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676467/; classtype:trojan-activity;sid:84539567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676468/; classtype:trojan-activity;sid:84539568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676469)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676469/; classtype:trojan-activity;sid:84539569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676470/; classtype:trojan-activity;sid:84539570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676471/; classtype:trojan-activity;sid:84539571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676443)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676443/; classtype:trojan-activity;sid:84539543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676444)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676444/; classtype:trojan-activity;sid:84539544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676445)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676445/; classtype:trojan-activity;sid:84539545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676446/; classtype:trojan-activity;sid:84539546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676447/; classtype:trojan-activity;sid:84539547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676448/; classtype:trojan-activity;sid:84539548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676449/; classtype:trojan-activity;sid:84539549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676450)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676450/; classtype:trojan-activity;sid:84539550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676451)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676451/; classtype:trojan-activity;sid:84539551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676452/; classtype:trojan-activity;sid:84539552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676453/; classtype:trojan-activity;sid:84539553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676454)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676454/; classtype:trojan-activity;sid:84539554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676455)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676455/; classtype:trojan-activity;sid:84539555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676456/; classtype:trojan-activity;sid:84539556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676457)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676457/; classtype:trojan-activity;sid:84539557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676458/; classtype:trojan-activity;sid:84539558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676459/; classtype:trojan-activity;sid:84539559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676460)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676460/; classtype:trojan-activity;sid:84539560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676461)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676461/; classtype:trojan-activity;sid:84539561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676462)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676462/; classtype:trojan-activity;sid:84539562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676463/; classtype:trojan-activity;sid:84539563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676464)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676464/; classtype:trojan-activity;sid:84539564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676436)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676436/; classtype:trojan-activity;sid:84539536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676437)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676437/; classtype:trojan-activity;sid:84539537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676438/; classtype:trojan-activity;sid:84539538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676439/; classtype:trojan-activity;sid:84539539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676440/; classtype:trojan-activity;sid:84539540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676441)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676441/; classtype:trojan-activity;sid:84539541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676442)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676442/; classtype:trojan-activity;sid:84539542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676434)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676434/; classtype:trojan-activity;sid:84539534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676435)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676435/; classtype:trojan-activity;sid:84539535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676433/; classtype:trojan-activity;sid:84539533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676413/; classtype:trojan-activity;sid:84539513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676414/; classtype:trojan-activity;sid:84539514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676415/; classtype:trojan-activity;sid:84539515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676416/; classtype:trojan-activity;sid:84539516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676417/; classtype:trojan-activity;sid:84539517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676418/; classtype:trojan-activity;sid:84539518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676419/; classtype:trojan-activity;sid:84539519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676420/; classtype:trojan-activity;sid:84539520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676421/; classtype:trojan-activity;sid:84539521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676422)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676422/; classtype:trojan-activity;sid:84539522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676423/; classtype:trojan-activity;sid:84539523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676424)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676424/; classtype:trojan-activity;sid:84539524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676425)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676425/; classtype:trojan-activity;sid:84539525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676426/; classtype:trojan-activity;sid:84539526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676427)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676427/; classtype:trojan-activity;sid:84539527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676428/; classtype:trojan-activity;sid:84539528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676429)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676429/; classtype:trojan-activity;sid:84539529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676430/; classtype:trojan-activity;sid:84539530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676431/; classtype:trojan-activity;sid:84539531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676432/; classtype:trojan-activity;sid:84539532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676399/; classtype:trojan-activity;sid:84539499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676400/; classtype:trojan-activity;sid:84539500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676401/; classtype:trojan-activity;sid:84539501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676402/; classtype:trojan-activity;sid:84539502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676403/; classtype:trojan-activity;sid:84539503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"artier-recourser.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676404/; classtype:trojan-activity;sid:84539504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676405/; classtype:trojan-activity;sid:84539505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676406/; classtype:trojan-activity;sid:84539506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676407/; classtype:trojan-activity;sid:84539507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676408/; classtype:trojan-activity;sid:84539508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676409/; classtype:trojan-activity;sid:84539509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676410/; classtype:trojan-activity;sid:84539510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676411/; classtype:trojan-activity;sid:84539511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676412/; classtype:trojan-activity;sid:84539512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676376)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676376/; classtype:trojan-activity;sid:84539476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676377/; classtype:trojan-activity;sid:84539477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676378/; classtype:trojan-activity;sid:84539478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676379/; classtype:trojan-activity;sid:84539479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676380/; classtype:trojan-activity;sid:84539480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676381/; classtype:trojan-activity;sid:84539481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676382/; classtype:trojan-activity;sid:84539482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676383/; classtype:trojan-activity;sid:84539483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676384/; classtype:trojan-activity;sid:84539484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676385/; classtype:trojan-activity;sid:84539485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676386)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676386/; classtype:trojan-activity;sid:84539486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676387)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676387/; classtype:trojan-activity;sid:84539487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676388/; classtype:trojan-activity;sid:84539488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676389/; classtype:trojan-activity;sid:84539489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676390/; classtype:trojan-activity;sid:84539490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676391/; classtype:trojan-activity;sid:84539491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676392/; classtype:trojan-activity;sid:84539492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676393/; classtype:trojan-activity;sid:84539493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676394/; classtype:trojan-activity;sid:84539494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676395/; classtype:trojan-activity;sid:84539495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676396/; classtype:trojan-activity;sid:84539496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676397/; classtype:trojan-activity;sid:84539497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676398/; classtype:trojan-activity;sid:84539498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676375)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676375/; classtype:trojan-activity;sid:84539475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676374/; classtype:trojan-activity;sid:84539474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676368/; classtype:trojan-activity;sid:84539468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676369/; classtype:trojan-activity;sid:84539469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676370)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676370/; classtype:trojan-activity;sid:84539470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676371/; classtype:trojan-activity;sid:84539471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676372/; classtype:trojan-activity;sid:84539472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676373/; classtype:trojan-activity;sid:84539473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676367/; classtype:trojan-activity;sid:84539467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676360)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676360/; classtype:trojan-activity;sid:84539460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676361)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676361/; classtype:trojan-activity;sid:84539461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676362)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676362/; classtype:trojan-activity;sid:84539462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676363)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676363/; classtype:trojan-activity;sid:84539463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676364)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676364/; classtype:trojan-activity;sid:84539464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676365)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676365/; classtype:trojan-activity;sid:84539465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676366)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676366/; classtype:trojan-activity;sid:84539466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676359)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676359/; classtype:trojan-activity;sid:84539459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676346)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676346/; classtype:trojan-activity;sid:84539446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676347)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676347/; classtype:trojan-activity;sid:84539447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676348)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676348/; classtype:trojan-activity;sid:84539448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676349)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676349/; classtype:trojan-activity;sid:84539449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676350)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676350/; classtype:trojan-activity;sid:84539450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676351)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676351/; classtype:trojan-activity;sid:84539451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676352)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676352/; classtype:trojan-activity;sid:84539452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676353)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676353/; classtype:trojan-activity;sid:84539453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676354)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676354/; classtype:trojan-activity;sid:84539454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676355)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676355/; classtype:trojan-activity;sid:84539455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676356)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676356/; classtype:trojan-activity;sid:84539456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676357)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676357/; classtype:trojan-activity;sid:84539457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676358)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676358/; classtype:trojan-activity;sid:84539458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676344)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676344/; classtype:trojan-activity;sid:84539444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676345/; classtype:trojan-activity;sid:84539445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676322)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676322/; classtype:trojan-activity;sid:84539422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676323)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676323/; classtype:trojan-activity;sid:84539423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676324)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676324/; classtype:trojan-activity;sid:84539424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676325)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676325/; classtype:trojan-activity;sid:84539425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676326/; classtype:trojan-activity;sid:84539426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676327)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676327/; classtype:trojan-activity;sid:84539427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676328)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676328/; classtype:trojan-activity;sid:84539428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676329/; classtype:trojan-activity;sid:84539429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676330/; classtype:trojan-activity;sid:84539430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676331/; classtype:trojan-activity;sid:84539431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676332/; classtype:trojan-activity;sid:84539432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676333/; classtype:trojan-activity;sid:84539433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676334)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676334/; classtype:trojan-activity;sid:84539434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676335/; classtype:trojan-activity;sid:84539435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676336/; classtype:trojan-activity;sid:84539436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676337)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676337/; classtype:trojan-activity;sid:84539437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676338)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676338/; classtype:trojan-activity;sid:84539438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676339)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676339/; classtype:trojan-activity;sid:84539439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676340)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676340/; classtype:trojan-activity;sid:84539440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676341)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676341/; classtype:trojan-activity;sid:84539441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676342)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676342/; classtype:trojan-activity;sid:84539442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676343/; classtype:trojan-activity;sid:84539443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676321/; classtype:trojan-activity;sid:84539421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676320)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676320/; classtype:trojan-activity;sid:84539420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676318)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676318/; classtype:trojan-activity;sid:84539418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676319/; classtype:trojan-activity;sid:84539419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676317)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676317/; classtype:trojan-activity;sid:84539417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676315/; classtype:trojan-activity;sid:84539415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676316)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676316/; classtype:trojan-activity;sid:84539416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676288/; classtype:trojan-activity;sid:84539388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676289/; classtype:trojan-activity;sid:84539389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676290/; classtype:trojan-activity;sid:84539390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676291/; classtype:trojan-activity;sid:84539391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676292/; classtype:trojan-activity;sid:84539392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676293/; classtype:trojan-activity;sid:84539393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676294/; classtype:trojan-activity;sid:84539394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676295/; classtype:trojan-activity;sid:84539395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676296/; classtype:trojan-activity;sid:84539396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676297/; classtype:trojan-activity;sid:84539397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676298/; classtype:trojan-activity;sid:84539398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676299/; classtype:trojan-activity;sid:84539399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676300)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676300/; classtype:trojan-activity;sid:84539400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676301)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676301/; classtype:trojan-activity;sid:84539401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676302/; classtype:trojan-activity;sid:84539402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676303/; classtype:trojan-activity;sid:84539403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676304)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676304/; classtype:trojan-activity;sid:84539404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676305/; classtype:trojan-activity;sid:84539405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676306/; classtype:trojan-activity;sid:84539406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676307)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676307/; classtype:trojan-activity;sid:84539407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676308/; classtype:trojan-activity;sid:84539408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676309/; classtype:trojan-activity;sid:84539409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676310)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676310/; classtype:trojan-activity;sid:84539410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676311)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676311/; classtype:trojan-activity;sid:84539411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676312)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676312/; classtype:trojan-activity;sid:84539412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676313)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676313/; classtype:trojan-activity;sid:84539413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676314)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676314/; classtype:trojan-activity;sid:84539414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676286/; classtype:trojan-activity;sid:84539386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676287/; classtype:trojan-activity;sid:84539387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676275/; classtype:trojan-activity;sid:84539375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676276/; classtype:trojan-activity;sid:84539376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676277/; classtype:trojan-activity;sid:84539377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676278/; classtype:trojan-activity;sid:84539378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676279)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676279/; classtype:trojan-activity;sid:84539379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676280/; classtype:trojan-activity;sid:84539380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676281/; classtype:trojan-activity;sid:84539381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676282/; classtype:trojan-activity;sid:84539382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676283/; classtype:trojan-activity;sid:84539383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676284)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676284/; classtype:trojan-activity;sid:84539384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676285)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676285/; classtype:trojan-activity;sid:84539385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676273)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676273/; classtype:trojan-activity;sid:84539373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676274/; classtype:trojan-activity;sid:84539374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676272)"; flow:established,from_client; content:"GET"; http_method; content:"/~sgtatham/putty/latest/w64/putty.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"the.earth.li"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676272/; classtype:trojan-activity;sid:84539372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676248/; classtype:trojan-activity;sid:84539348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676249/; classtype:trojan-activity;sid:84539349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676250/; classtype:trojan-activity;sid:84539350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676251/; classtype:trojan-activity;sid:84539351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676252/; classtype:trojan-activity;sid:84539352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676253/; classtype:trojan-activity;sid:84539353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676254/; classtype:trojan-activity;sid:84539354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676255)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676255/; classtype:trojan-activity;sid:84539355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676256)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676256/; classtype:trojan-activity;sid:84539356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676257/; classtype:trojan-activity;sid:84539357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676258/; classtype:trojan-activity;sid:84539358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676259)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676259/; classtype:trojan-activity;sid:84539359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676260)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676260/; classtype:trojan-activity;sid:84539360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676261)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676261/; classtype:trojan-activity;sid:84539361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676262)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676262/; classtype:trojan-activity;sid:84539362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676263)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676263/; classtype:trojan-activity;sid:84539363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676264)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676264/; classtype:trojan-activity;sid:84539364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676265)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676265/; classtype:trojan-activity;sid:84539365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676266)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676266/; classtype:trojan-activity;sid:84539366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676267)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676267/; classtype:trojan-activity;sid:84539367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676268)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676268/; classtype:trojan-activity;sid:84539368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676269)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676269/; classtype:trojan-activity;sid:84539369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676270)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676270/; classtype:trojan-activity;sid:84539370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676271)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676271/; classtype:trojan-activity;sid:84539371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676246/; classtype:trojan-activity;sid:84539346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676247/; classtype:trojan-activity;sid:84539347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676209/; classtype:trojan-activity;sid:84539309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676210)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676210/; classtype:trojan-activity;sid:84539310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676211/; classtype:trojan-activity;sid:84539311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676212)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676212/; classtype:trojan-activity;sid:84539312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676213)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676213/; classtype:trojan-activity;sid:84539313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676214)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676214/; classtype:trojan-activity;sid:84539314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676215)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676215/; classtype:trojan-activity;sid:84539315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676216)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676216/; classtype:trojan-activity;sid:84539316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676217)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676217/; classtype:trojan-activity;sid:84539317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676218)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676218/; classtype:trojan-activity;sid:84539318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676219/; classtype:trojan-activity;sid:84539319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676220/; classtype:trojan-activity;sid:84539320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676221)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676221/; classtype:trojan-activity;sid:84539321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676222/; classtype:trojan-activity;sid:84539322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676223/; classtype:trojan-activity;sid:84539323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676224)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676224/; classtype:trojan-activity;sid:84539324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676225/; classtype:trojan-activity;sid:84539325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676226)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676226/; classtype:trojan-activity;sid:84539326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676227/; classtype:trojan-activity;sid:84539327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676228/; classtype:trojan-activity;sid:84539328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676229/; classtype:trojan-activity;sid:84539329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676230/; classtype:trojan-activity;sid:84539330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676231/; classtype:trojan-activity;sid:84539331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676232)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676232/; classtype:trojan-activity;sid:84539332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676233)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676233/; classtype:trojan-activity;sid:84539333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676234)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676234/; classtype:trojan-activity;sid:84539334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676235/; classtype:trojan-activity;sid:84539335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676236/; classtype:trojan-activity;sid:84539336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676237)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676237/; classtype:trojan-activity;sid:84539337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676238/; classtype:trojan-activity;sid:84539338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676239/; classtype:trojan-activity;sid:84539339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676240)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676240/; classtype:trojan-activity;sid:84539340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676241/; classtype:trojan-activity;sid:84539341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676242)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676242/; classtype:trojan-activity;sid:84539342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676243/; classtype:trojan-activity;sid:84539343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676244)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676244/; classtype:trojan-activity;sid:84539344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676245)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676245/; classtype:trojan-activity;sid:84539345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676207/; classtype:trojan-activity;sid:84539307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676208)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676208/; classtype:trojan-activity;sid:84539308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676201)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676201/; classtype:trojan-activity;sid:84539301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676202/; classtype:trojan-activity;sid:84539302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676203/; classtype:trojan-activity;sid:84539303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676204)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676204/; classtype:trojan-activity;sid:84539304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676205)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676205/; classtype:trojan-activity;sid:84539305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676206)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676206/; classtype:trojan-activity;sid:84539306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676171/; classtype:trojan-activity;sid:84539271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676172/; classtype:trojan-activity;sid:84539272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676173/; classtype:trojan-activity;sid:84539273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676174)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676174/; classtype:trojan-activity;sid:84539274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676175/; classtype:trojan-activity;sid:84539275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676176)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676176/; classtype:trojan-activity;sid:84539276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676177/; classtype:trojan-activity;sid:84539277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676178/; classtype:trojan-activity;sid:84539278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676179/; classtype:trojan-activity;sid:84539279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676180)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676180/; classtype:trojan-activity;sid:84539280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676181)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676181/; classtype:trojan-activity;sid:84539281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676182/; classtype:trojan-activity;sid:84539282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676183/; classtype:trojan-activity;sid:84539283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676184/; classtype:trojan-activity;sid:84539284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676185/; classtype:trojan-activity;sid:84539285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676186/; classtype:trojan-activity;sid:84539286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676187/; classtype:trojan-activity;sid:84539287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676188/; classtype:trojan-activity;sid:84539288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676189/; classtype:trojan-activity;sid:84539289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676190/; classtype:trojan-activity;sid:84539290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676191/; classtype:trojan-activity;sid:84539291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676192/; classtype:trojan-activity;sid:84539292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676193/; classtype:trojan-activity;sid:84539293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676194/; classtype:trojan-activity;sid:84539294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676195/; classtype:trojan-activity;sid:84539295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676196/; classtype:trojan-activity;sid:84539296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676197/; classtype:trojan-activity;sid:84539297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676198)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676198/; classtype:trojan-activity;sid:84539298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676199/; classtype:trojan-activity;sid:84539299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676200/; classtype:trojan-activity;sid:84539300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676170)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676170/; classtype:trojan-activity;sid:84539270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676168/; classtype:trojan-activity;sid:84539268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676169)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676169/; classtype:trojan-activity;sid:84539269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676167/; classtype:trojan-activity;sid:84539267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676165)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676165/; classtype:trojan-activity;sid:84539265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676166)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676166/; classtype:trojan-activity;sid:84539266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676134)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676134/; classtype:trojan-activity;sid:84539234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676135)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676135/; classtype:trojan-activity;sid:84539235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676136)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676136/; classtype:trojan-activity;sid:84539236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676137)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676137/; classtype:trojan-activity;sid:84539237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676138)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676138/; classtype:trojan-activity;sid:84539238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676139)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676139/; classtype:trojan-activity;sid:84539239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676140)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676140/; classtype:trojan-activity;sid:84539240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676141)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676141/; classtype:trojan-activity;sid:84539241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676142/; classtype:trojan-activity;sid:84539242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676143/; classtype:trojan-activity;sid:84539243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676144/; classtype:trojan-activity;sid:84539244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676145/; classtype:trojan-activity;sid:84539245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676146/; classtype:trojan-activity;sid:84539246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676147/; classtype:trojan-activity;sid:84539247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676148/; classtype:trojan-activity;sid:84539248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676149/; classtype:trojan-activity;sid:84539249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676150/; classtype:trojan-activity;sid:84539250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676151/; classtype:trojan-activity;sid:84539251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676152/; classtype:trojan-activity;sid:84539252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676153/; classtype:trojan-activity;sid:84539253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676154/; classtype:trojan-activity;sid:84539254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676155/; classtype:trojan-activity;sid:84539255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676156/; classtype:trojan-activity;sid:84539256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676157/; classtype:trojan-activity;sid:84539257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676158)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676158/; classtype:trojan-activity;sid:84539258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676159)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676159/; classtype:trojan-activity;sid:84539259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676160/; classtype:trojan-activity;sid:84539260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676161)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676161/; classtype:trojan-activity;sid:84539261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676162)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676162/; classtype:trojan-activity;sid:84539262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676163)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676163/; classtype:trojan-activity;sid:84539263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676164)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676164/; classtype:trojan-activity;sid:84539264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676130)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676130/; classtype:trojan-activity;sid:84539230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676131)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676131/; classtype:trojan-activity;sid:84539231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676132/; classtype:trojan-activity;sid:84539232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676133)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676133/; classtype:trojan-activity;sid:84539233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676127)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676127/; classtype:trojan-activity;sid:84539227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676128)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676128/; classtype:trojan-activity;sid:84539228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676129/; classtype:trojan-activity;sid:84539229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676119/; classtype:trojan-activity;sid:84539219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676120)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676120/; classtype:trojan-activity;sid:84539220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676121)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676121/; classtype:trojan-activity;sid:84539221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676122)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676122/; classtype:trojan-activity;sid:84539222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676123)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676123/; classtype:trojan-activity;sid:84539223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676124)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676124/; classtype:trojan-activity;sid:84539224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676125)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676125/; classtype:trojan-activity;sid:84539225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676126)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676126/; classtype:trojan-activity;sid:84539226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676116/; classtype:trojan-activity;sid:84539216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676117/; classtype:trojan-activity;sid:84539217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676118)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676118/; classtype:trojan-activity;sid:84539218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676111/; classtype:trojan-activity;sid:84539211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676112/; classtype:trojan-activity;sid:84539212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676113/; classtype:trojan-activity;sid:84539213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676114/; classtype:trojan-activity;sid:84539214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676115/; classtype:trojan-activity;sid:84539215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676108/; classtype:trojan-activity;sid:84539208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676109/; classtype:trojan-activity;sid:84539209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676110)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676110/; classtype:trojan-activity;sid:84539210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676104/; classtype:trojan-activity;sid:84539204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676105/; classtype:trojan-activity;sid:84539205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676106/; classtype:trojan-activity;sid:84539206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676107/; classtype:trojan-activity;sid:84539207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676101/; classtype:trojan-activity;sid:84539201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676102/; classtype:trojan-activity;sid:84539202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676103/; classtype:trojan-activity;sid:84539203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676097/; classtype:trojan-activity;sid:84539197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676098/; classtype:trojan-activity;sid:84539198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676099)"; flow:established,from_client; content:"GET"; http_method; content:"/a.out"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676099/; classtype:trojan-activity;sid:84539199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676100/; classtype:trojan-activity;sid:84539200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676092)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676092/; classtype:trojan-activity;sid:84539192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676093)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676093/; classtype:trojan-activity;sid:84539193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676094)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676094/; classtype:trojan-activity;sid:84539194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676095)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676095/; classtype:trojan-activity;sid:84539195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676096)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676096/; classtype:trojan-activity;sid:84539196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676091)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676091/; classtype:trojan-activity;sid:84539191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676090/; classtype:trojan-activity;sid:84539190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676089)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676089/; classtype:trojan-activity;sid:84539189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676088/; classtype:trojan-activity;sid:84539188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676085/; classtype:trojan-activity;sid:84539185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676086/; classtype:trojan-activity;sid:84539186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676087/; classtype:trojan-activity;sid:84539187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676074/; classtype:trojan-activity;sid:84539174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676075/; classtype:trojan-activity;sid:84539175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676076/; classtype:trojan-activity;sid:84539176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676077/; classtype:trojan-activity;sid:84539177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676078)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676078/; classtype:trojan-activity;sid:84539178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676079/; classtype:trojan-activity;sid:84539179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676080/; classtype:trojan-activity;sid:84539180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676081/; classtype:trojan-activity;sid:84539181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676082/; classtype:trojan-activity;sid:84539182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676083/; classtype:trojan-activity;sid:84539183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676084/; classtype:trojan-activity;sid:84539184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676060/; classtype:trojan-activity;sid:84539160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676061/; classtype:trojan-activity;sid:84539161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676062/; classtype:trojan-activity;sid:84539162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676063/; classtype:trojan-activity;sid:84539163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676064/; classtype:trojan-activity;sid:84539164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676065/; classtype:trojan-activity;sid:84539165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676066/; classtype:trojan-activity;sid:84539166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676067/; classtype:trojan-activity;sid:84539167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676068/; classtype:trojan-activity;sid:84539168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676069/; classtype:trojan-activity;sid:84539169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676070/; classtype:trojan-activity;sid:84539170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676071/; classtype:trojan-activity;sid:84539171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676072/; classtype:trojan-activity;sid:84539172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676073)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676073/; classtype:trojan-activity;sid:84539173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676058/; classtype:trojan-activity;sid:84539158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.powerpc-440fp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676059/; classtype:trojan-activity;sid:84539159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676056/; classtype:trojan-activity;sid:84539156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676057/; classtype:trojan-activity;sid:84539157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676055/; classtype:trojan-activity;sid:84539155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676046/; classtype:trojan-activity;sid:84539146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676047)"; flow:established,from_client; content:"GET"; http_method; content:"/lol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676047/; classtype:trojan-activity;sid:84539147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676048/; classtype:trojan-activity;sid:84539148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676049/; classtype:trojan-activity;sid:84539149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676050)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676050/; classtype:trojan-activity;sid:84539150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676051/; classtype:trojan-activity;sid:84539151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676052/; classtype:trojan-activity;sid:84539152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676053/; classtype:trojan-activity;sid:84539153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676054/; classtype:trojan-activity;sid:84539154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676044/; classtype:trojan-activity;sid:84539144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676045/; classtype:trojan-activity;sid:84539145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676038)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676038/; classtype:trojan-activity;sid:84539138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676039/; classtype:trojan-activity;sid:84539139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676040)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676040/; classtype:trojan-activity;sid:84539140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676041)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676041/; classtype:trojan-activity;sid:84539141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676042/; classtype:trojan-activity;sid:84539142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676043/; classtype:trojan-activity;sid:84539143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676036)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676036/; classtype:trojan-activity;sid:84539136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676037/; classtype:trojan-activity;sid:84539137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676034/; classtype:trojan-activity;sid:84539134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676035)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676035/; classtype:trojan-activity;sid:84539135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676012/; classtype:trojan-activity;sid:84539112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676013)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676013/; classtype:trojan-activity;sid:84539113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676014/; classtype:trojan-activity;sid:84539114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676015/; classtype:trojan-activity;sid:84539115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676016/; classtype:trojan-activity;sid:84539116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676017/; classtype:trojan-activity;sid:84539117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676018/; classtype:trojan-activity;sid:84539118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676019/; classtype:trojan-activity;sid:84539119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676020/; classtype:trojan-activity;sid:84539120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676021/; classtype:trojan-activity;sid:84539121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676022/; classtype:trojan-activity;sid:84539122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676023/; classtype:trojan-activity;sid:84539123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676024/; classtype:trojan-activity;sid:84539124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676025/; classtype:trojan-activity;sid:84539125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676026/; classtype:trojan-activity;sid:84539126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676027/; classtype:trojan-activity;sid:84539127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676028/; classtype:trojan-activity;sid:84539128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676029/; classtype:trojan-activity;sid:84539129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676030/; classtype:trojan-activity;sid:84539130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676031/; classtype:trojan-activity;sid:84539131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676032/; classtype:trojan-activity;sid:84539132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676033/; classtype:trojan-activity;sid:84539133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676008/; classtype:trojan-activity;sid:84539108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676009/; classtype:trojan-activity;sid:84539109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676010/; classtype:trojan-activity;sid:84539110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676011/; classtype:trojan-activity;sid:84539111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676006/; classtype:trojan-activity;sid:84539106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676007/; classtype:trojan-activity;sid:84539107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676005/; classtype:trojan-activity;sid:84539105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676003/; classtype:trojan-activity;sid:84539103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676004/; classtype:trojan-activity;sid:84539104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676002)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676002/; classtype:trojan-activity;sid:84539102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675999/; classtype:trojan-activity;sid:84539099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676000/; classtype:trojan-activity;sid:84539100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676001/; classtype:trojan-activity;sid:84539101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675978/; classtype:trojan-activity;sid:84539078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675979)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675979/; classtype:trojan-activity;sid:84539079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675980/; classtype:trojan-activity;sid:84539080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675981/; classtype:trojan-activity;sid:84539081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675982/; classtype:trojan-activity;sid:84539082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675983/; classtype:trojan-activity;sid:84539083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675984/; classtype:trojan-activity;sid:84539084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675985/; classtype:trojan-activity;sid:84539085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675986/; classtype:trojan-activity;sid:84539086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675987)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675987/; classtype:trojan-activity;sid:84539087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675988/; classtype:trojan-activity;sid:84539088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675989/; classtype:trojan-activity;sid:84539089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675990/; classtype:trojan-activity;sid:84539090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675991/; classtype:trojan-activity;sid:84539091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675992/; classtype:trojan-activity;sid:84539092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675993/; classtype:trojan-activity;sid:84539093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675994/; classtype:trojan-activity;sid:84539094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675995/; classtype:trojan-activity;sid:84539095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675996/; classtype:trojan-activity;sid:84539096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675997/; classtype:trojan-activity;sid:84539097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675998/; classtype:trojan-activity;sid:84539098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675970)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675970/; classtype:trojan-activity;sid:84539070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675971)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675971/; classtype:trojan-activity;sid:84539071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675972/; classtype:trojan-activity;sid:84539072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675973/; classtype:trojan-activity;sid:84539073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675974)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675974/; classtype:trojan-activity;sid:84539074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675975/; classtype:trojan-activity;sid:84539075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675976/; classtype:trojan-activity;sid:84539076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675977/; classtype:trojan-activity;sid:84539077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675969)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"81.232.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675969/; classtype:trojan-activity;sid:84539069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675967)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675967/; classtype:trojan-activity;sid:84539067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675968)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675968/; classtype:trojan-activity;sid:84539068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675966)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675966/; classtype:trojan-activity;sid:84539066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675964/; classtype:trojan-activity;sid:84539064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675965)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675965/; classtype:trojan-activity;sid:84539065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675952/; classtype:trojan-activity;sid:84539052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675953/; classtype:trojan-activity;sid:84539053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675954/; classtype:trojan-activity;sid:84539054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675955)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675955/; classtype:trojan-activity;sid:84539055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675956/; classtype:trojan-activity;sid:84539056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675957)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675957/; classtype:trojan-activity;sid:84539057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675958/; classtype:trojan-activity;sid:84539058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675959/; classtype:trojan-activity;sid:84539059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675960/; classtype:trojan-activity;sid:84539060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675961/; classtype:trojan-activity;sid:84539061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675962)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675962/; classtype:trojan-activity;sid:84539062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675963)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675963/; classtype:trojan-activity;sid:84539063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675951)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675951/; classtype:trojan-activity;sid:84539051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675950/; classtype:trojan-activity;sid:84539050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675946)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675946/; classtype:trojan-activity;sid:84539046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675947/; classtype:trojan-activity;sid:84539047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675948/; classtype:trojan-activity;sid:84539048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675949/; classtype:trojan-activity;sid:84539049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675945)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675945/; classtype:trojan-activity;sid:84539045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675942/; classtype:trojan-activity;sid:84539042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675943/; classtype:trojan-activity;sid:84539043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675944/; classtype:trojan-activity;sid:84539044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675937/; classtype:trojan-activity;sid:84539037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675938/; classtype:trojan-activity;sid:84539038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675939/; classtype:trojan-activity;sid:84539039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675940/; classtype:trojan-activity;sid:84539040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675941/; classtype:trojan-activity;sid:84539041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675925)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675925/; classtype:trojan-activity;sid:84539025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675926)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675926/; classtype:trojan-activity;sid:84539026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675927/; classtype:trojan-activity;sid:84539027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675928/; classtype:trojan-activity;sid:84539028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675929)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675929/; classtype:trojan-activity;sid:84539029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675930/; classtype:trojan-activity;sid:84539030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675931)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675931/; classtype:trojan-activity;sid:84539031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675932/; classtype:trojan-activity;sid:84539032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675933/; classtype:trojan-activity;sid:84539033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675934/; classtype:trojan-activity;sid:84539034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675935/; classtype:trojan-activity;sid:84539035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675936)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675936/; classtype:trojan-activity;sid:84539036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675920)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675920/; classtype:trojan-activity;sid:84539020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675921/; classtype:trojan-activity;sid:84539021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675922/; classtype:trojan-activity;sid:84539022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675923/; classtype:trojan-activity;sid:84539023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675924)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675924/; classtype:trojan-activity;sid:84539024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675915/; classtype:trojan-activity;sid:84539015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675916/; classtype:trojan-activity;sid:84539016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675917/; classtype:trojan-activity;sid:84539017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675918/; classtype:trojan-activity;sid:84539018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675919/; classtype:trojan-activity;sid:84539019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675914/; classtype:trojan-activity;sid:84539014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675913/; classtype:trojan-activity;sid:84539013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675889/; classtype:trojan-activity;sid:84538989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675890/; classtype:trojan-activity;sid:84538990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675891)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675891/; classtype:trojan-activity;sid:84538991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675892)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675892/; classtype:trojan-activity;sid:84538992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675893/; classtype:trojan-activity;sid:84538993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675894/; classtype:trojan-activity;sid:84538994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675895/; classtype:trojan-activity;sid:84538995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675896/; classtype:trojan-activity;sid:84538996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675897/; classtype:trojan-activity;sid:84538997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675898/; classtype:trojan-activity;sid:84538998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675899/; classtype:trojan-activity;sid:84538999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675900/; classtype:trojan-activity;sid:84539000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675901/; classtype:trojan-activity;sid:84539001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675902/; classtype:trojan-activity;sid:84539002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675903/; classtype:trojan-activity;sid:84539003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675904/; classtype:trojan-activity;sid:84539004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675905/; classtype:trojan-activity;sid:84539005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675906/; classtype:trojan-activity;sid:84539006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675907/; classtype:trojan-activity;sid:84539007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675908/; classtype:trojan-activity;sid:84539008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675909/; classtype:trojan-activity;sid:84539009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675910/; classtype:trojan-activity;sid:84539010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675911/; classtype:trojan-activity;sid:84539011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675912/; classtype:trojan-activity;sid:84539012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"artier-recourser.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675888/; classtype:trojan-activity;sid:84538988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675870/; classtype:trojan-activity;sid:84538970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675871/; classtype:trojan-activity;sid:84538971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675872/; classtype:trojan-activity;sid:84538972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675873/; classtype:trojan-activity;sid:84538973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675874/; classtype:trojan-activity;sid:84538974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675875/; classtype:trojan-activity;sid:84538975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675876)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675876/; classtype:trojan-activity;sid:84538976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675877/; classtype:trojan-activity;sid:84538977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675878/; classtype:trojan-activity;sid:84538978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675879/; classtype:trojan-activity;sid:84538979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675880/; classtype:trojan-activity;sid:84538980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675881/; classtype:trojan-activity;sid:84538981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675882/; classtype:trojan-activity;sid:84538982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675883/; classtype:trojan-activity;sid:84538983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675884)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675884/; classtype:trojan-activity;sid:84538984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675885/; classtype:trojan-activity;sid:84538985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675886/; classtype:trojan-activity;sid:84538986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675887/; classtype:trojan-activity;sid:84538987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675866/; classtype:trojan-activity;sid:84538966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675867/; classtype:trojan-activity;sid:84538967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675868/; classtype:trojan-activity;sid:84538968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675869/; classtype:trojan-activity;sid:84538969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675863/; classtype:trojan-activity;sid:84538963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675864)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"81.232.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675864/; classtype:trojan-activity;sid:84538964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675865/; classtype:trojan-activity;sid:84538965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675840/; classtype:trojan-activity;sid:84538940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675841/; classtype:trojan-activity;sid:84538941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675842/; classtype:trojan-activity;sid:84538942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675843/; classtype:trojan-activity;sid:84538943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675844/; classtype:trojan-activity;sid:84538944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675845/; classtype:trojan-activity;sid:84538945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675846/; classtype:trojan-activity;sid:84538946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xdzdfxzf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675847/; classtype:trojan-activity;sid:84538947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675848/; classtype:trojan-activity;sid:84538948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675849/; classtype:trojan-activity;sid:84538949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675850)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675850/; classtype:trojan-activity;sid:84538950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675851)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675851/; classtype:trojan-activity;sid:84538951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675852/; classtype:trojan-activity;sid:84538952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675853/; classtype:trojan-activity;sid:84538953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675854/; classtype:trojan-activity;sid:84538954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675855)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675855/; classtype:trojan-activity;sid:84538955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675856)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675856/; classtype:trojan-activity;sid:84538956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675857)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675857/; classtype:trojan-activity;sid:84538957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675858)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675858/; classtype:trojan-activity;sid:84538958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675859/; classtype:trojan-activity;sid:84538959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675860)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675860/; classtype:trojan-activity;sid:84538960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675861/; classtype:trojan-activity;sid:84538961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675862/; classtype:trojan-activity;sid:84538962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675839/; classtype:trojan-activity;sid:84538939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675836/; classtype:trojan-activity;sid:84538936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675837/; classtype:trojan-activity;sid:84538937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675838/; classtype:trojan-activity;sid:84538938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675816/; classtype:trojan-activity;sid:84538916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675817/; classtype:trojan-activity;sid:84538917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675818/; classtype:trojan-activity;sid:84538918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675819)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675819/; classtype:trojan-activity;sid:84538919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675820/; classtype:trojan-activity;sid:84538920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675821/; classtype:trojan-activity;sid:84538921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675822)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675822/; classtype:trojan-activity;sid:84538922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675823/; classtype:trojan-activity;sid:84538923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675824/; classtype:trojan-activity;sid:84538924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675825)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675825/; classtype:trojan-activity;sid:84538925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675826/; classtype:trojan-activity;sid:84538926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675827)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675827/; classtype:trojan-activity;sid:84538927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675828/; classtype:trojan-activity;sid:84538928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675829/; classtype:trojan-activity;sid:84538929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675830)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675830/; classtype:trojan-activity;sid:84538930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675831/; classtype:trojan-activity;sid:84538931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675832/; classtype:trojan-activity;sid:84538932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675833/; classtype:trojan-activity;sid:84538933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675834/; classtype:trojan-activity;sid:84538934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv6l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675835/; classtype:trojan-activity;sid:84538935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675798/; classtype:trojan-activity;sid:84538898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675799/; classtype:trojan-activity;sid:84538899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675800/; classtype:trojan-activity;sid:84538900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675801/; classtype:trojan-activity;sid:84538901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675802/; classtype:trojan-activity;sid:84538902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675803/; classtype:trojan-activity;sid:84538903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675804/; classtype:trojan-activity;sid:84538904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675805/; classtype:trojan-activity;sid:84538905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675806/; classtype:trojan-activity;sid:84538906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675807/; classtype:trojan-activity;sid:84538907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675808/; classtype:trojan-activity;sid:84538908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675809/; classtype:trojan-activity;sid:84538909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675810/; classtype:trojan-activity;sid:84538910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675811/; classtype:trojan-activity;sid:84538911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675812/; classtype:trojan-activity;sid:84538912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675813/; classtype:trojan-activity;sid:84538913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675814/; classtype:trojan-activity;sid:84538914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675815/; classtype:trojan-activity;sid:84538915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675797/; classtype:trojan-activity;sid:84538897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675784/; classtype:trojan-activity;sid:84538884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675785/; classtype:trojan-activity;sid:84538885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675786/; classtype:trojan-activity;sid:84538886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675787/; classtype:trojan-activity;sid:84538887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675788/; classtype:trojan-activity;sid:84538888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675789/; classtype:trojan-activity;sid:84538889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675790)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675790/; classtype:trojan-activity;sid:84538890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675791)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675791/; classtype:trojan-activity;sid:84538891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675792)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675792/; classtype:trojan-activity;sid:84538892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675793/; classtype:trojan-activity;sid:84538893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675794/; classtype:trojan-activity;sid:84538894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675795/; classtype:trojan-activity;sid:84538895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675796/; classtype:trojan-activity;sid:84538896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675770/; classtype:trojan-activity;sid:84538870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675771/; classtype:trojan-activity;sid:84538871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675772)"; flow:established,from_client; content:"GET"; http_method; content:"/lol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675772/; classtype:trojan-activity;sid:84538872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675773/; classtype:trojan-activity;sid:84538873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675774/; classtype:trojan-activity;sid:84538874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675775/; classtype:trojan-activity;sid:84538875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675776/; classtype:trojan-activity;sid:84538876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675777/; classtype:trojan-activity;sid:84538877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675778/; classtype:trojan-activity;sid:84538878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675779/; classtype:trojan-activity;sid:84538879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675780)"; flow:established,from_client; content:"GET"; http_method; content:"/xdzdfxzf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675780/; classtype:trojan-activity;sid:84538880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675781/; classtype:trojan-activity;sid:84538881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675782)"; flow:established,from_client; content:"GET"; http_method; content:"/a.out"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675782/; classtype:trojan-activity;sid:84538882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675783/; classtype:trojan-activity;sid:84538883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675769/; classtype:trojan-activity;sid:84538869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675768/; classtype:trojan-activity;sid:84538868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675763/; classtype:trojan-activity;sid:84538863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675764/; classtype:trojan-activity;sid:84538864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675765/; classtype:trojan-activity;sid:84538865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675766/; classtype:trojan-activity;sid:84538866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675767)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675767/; classtype:trojan-activity;sid:84538867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675749)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675749/; classtype:trojan-activity;sid:84538849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675750/; classtype:trojan-activity;sid:84538850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675751)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675751/; classtype:trojan-activity;sid:84538851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675752/; classtype:trojan-activity;sid:84538852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675753)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675753/; classtype:trojan-activity;sid:84538853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675754)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675754/; classtype:trojan-activity;sid:84538854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675755/; classtype:trojan-activity;sid:84538855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675756/; classtype:trojan-activity;sid:84538856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675757/; classtype:trojan-activity;sid:84538857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675758/; classtype:trojan-activity;sid:84538858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675759/; classtype:trojan-activity;sid:84538859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675760/; classtype:trojan-activity;sid:84538860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675761/; classtype:trojan-activity;sid:84538861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.94.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675762/; classtype:trojan-activity;sid:84538862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675745/; classtype:trojan-activity;sid:84538845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675746/; classtype:trojan-activity;sid:84538846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675747)"; flow:established,from_client; content:"GET"; http_method; content:"/lol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675747/; classtype:trojan-activity;sid:84538847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675748/; classtype:trojan-activity;sid:84538848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675736/; classtype:trojan-activity;sid:84538836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675737/; classtype:trojan-activity;sid:84538837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675738/; classtype:trojan-activity;sid:84538838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675739/; classtype:trojan-activity;sid:84538839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675740/; classtype:trojan-activity;sid:84538840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675741/; classtype:trojan-activity;sid:84538841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675742/; classtype:trojan-activity;sid:84538842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675743/; classtype:trojan-activity;sid:84538843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675744)"; flow:established,from_client; content:"GET"; http_method; content:"/release/stub/xeno%20rat%20client.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"106.70.228.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675744/; classtype:trojan-activity;sid:84538844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675734)"; flow:established,from_client; content:"GET"; http_method; content:"/736jwu2zff.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"q7.kdit5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675734/; classtype:trojan-activity;sid:84538834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675735)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675735/; classtype:trojan-activity;sid:84538835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675725)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675725/; classtype:trojan-activity;sid:84538825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675726/; classtype:trojan-activity;sid:84538826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675727/; classtype:trojan-activity;sid:84538827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675728/; classtype:trojan-activity;sid:84538828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675729/; classtype:trojan-activity;sid:84538829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675730)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675730/; classtype:trojan-activity;sid:84538830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675731)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675731/; classtype:trojan-activity;sid:84538831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5-253-86-21.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675732/; classtype:trojan-activity;sid:84538832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675733/; classtype:trojan-activity;sid:84538833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675709/; classtype:trojan-activity;sid:84538809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675710/; classtype:trojan-activity;sid:84538810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675711/; classtype:trojan-activity;sid:84538811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675712)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675712/; classtype:trojan-activity;sid:84538812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675713/; classtype:trojan-activity;sid:84538813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675714)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675714/; classtype:trojan-activity;sid:84538814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675715/; classtype:trojan-activity;sid:84538815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675716)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675716/; classtype:trojan-activity;sid:84538816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675717)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675717/; classtype:trojan-activity;sid:84538817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675718/; classtype:trojan-activity;sid:84538818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675719)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675719/; classtype:trojan-activity;sid:84538819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675720)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675720/; classtype:trojan-activity;sid:84538820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675721)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675721/; classtype:trojan-activity;sid:84538821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675722)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675722/; classtype:trojan-activity;sid:84538822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675723)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675723/; classtype:trojan-activity;sid:84538823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675724)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675724/; classtype:trojan-activity;sid:84538824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675704/; classtype:trojan-activity;sid:84538804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675705/; classtype:trojan-activity;sid:84538805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675706/; classtype:trojan-activity;sid:84538806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675707/; classtype:trojan-activity;sid:84538807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675708/; classtype:trojan-activity;sid:84538808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675703/; classtype:trojan-activity;sid:84538803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675690/; classtype:trojan-activity;sid:84538790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675691/; classtype:trojan-activity;sid:84538791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675692/; classtype:trojan-activity;sid:84538792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675693/; classtype:trojan-activity;sid:84538793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675694/; classtype:trojan-activity;sid:84538794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675695/; classtype:trojan-activity;sid:84538795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675696/; classtype:trojan-activity;sid:84538796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675697/; classtype:trojan-activity;sid:84538797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675698/; classtype:trojan-activity;sid:84538798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675699/; classtype:trojan-activity;sid:84538799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675700/; classtype:trojan-activity;sid:84538800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675701/; classtype:trojan-activity;sid:84538801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675702/; classtype:trojan-activity;sid:84538802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675689/; classtype:trojan-activity;sid:84538789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675688/; classtype:trojan-activity;sid:84538788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675683/; classtype:trojan-activity;sid:84538783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675684/; classtype:trojan-activity;sid:84538784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675685/; classtype:trojan-activity;sid:84538785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675686/; classtype:trojan-activity;sid:84538786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675687/; classtype:trojan-activity;sid:84538787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675676/; classtype:trojan-activity;sid:84538776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675677/; classtype:trojan-activity;sid:84538777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675678/; classtype:trojan-activity;sid:84538778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675679/; classtype:trojan-activity;sid:84538779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675680/; classtype:trojan-activity;sid:84538780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675681/; classtype:trojan-activity;sid:84538781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675682/; classtype:trojan-activity;sid:84538782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675664)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675664/; classtype:trojan-activity;sid:84538764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675665)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675665/; classtype:trojan-activity;sid:84538765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675666)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675666/; classtype:trojan-activity;sid:84538766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675667)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675667/; classtype:trojan-activity;sid:84538767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675668)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675668/; classtype:trojan-activity;sid:84538768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675669)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675669/; classtype:trojan-activity;sid:84538769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675670/; classtype:trojan-activity;sid:84538770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675671/; classtype:trojan-activity;sid:84538771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675672/; classtype:trojan-activity;sid:84538772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675673/; classtype:trojan-activity;sid:84538773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675674/; classtype:trojan-activity;sid:84538774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675675/; classtype:trojan-activity;sid:84538775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675663)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675663/; classtype:trojan-activity;sid:84538763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675646/; classtype:trojan-activity;sid:84538746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675647/; classtype:trojan-activity;sid:84538747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675648/; classtype:trojan-activity;sid:84538748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675649/; classtype:trojan-activity;sid:84538749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675650)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675650/; classtype:trojan-activity;sid:84538750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675651/; classtype:trojan-activity;sid:84538751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675652/; classtype:trojan-activity;sid:84538752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675653/; classtype:trojan-activity;sid:84538753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675654/; classtype:trojan-activity;sid:84538754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675655/; classtype:trojan-activity;sid:84538755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675656/; classtype:trojan-activity;sid:84538756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675657/; classtype:trojan-activity;sid:84538757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675658/; classtype:trojan-activity;sid:84538758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675659)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675659/; classtype:trojan-activity;sid:84538759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675660/; classtype:trojan-activity;sid:84538760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675661)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675661/; classtype:trojan-activity;sid:84538761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675662/; classtype:trojan-activity;sid:84538762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675643)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675643/; classtype:trojan-activity;sid:84538743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675644)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675644/; classtype:trojan-activity;sid:84538744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675645)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675645/; classtype:trojan-activity;sid:84538745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675642/; classtype:trojan-activity;sid:84538742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675640)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675640/; classtype:trojan-activity;sid:84538740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675641/; classtype:trojan-activity;sid:84538741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675625)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675625/; classtype:trojan-activity;sid:84538725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675626)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675626/; classtype:trojan-activity;sid:84538726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675627/; classtype:trojan-activity;sid:84538727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675628)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675628/; classtype:trojan-activity;sid:84538728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675629)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675629/; classtype:trojan-activity;sid:84538729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675630)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675630/; classtype:trojan-activity;sid:84538730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675631)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675631/; classtype:trojan-activity;sid:84538731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675632/; classtype:trojan-activity;sid:84538732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675633/; classtype:trojan-activity;sid:84538733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675634/; classtype:trojan-activity;sid:84538734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675635)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675635/; classtype:trojan-activity;sid:84538735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675636/; classtype:trojan-activity;sid:84538736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675637)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675637/; classtype:trojan-activity;sid:84538737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675638)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675638/; classtype:trojan-activity;sid:84538738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675639)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675639/; classtype:trojan-activity;sid:84538739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675623)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675623/; classtype:trojan-activity;sid:84538723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675624)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675624/; classtype:trojan-activity;sid:84538724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675622)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675622/; classtype:trojan-activity;sid:84538722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675617)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675617/; classtype:trojan-activity;sid:84538717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675618)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675618/; classtype:trojan-activity;sid:84538718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675619)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675619/; classtype:trojan-activity;sid:84538719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675620)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675620/; classtype:trojan-activity;sid:84538720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675621)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675621/; classtype:trojan-activity;sid:84538721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675615)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675615/; classtype:trojan-activity;sid:84538715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675616)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675616/; classtype:trojan-activity;sid:84538716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675610)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675610/; classtype:trojan-activity;sid:84538710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675611)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675611/; classtype:trojan-activity;sid:84538711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675612)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675612/; classtype:trojan-activity;sid:84538712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675613)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675613/; classtype:trojan-activity;sid:84538713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675614)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675614/; classtype:trojan-activity;sid:84538714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675609)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.232.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675609/; classtype:trojan-activity;sid:84538709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675605)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675605/; classtype:trojan-activity;sid:84538705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675606)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675606/; classtype:trojan-activity;sid:84538706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675607/; classtype:trojan-activity;sid:84538707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675608/; classtype:trojan-activity;sid:84538708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675604)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675604/; classtype:trojan-activity;sid:84538704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675602)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675602/; classtype:trojan-activity;sid:84538702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675603)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675603/; classtype:trojan-activity;sid:84538703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675600)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675600/; classtype:trojan-activity;sid:84538700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675601)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675601/; classtype:trojan-activity;sid:84538701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675599/; classtype:trojan-activity;sid:84538699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675597)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.232.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675597/; classtype:trojan-activity;sid:84538697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675598/; classtype:trojan-activity;sid:84538698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675562/; classtype:trojan-activity;sid:84538662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675563/; classtype:trojan-activity;sid:84538663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675564/; classtype:trojan-activity;sid:84538664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675565/; classtype:trojan-activity;sid:84538665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675566/; classtype:trojan-activity;sid:84538666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675567/; classtype:trojan-activity;sid:84538667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675568/; classtype:trojan-activity;sid:84538668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675569/; classtype:trojan-activity;sid:84538669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675570/; classtype:trojan-activity;sid:84538670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675571/; classtype:trojan-activity;sid:84538671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675572/; classtype:trojan-activity;sid:84538672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675573/; classtype:trojan-activity;sid:84538673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675574/; classtype:trojan-activity;sid:84538674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675575/; classtype:trojan-activity;sid:84538675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675576/; classtype:trojan-activity;sid:84538676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675577/; classtype:trojan-activity;sid:84538677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675578/; classtype:trojan-activity;sid:84538678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675579/; classtype:trojan-activity;sid:84538679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675580/; classtype:trojan-activity;sid:84538680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675581)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675581/; classtype:trojan-activity;sid:84538681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675582)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675582/; classtype:trojan-activity;sid:84538682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675583)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675583/; classtype:trojan-activity;sid:84538683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675584)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675584/; classtype:trojan-activity;sid:84538684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675585)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675585/; classtype:trojan-activity;sid:84538685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675586)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675586/; classtype:trojan-activity;sid:84538686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675587)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675587/; classtype:trojan-activity;sid:84538687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675588)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675588/; classtype:trojan-activity;sid:84538688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675589)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675589/; classtype:trojan-activity;sid:84538689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675590)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675590/; classtype:trojan-activity;sid:84538690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675591)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675591/; classtype:trojan-activity;sid:84538691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675592)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675592/; classtype:trojan-activity;sid:84538692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675593)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675593/; classtype:trojan-activity;sid:84538693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675594)"; flow:established,from_client; content:"GET"; http_method; content:"/penis.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675594/; classtype:trojan-activity;sid:84538694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675595)"; flow:established,from_client; content:"GET"; http_method; content:"/lol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675595/; classtype:trojan-activity;sid:84538695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675596)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675596/; classtype:trojan-activity;sid:84538696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675559/; classtype:trojan-activity;sid:84538659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675560/; classtype:trojan-activity;sid:84538660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675561/; classtype:trojan-activity;sid:84538661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675557/; classtype:trojan-activity;sid:84538657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675558/; classtype:trojan-activity;sid:84538658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675554/; classtype:trojan-activity;sid:84538654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675555/; classtype:trojan-activity;sid:84538655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675556/; classtype:trojan-activity;sid:84538656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675548/; classtype:trojan-activity;sid:84538648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675549/; classtype:trojan-activity;sid:84538649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675550/; classtype:trojan-activity;sid:84538650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675551/; classtype:trojan-activity;sid:84538651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675552/; classtype:trojan-activity;sid:84538652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675553/; classtype:trojan-activity;sid:84538653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675539/; classtype:trojan-activity;sid:84538639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675540/; classtype:trojan-activity;sid:84538640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675541/; classtype:trojan-activity;sid:84538641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675542/; classtype:trojan-activity;sid:84538642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675543/; classtype:trojan-activity;sid:84538643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675544/; classtype:trojan-activity;sid:84538644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675545/; classtype:trojan-activity;sid:84538645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675546/; classtype:trojan-activity;sid:84538646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675547/; classtype:trojan-activity;sid:84538647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675538/; classtype:trojan-activity;sid:84538638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675536)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675536/; classtype:trojan-activity;sid:84538636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675537/; classtype:trojan-activity;sid:84538637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675528)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675528/; classtype:trojan-activity;sid:84538628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675529)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675529/; classtype:trojan-activity;sid:84538629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675530)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675530/; classtype:trojan-activity;sid:84538630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675531)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675531/; classtype:trojan-activity;sid:84538631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675532)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675532/; classtype:trojan-activity;sid:84538632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675533)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675533/; classtype:trojan-activity;sid:84538633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675534)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675534/; classtype:trojan-activity;sid:84538634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675535/; classtype:trojan-activity;sid:84538635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675520)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675520/; classtype:trojan-activity;sid:84538620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675521)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675521/; classtype:trojan-activity;sid:84538621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675522/; classtype:trojan-activity;sid:84538622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675523)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675523/; classtype:trojan-activity;sid:84538623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675524)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675524/; classtype:trojan-activity;sid:84538624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675525/; classtype:trojan-activity;sid:84538625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675526/; classtype:trojan-activity;sid:84538626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675527)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675527/; classtype:trojan-activity;sid:84538627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675515)"; flow:established,from_client; content:"GET"; http_method; content:"/mainos.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.70.228.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675515/; classtype:trojan-activity;sid:84538615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675516)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675516/; classtype:trojan-activity;sid:84538616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675517)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675517/; classtype:trojan-activity;sid:84538617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675518)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675518/; classtype:trojan-activity;sid:84538618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675519)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675519/; classtype:trojan-activity;sid:84538619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675506)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675506/; classtype:trojan-activity;sid:84538606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675507)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675507/; classtype:trojan-activity;sid:84538607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675508)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675508/; classtype:trojan-activity;sid:84538608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675509/; classtype:trojan-activity;sid:84538609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675510)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675510/; classtype:trojan-activity;sid:84538610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675511/; classtype:trojan-activity;sid:84538611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675512)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675512/; classtype:trojan-activity;sid:84538612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675513/; classtype:trojan-activity;sid:84538613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675514)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675514/; classtype:trojan-activity;sid:84538614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675483/; classtype:trojan-activity;sid:84538583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675484/; classtype:trojan-activity;sid:84538584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675485/; classtype:trojan-activity;sid:84538585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675486/; classtype:trojan-activity;sid:84538586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675487/; classtype:trojan-activity;sid:84538587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675488)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675488/; classtype:trojan-activity;sid:84538588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675489)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675489/; classtype:trojan-activity;sid:84538589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675490)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675490/; classtype:trojan-activity;sid:84538590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675491)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675491/; classtype:trojan-activity;sid:84538591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675492)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675492/; classtype:trojan-activity;sid:84538592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675493)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675493/; classtype:trojan-activity;sid:84538593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675494/; classtype:trojan-activity;sid:84538594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675495)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675495/; classtype:trojan-activity;sid:84538595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675496)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675496/; classtype:trojan-activity;sid:84538596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675497)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675497/; classtype:trojan-activity;sid:84538597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675498)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675498/; classtype:trojan-activity;sid:84538598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675499)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675499/; classtype:trojan-activity;sid:84538599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675500)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675500/; classtype:trojan-activity;sid:84538600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675501)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675501/; classtype:trojan-activity;sid:84538601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675502)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675502/; classtype:trojan-activity;sid:84538602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675503)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675503/; classtype:trojan-activity;sid:84538603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675504)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675504/; classtype:trojan-activity;sid:84538604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675505)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675505/; classtype:trojan-activity;sid:84538605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675482/; classtype:trojan-activity;sid:84538582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675481)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675481/; classtype:trojan-activity;sid:84538581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675478/; classtype:trojan-activity;sid:84538578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675479)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675479/; classtype:trojan-activity;sid:84538579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675480)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675480/; classtype:trojan-activity;sid:84538580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675477/; classtype:trojan-activity;sid:84538577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675474/; classtype:trojan-activity;sid:84538574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675475)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675475/; classtype:trojan-activity;sid:84538575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675476/; classtype:trojan-activity;sid:84538576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675472/; classtype:trojan-activity;sid:84538572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675473/; classtype:trojan-activity;sid:84538573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675465/; classtype:trojan-activity;sid:84538565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675466/; classtype:trojan-activity;sid:84538566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675467)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675467/; classtype:trojan-activity;sid:84538567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675468/; classtype:trojan-activity;sid:84538568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675469)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675469/; classtype:trojan-activity;sid:84538569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675470/; classtype:trojan-activity;sid:84538570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675471/; classtype:trojan-activity;sid:84538571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675463/; classtype:trojan-activity;sid:84538563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675464)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675464/; classtype:trojan-activity;sid:84538564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675462)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675462/; classtype:trojan-activity;sid:84538562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675431/; classtype:trojan-activity;sid:84538531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675432/; classtype:trojan-activity;sid:84538532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675433/; classtype:trojan-activity;sid:84538533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675434)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675434/; classtype:trojan-activity;sid:84538534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675435)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675435/; classtype:trojan-activity;sid:84538535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675436)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675436/; classtype:trojan-activity;sid:84538536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675437)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675437/; classtype:trojan-activity;sid:84538537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675438/; classtype:trojan-activity;sid:84538538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675439/; classtype:trojan-activity;sid:84538539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675440/; classtype:trojan-activity;sid:84538540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675441)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675441/; classtype:trojan-activity;sid:84538541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675442)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675442/; classtype:trojan-activity;sid:84538542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675443)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675443/; classtype:trojan-activity;sid:84538543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675444)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675444/; classtype:trojan-activity;sid:84538544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675445)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675445/; classtype:trojan-activity;sid:84538545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675446/; classtype:trojan-activity;sid:84538546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675447/; classtype:trojan-activity;sid:84538547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675448/; classtype:trojan-activity;sid:84538548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675449/; classtype:trojan-activity;sid:84538549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675450)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675450/; classtype:trojan-activity;sid:84538550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675451)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675451/; classtype:trojan-activity;sid:84538551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675452/; classtype:trojan-activity;sid:84538552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675453/; classtype:trojan-activity;sid:84538553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675454)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675454/; classtype:trojan-activity;sid:84538554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675455)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675455/; classtype:trojan-activity;sid:84538555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675456/; classtype:trojan-activity;sid:84538556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675457)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675457/; classtype:trojan-activity;sid:84538557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675458/; classtype:trojan-activity;sid:84538558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675459/; classtype:trojan-activity;sid:84538559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675460)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675460/; classtype:trojan-activity;sid:84538560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675461)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675461/; classtype:trojan-activity;sid:84538561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675429)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675429/; classtype:trojan-activity;sid:84538529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675430/; classtype:trojan-activity;sid:84538530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675428/; classtype:trojan-activity;sid:84538528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675414/; classtype:trojan-activity;sid:84538514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675415/; classtype:trojan-activity;sid:84538515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675416/; classtype:trojan-activity;sid:84538516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675417/; classtype:trojan-activity;sid:84538517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675418/; classtype:trojan-activity;sid:84538518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675419/; classtype:trojan-activity;sid:84538519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675420/; classtype:trojan-activity;sid:84538520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675421/; classtype:trojan-activity;sid:84538521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675422)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675422/; classtype:trojan-activity;sid:84538522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675423/; classtype:trojan-activity;sid:84538523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675424)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675424/; classtype:trojan-activity;sid:84538524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675425)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675425/; classtype:trojan-activity;sid:84538525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675426/; classtype:trojan-activity;sid:84538526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675427)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675427/; classtype:trojan-activity;sid:84538527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675406/; classtype:trojan-activity;sid:84538506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675407/; classtype:trojan-activity;sid:84538507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675408/; classtype:trojan-activity;sid:84538508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675409/; classtype:trojan-activity;sid:84538509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675410/; classtype:trojan-activity;sid:84538510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675411/; classtype:trojan-activity;sid:84538511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675412/; classtype:trojan-activity;sid:84538512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675413/; classtype:trojan-activity;sid:84538513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675404)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675404/; classtype:trojan-activity;sid:84538504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675405/; classtype:trojan-activity;sid:84538505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675396/; classtype:trojan-activity;sid:84538496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675397/; classtype:trojan-activity;sid:84538497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675398/; classtype:trojan-activity;sid:84538498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675399/; classtype:trojan-activity;sid:84538499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675400/; classtype:trojan-activity;sid:84538500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675401/; classtype:trojan-activity;sid:84538501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675402/; classtype:trojan-activity;sid:84538502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675403/; classtype:trojan-activity;sid:84538503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675391/; classtype:trojan-activity;sid:84538491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675392/; classtype:trojan-activity;sid:84538492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675393/; classtype:trojan-activity;sid:84538493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675394/; classtype:trojan-activity;sid:84538494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675395/; classtype:trojan-activity;sid:84538495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675376)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675376/; classtype:trojan-activity;sid:84538476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675377/; classtype:trojan-activity;sid:84538477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675378/; classtype:trojan-activity;sid:84538478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675379/; classtype:trojan-activity;sid:84538479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675380/; classtype:trojan-activity;sid:84538480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675381/; classtype:trojan-activity;sid:84538481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675382/; classtype:trojan-activity;sid:84538482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675383/; classtype:trojan-activity;sid:84538483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675384/; classtype:trojan-activity;sid:84538484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675385/; classtype:trojan-activity;sid:84538485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.252.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675386/; classtype:trojan-activity;sid:84538486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675387)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675387/; classtype:trojan-activity;sid:84538487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675388/; classtype:trojan-activity;sid:84538488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675389/; classtype:trojan-activity;sid:84538489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675390/; classtype:trojan-activity;sid:84538490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675375/; classtype:trojan-activity;sid:84538475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675367/; classtype:trojan-activity;sid:84538467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675368/; classtype:trojan-activity;sid:84538468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675369/; classtype:trojan-activity;sid:84538469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675370)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675370/; classtype:trojan-activity;sid:84538470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675371/; classtype:trojan-activity;sid:84538471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675372/; classtype:trojan-activity;sid:84538472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675373/; classtype:trojan-activity;sid:84538473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675374/; classtype:trojan-activity;sid:84538474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675365)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675365/; classtype:trojan-activity;sid:84538465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675366)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675366/; classtype:trojan-activity;sid:84538466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675361)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675361/; classtype:trojan-activity;sid:84538461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675362)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675362/; classtype:trojan-activity;sid:84538462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675363)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675363/; classtype:trojan-activity;sid:84538463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675364)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675364/; classtype:trojan-activity;sid:84538464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675348)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675348/; classtype:trojan-activity;sid:84538448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675349)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675349/; classtype:trojan-activity;sid:84538449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675350)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675350/; classtype:trojan-activity;sid:84538450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675351)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675351/; classtype:trojan-activity;sid:84538451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675352)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675352/; classtype:trojan-activity;sid:84538452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675353)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675353/; classtype:trojan-activity;sid:84538453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675354)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675354/; classtype:trojan-activity;sid:84538454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675355)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675355/; classtype:trojan-activity;sid:84538455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675356)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675356/; classtype:trojan-activity;sid:84538456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675357)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675357/; classtype:trojan-activity;sid:84538457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675358)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675358/; classtype:trojan-activity;sid:84538458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675359)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675359/; classtype:trojan-activity;sid:84538459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675360)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675360/; classtype:trojan-activity;sid:84538460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675347)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675347/; classtype:trojan-activity;sid:84538447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675325)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675325/; classtype:trojan-activity;sid:84538425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675326/; classtype:trojan-activity;sid:84538426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675327)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675327/; classtype:trojan-activity;sid:84538427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675328)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675328/; classtype:trojan-activity;sid:84538428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675329/; classtype:trojan-activity;sid:84538429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675330/; classtype:trojan-activity;sid:84538430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675331/; classtype:trojan-activity;sid:84538431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675332/; classtype:trojan-activity;sid:84538432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675333/; classtype:trojan-activity;sid:84538433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675334)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675334/; classtype:trojan-activity;sid:84538434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675335/; classtype:trojan-activity;sid:84538435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675336/; classtype:trojan-activity;sid:84538436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675337)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675337/; classtype:trojan-activity;sid:84538437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675338)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675338/; classtype:trojan-activity;sid:84538438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675339)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675339/; classtype:trojan-activity;sid:84538439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675340)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675340/; classtype:trojan-activity;sid:84538440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675341)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675341/; classtype:trojan-activity;sid:84538441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675342)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675342/; classtype:trojan-activity;sid:84538442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675343/; classtype:trojan-activity;sid:84538443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675344)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675344/; classtype:trojan-activity;sid:84538444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675345/; classtype:trojan-activity;sid:84538445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675346)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675346/; classtype:trojan-activity;sid:84538446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675324)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675324/; classtype:trojan-activity;sid:84538424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675320)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675320/; classtype:trojan-activity;sid:84538420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675321/; classtype:trojan-activity;sid:84538421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675322)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675322/; classtype:trojan-activity;sid:84538422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675323)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675323/; classtype:trojan-activity;sid:84538423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675319/; classtype:trojan-activity;sid:84538419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675306/; classtype:trojan-activity;sid:84538406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675307)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675307/; classtype:trojan-activity;sid:84538407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675308/; classtype:trojan-activity;sid:84538408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675309/; classtype:trojan-activity;sid:84538409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675310)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675310/; classtype:trojan-activity;sid:84538410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675311)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675311/; classtype:trojan-activity;sid:84538411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675312)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675312/; classtype:trojan-activity;sid:84538412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675313)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675313/; classtype:trojan-activity;sid:84538413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675314)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675314/; classtype:trojan-activity;sid:84538414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675315/; classtype:trojan-activity;sid:84538415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675316)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675316/; classtype:trojan-activity;sid:84538416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675317)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675317/; classtype:trojan-activity;sid:84538417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675318)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675318/; classtype:trojan-activity;sid:84538418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675305/; classtype:trojan-activity;sid:84538405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675291/; classtype:trojan-activity;sid:84538391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675292/; classtype:trojan-activity;sid:84538392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675293/; classtype:trojan-activity;sid:84538393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675294/; classtype:trojan-activity;sid:84538394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675295/; classtype:trojan-activity;sid:84538395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675296/; classtype:trojan-activity;sid:84538396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675297/; classtype:trojan-activity;sid:84538397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675298/; classtype:trojan-activity;sid:84538398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675299/; classtype:trojan-activity;sid:84538399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675300)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675300/; classtype:trojan-activity;sid:84538400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675301)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675301/; classtype:trojan-activity;sid:84538401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675302/; classtype:trojan-activity;sid:84538402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675303/; classtype:trojan-activity;sid:84538403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675304)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675304/; classtype:trojan-activity;sid:84538404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675288/; classtype:trojan-activity;sid:84538388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675289/; classtype:trojan-activity;sid:84538389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675290/; classtype:trojan-activity;sid:84538390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675287/; classtype:trojan-activity;sid:84538387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675286/; classtype:trojan-activity;sid:84538386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675283/; classtype:trojan-activity;sid:84538383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675284)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675284/; classtype:trojan-activity;sid:84538384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675285)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675285/; classtype:trojan-activity;sid:84538385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675282/; classtype:trojan-activity;sid:84538382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675271)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675271/; classtype:trojan-activity;sid:84538371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675272)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675272/; classtype:trojan-activity;sid:84538372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675273)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675273/; classtype:trojan-activity;sid:84538373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675274/; classtype:trojan-activity;sid:84538374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675275/; classtype:trojan-activity;sid:84538375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675276/; classtype:trojan-activity;sid:84538376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675277/; classtype:trojan-activity;sid:84538377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675278/; classtype:trojan-activity;sid:84538378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675279)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675279/; classtype:trojan-activity;sid:84538379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675280/; classtype:trojan-activity;sid:84538380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675281/; classtype:trojan-activity;sid:84538381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675256)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675256/; classtype:trojan-activity;sid:84538356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675257/; classtype:trojan-activity;sid:84538357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675258/; classtype:trojan-activity;sid:84538358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675259)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675259/; classtype:trojan-activity;sid:84538359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675260)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675260/; classtype:trojan-activity;sid:84538360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675261)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675261/; classtype:trojan-activity;sid:84538361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675262)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675262/; classtype:trojan-activity;sid:84538362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675263)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675263/; classtype:trojan-activity;sid:84538363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675264)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675264/; classtype:trojan-activity;sid:84538364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675265)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675265/; classtype:trojan-activity;sid:84538365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675266)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675266/; classtype:trojan-activity;sid:84538366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675267)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675267/; classtype:trojan-activity;sid:84538367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675268)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675268/; classtype:trojan-activity;sid:84538368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675269)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675269/; classtype:trojan-activity;sid:84538369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675270)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675270/; classtype:trojan-activity;sid:84538370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675254/; classtype:trojan-activity;sid:84538354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675255)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675255/; classtype:trojan-activity;sid:84538355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675248/; classtype:trojan-activity;sid:84538348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675249/; classtype:trojan-activity;sid:84538349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675250/; classtype:trojan-activity;sid:84538350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675251/; classtype:trojan-activity;sid:84538351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675252/; classtype:trojan-activity;sid:84538352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675253/; classtype:trojan-activity;sid:84538353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675240)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675240/; classtype:trojan-activity;sid:84538340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675241/; classtype:trojan-activity;sid:84538341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675242)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675242/; classtype:trojan-activity;sid:84538342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675243/; classtype:trojan-activity;sid:84538343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675244)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675244/; classtype:trojan-activity;sid:84538344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675245)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675245/; classtype:trojan-activity;sid:84538345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675246/; classtype:trojan-activity;sid:84538346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675247/; classtype:trojan-activity;sid:84538347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675238/; classtype:trojan-activity;sid:84538338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675239/; classtype:trojan-activity;sid:84538339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675234)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675234/; classtype:trojan-activity;sid:84538334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675235/; classtype:trojan-activity;sid:84538335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675236/; classtype:trojan-activity;sid:84538336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675237)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675237/; classtype:trojan-activity;sid:84538337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675232)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675232/; classtype:trojan-activity;sid:84538332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675233)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675233/; classtype:trojan-activity;sid:84538333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675215)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675215/; classtype:trojan-activity;sid:84538315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675216)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675216/; classtype:trojan-activity;sid:84538316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675217)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675217/; classtype:trojan-activity;sid:84538317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675218)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675218/; classtype:trojan-activity;sid:84538318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675219/; classtype:trojan-activity;sid:84538319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675220/; classtype:trojan-activity;sid:84538320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675221)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675221/; classtype:trojan-activity;sid:84538321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675222/; classtype:trojan-activity;sid:84538322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675223/; classtype:trojan-activity;sid:84538323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675224)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675224/; classtype:trojan-activity;sid:84538324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675225/; classtype:trojan-activity;sid:84538325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675226)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675226/; classtype:trojan-activity;sid:84538326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675227/; classtype:trojan-activity;sid:84538327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675228/; classtype:trojan-activity;sid:84538328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675229/; classtype:trojan-activity;sid:84538329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675230/; classtype:trojan-activity;sid:84538330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675231/; classtype:trojan-activity;sid:84538331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675214)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675214/; classtype:trojan-activity;sid:84538314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675205)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675205/; classtype:trojan-activity;sid:84538305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675206)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675206/; classtype:trojan-activity;sid:84538306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675207/; classtype:trojan-activity;sid:84538307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675208)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675208/; classtype:trojan-activity;sid:84538308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675209/; classtype:trojan-activity;sid:84538309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675210)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675210/; classtype:trojan-activity;sid:84538310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675211/; classtype:trojan-activity;sid:84538311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675212)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675212/; classtype:trojan-activity;sid:84538312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675213)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675213/; classtype:trojan-activity;sid:84538313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675197/; classtype:trojan-activity;sid:84538297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675198)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675198/; classtype:trojan-activity;sid:84538298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"artier-recourser.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675199/; classtype:trojan-activity;sid:84538299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675200/; classtype:trojan-activity;sid:84538300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675201)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675201/; classtype:trojan-activity;sid:84538301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675202/; classtype:trojan-activity;sid:84538302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675203/; classtype:trojan-activity;sid:84538303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675204)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675204/; classtype:trojan-activity;sid:84538304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675190/; classtype:trojan-activity;sid:84538290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675191/; classtype:trojan-activity;sid:84538291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675192/; classtype:trojan-activity;sid:84538292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675193/; classtype:trojan-activity;sid:84538293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675194/; classtype:trojan-activity;sid:84538294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675195/; classtype:trojan-activity;sid:84538295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675196/; classtype:trojan-activity;sid:84538296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675188/; classtype:trojan-activity;sid:84538288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675189/; classtype:trojan-activity;sid:84538289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675182/; classtype:trojan-activity;sid:84538282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675183/; classtype:trojan-activity;sid:84538283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675184/; classtype:trojan-activity;sid:84538284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675185/; classtype:trojan-activity;sid:84538285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675186/; classtype:trojan-activity;sid:84538286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675187/; classtype:trojan-activity;sid:84538287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675152/; classtype:trojan-activity;sid:84538252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675153/; classtype:trojan-activity;sid:84538253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675154/; classtype:trojan-activity;sid:84538254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675155/; classtype:trojan-activity;sid:84538255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675156/; classtype:trojan-activity;sid:84538256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675157/; classtype:trojan-activity;sid:84538257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675158)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675158/; classtype:trojan-activity;sid:84538258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675159)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675159/; classtype:trojan-activity;sid:84538259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675160/; classtype:trojan-activity;sid:84538260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675161)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675161/; classtype:trojan-activity;sid:84538261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675162)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675162/; classtype:trojan-activity;sid:84538262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675163)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675163/; classtype:trojan-activity;sid:84538263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675164)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675164/; classtype:trojan-activity;sid:84538264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675165)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675165/; classtype:trojan-activity;sid:84538265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675166)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675166/; classtype:trojan-activity;sid:84538266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675167/; classtype:trojan-activity;sid:84538267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675168/; classtype:trojan-activity;sid:84538268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675169)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675169/; classtype:trojan-activity;sid:84538269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675170)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675170/; classtype:trojan-activity;sid:84538270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675171/; classtype:trojan-activity;sid:84538271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675172/; classtype:trojan-activity;sid:84538272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675173/; classtype:trojan-activity;sid:84538273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675174)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675174/; classtype:trojan-activity;sid:84538274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675175/; classtype:trojan-activity;sid:84538275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675176)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675176/; classtype:trojan-activity;sid:84538276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675177/; classtype:trojan-activity;sid:84538277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675178/; classtype:trojan-activity;sid:84538278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675179/; classtype:trojan-activity;sid:84538279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675180)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675180/; classtype:trojan-activity;sid:84538280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675181)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675181/; classtype:trojan-activity;sid:84538281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675148/; classtype:trojan-activity;sid:84538248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675149/; classtype:trojan-activity;sid:84538249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675150/; classtype:trojan-activity;sid:84538250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675151/; classtype:trojan-activity;sid:84538251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675146/; classtype:trojan-activity;sid:84538246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675147/; classtype:trojan-activity;sid:84538247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675140)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675140/; classtype:trojan-activity;sid:84538240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675141)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675141/; classtype:trojan-activity;sid:84538241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675142/; classtype:trojan-activity;sid:84538242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675143/; classtype:trojan-activity;sid:84538243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675144/; classtype:trojan-activity;sid:84538244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675145)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cpcontacts.5-253-86-21.cprapid.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675145/; classtype:trojan-activity;sid:84538245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675139)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675139/; classtype:trojan-activity;sid:84538239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675131)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675131/; classtype:trojan-activity;sid:84538231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675132/; classtype:trojan-activity;sid:84538232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675133)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675133/; classtype:trojan-activity;sid:84538233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675134)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675134/; classtype:trojan-activity;sid:84538234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675135)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675135/; classtype:trojan-activity;sid:84538235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675136)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675136/; classtype:trojan-activity;sid:84538236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675137)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675137/; classtype:trojan-activity;sid:84538237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675138)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675138/; classtype:trojan-activity;sid:84538238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675128)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675128/; classtype:trojan-activity;sid:84538228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675129/; classtype:trojan-activity;sid:84538229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675130)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675130/; classtype:trojan-activity;sid:84538230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675120)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675120/; classtype:trojan-activity;sid:84538220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675121)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675121/; classtype:trojan-activity;sid:84538221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675122)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675122/; classtype:trojan-activity;sid:84538222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675123)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675123/; classtype:trojan-activity;sid:84538223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675124)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675124/; classtype:trojan-activity;sid:84538224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675125)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675125/; classtype:trojan-activity;sid:84538225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675126)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675126/; classtype:trojan-activity;sid:84538226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675127)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675127/; classtype:trojan-activity;sid:84538227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xdzdfxzf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675116/; classtype:trojan-activity;sid:84538216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675117/; classtype:trojan-activity;sid:84538217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675118)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675118/; classtype:trojan-activity;sid:84538218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675119/; classtype:trojan-activity;sid:84538219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675098/; classtype:trojan-activity;sid:84538198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675099/; classtype:trojan-activity;sid:84538199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675100/; classtype:trojan-activity;sid:84538200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675101/; classtype:trojan-activity;sid:84538201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675102/; classtype:trojan-activity;sid:84538202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675103/; classtype:trojan-activity;sid:84538203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675104/; classtype:trojan-activity;sid:84538204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675105/; classtype:trojan-activity;sid:84538205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675106/; classtype:trojan-activity;sid:84538206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675107/; classtype:trojan-activity;sid:84538207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675108/; classtype:trojan-activity;sid:84538208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675109/; classtype:trojan-activity;sid:84538209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675110)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675110/; classtype:trojan-activity;sid:84538210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675111/; classtype:trojan-activity;sid:84538211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675112/; classtype:trojan-activity;sid:84538212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675113/; classtype:trojan-activity;sid:84538213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675114/; classtype:trojan-activity;sid:84538214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675115/; classtype:trojan-activity;sid:84538215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675097/; classtype:trojan-activity;sid:84538197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675088/; classtype:trojan-activity;sid:84538188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675089)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"whm.5-253-86-21.cprapid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675089/; classtype:trojan-activity;sid:84538189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675090/; classtype:trojan-activity;sid:84538190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675091)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675091/; classtype:trojan-activity;sid:84538191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675092)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675092/; classtype:trojan-activity;sid:84538192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675093)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675093/; classtype:trojan-activity;sid:84538193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675094)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675094/; classtype:trojan-activity;sid:84538194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675095)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675095/; classtype:trojan-activity;sid:84538195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675096)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675096/; classtype:trojan-activity;sid:84538196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675084/; classtype:trojan-activity;sid:84538184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675085/; classtype:trojan-activity;sid:84538185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675086/; classtype:trojan-activity;sid:84538186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675087/; classtype:trojan-activity;sid:84538187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675081/; classtype:trojan-activity;sid:84538181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675082/; classtype:trojan-activity;sid:84538182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675083/; classtype:trojan-activity;sid:84538183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675077/; classtype:trojan-activity;sid:84538177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675078)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675078/; classtype:trojan-activity;sid:84538178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675079/; classtype:trojan-activity;sid:84538179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675080/; classtype:trojan-activity;sid:84538180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675075/; classtype:trojan-activity;sid:84538175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675076/; classtype:trojan-activity;sid:84538176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675069/; classtype:trojan-activity;sid:84538169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675070)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675070/; classtype:trojan-activity;sid:84538170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675071)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.232.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675071/; classtype:trojan-activity;sid:84538171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675072/; classtype:trojan-activity;sid:84538172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675073)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675073/; classtype:trojan-activity;sid:84538173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675074/; classtype:trojan-activity;sid:84538174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675068/; classtype:trojan-activity;sid:84538168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675061/; classtype:trojan-activity;sid:84538161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675062/; classtype:trojan-activity;sid:84538162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675063/; classtype:trojan-activity;sid:84538163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675064/; classtype:trojan-activity;sid:84538164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675065/; classtype:trojan-activity;sid:84538165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675066/; classtype:trojan-activity;sid:84538166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675067/; classtype:trojan-activity;sid:84538167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675059/; classtype:trojan-activity;sid:84538159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675060/; classtype:trojan-activity;sid:84538160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675041)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675041/; classtype:trojan-activity;sid:84538141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675042/; classtype:trojan-activity;sid:84538142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675043/; classtype:trojan-activity;sid:84538143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675044/; classtype:trojan-activity;sid:84538144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675045/; classtype:trojan-activity;sid:84538145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675046)"; flow:established,from_client; content:"GET"; http_method; content:"/cvn5labxeg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"q7.kdit5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675046/; classtype:trojan-activity;sid:84538146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675047/; classtype:trojan-activity;sid:84538147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675048/; classtype:trojan-activity;sid:84538148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675049/; classtype:trojan-activity;sid:84538149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675050)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675050/; classtype:trojan-activity;sid:84538150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675051/; classtype:trojan-activity;sid:84538151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675052/; classtype:trojan-activity;sid:84538152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675053/; classtype:trojan-activity;sid:84538153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675054/; classtype:trojan-activity;sid:84538154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675055/; classtype:trojan-activity;sid:84538155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675056/; classtype:trojan-activity;sid:84538156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675057/; classtype:trojan-activity;sid:84538157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675058/; classtype:trojan-activity;sid:84538158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675040)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675040/; classtype:trojan-activity;sid:84538140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675031/; classtype:trojan-activity;sid:84538131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675032/; classtype:trojan-activity;sid:84538132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675033/; classtype:trojan-activity;sid:84538133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675034/; classtype:trojan-activity;sid:84538134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675035)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675035/; classtype:trojan-activity;sid:84538135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675036/; classtype:trojan-activity;sid:84538136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675037/; classtype:trojan-activity;sid:84538137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675038)"; flow:established,from_client; content:"GET"; http_method; content:"/evizc4da"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eqt.ldef-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675038/; classtype:trojan-activity;sid:84538138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675039/; classtype:trojan-activity;sid:84538139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675000/; classtype:trojan-activity;sid:84538100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.236.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675001/; classtype:trojan-activity;sid:84538101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675002/; classtype:trojan-activity;sid:84538102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675003/; classtype:trojan-activity;sid:84538103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675004/; classtype:trojan-activity;sid:84538104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675005/; classtype:trojan-activity;sid:84538105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675006/; classtype:trojan-activity;sid:84538106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675007/; classtype:trojan-activity;sid:84538107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675008/; classtype:trojan-activity;sid:84538108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675009/; classtype:trojan-activity;sid:84538109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675010/; classtype:trojan-activity;sid:84538110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675011/; classtype:trojan-activity;sid:84538111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675012/; classtype:trojan-activity;sid:84538112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675013)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675013/; classtype:trojan-activity;sid:84538113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675014/; classtype:trojan-activity;sid:84538114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675015/; classtype:trojan-activity;sid:84538115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675016/; classtype:trojan-activity;sid:84538116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675017/; classtype:trojan-activity;sid:84538117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675018/; classtype:trojan-activity;sid:84538118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675019/; classtype:trojan-activity;sid:84538119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675020/; classtype:trojan-activity;sid:84538120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675021/; classtype:trojan-activity;sid:84538121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675022/; classtype:trojan-activity;sid:84538122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675023/; classtype:trojan-activity;sid:84538123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675024/; classtype:trojan-activity;sid:84538124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675025/; classtype:trojan-activity;sid:84538125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675026/; classtype:trojan-activity;sid:84538126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675027/; classtype:trojan-activity;sid:84538127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675028/; classtype:trojan-activity;sid:84538128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675029/; classtype:trojan-activity;sid:84538129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675030/; classtype:trojan-activity;sid:84538130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674998/; classtype:trojan-activity;sid:84538098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674999)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674999/; classtype:trojan-activity;sid:84538099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674997)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.232.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674997/; classtype:trojan-activity;sid:84538097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674994/; classtype:trojan-activity;sid:84538094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674995/; classtype:trojan-activity;sid:84538095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674996/; classtype:trojan-activity;sid:84538096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674974)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674974/; classtype:trojan-activity;sid:84538074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674975/; classtype:trojan-activity;sid:84538075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674976/; classtype:trojan-activity;sid:84538076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674977/; classtype:trojan-activity;sid:84538077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674978/; classtype:trojan-activity;sid:84538078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674979)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674979/; classtype:trojan-activity;sid:84538079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674980/; classtype:trojan-activity;sid:84538080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674981/; classtype:trojan-activity;sid:84538081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674982/; classtype:trojan-activity;sid:84538082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674983/; classtype:trojan-activity;sid:84538083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674984/; classtype:trojan-activity;sid:84538084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674985/; classtype:trojan-activity;sid:84538085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674986/; classtype:trojan-activity;sid:84538086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674987)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674987/; classtype:trojan-activity;sid:84538087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674988/; classtype:trojan-activity;sid:84538088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674989/; classtype:trojan-activity;sid:84538089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674990/; classtype:trojan-activity;sid:84538090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674991/; classtype:trojan-activity;sid:84538091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674992/; classtype:trojan-activity;sid:84538092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674993/; classtype:trojan-activity;sid:84538093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674961/; classtype:trojan-activity;sid:84538061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674962)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674962/; classtype:trojan-activity;sid:84538062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674963)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674963/; classtype:trojan-activity;sid:84538063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674964/; classtype:trojan-activity;sid:84538064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674965)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674965/; classtype:trojan-activity;sid:84538065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674966)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674966/; classtype:trojan-activity;sid:84538066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674967)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674967/; classtype:trojan-activity;sid:84538067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674968)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674968/; classtype:trojan-activity;sid:84538068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674969)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674969/; classtype:trojan-activity;sid:84538069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674970)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674970/; classtype:trojan-activity;sid:84538070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674971)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674971/; classtype:trojan-activity;sid:84538071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674972/; classtype:trojan-activity;sid:84538072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674973/; classtype:trojan-activity;sid:84538073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674950/; classtype:trojan-activity;sid:84538050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674951/; classtype:trojan-activity;sid:84538051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674952/; classtype:trojan-activity;sid:84538052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674953/; classtype:trojan-activity;sid:84538053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674954/; classtype:trojan-activity;sid:84538054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674955)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674955/; classtype:trojan-activity;sid:84538055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674956/; classtype:trojan-activity;sid:84538056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674957)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674957/; classtype:trojan-activity;sid:84538057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674958/; classtype:trojan-activity;sid:84538058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674959/; classtype:trojan-activity;sid:84538059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674960/; classtype:trojan-activity;sid:84538060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674948/; classtype:trojan-activity;sid:84538048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674949/; classtype:trojan-activity;sid:84538049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674942/; classtype:trojan-activity;sid:84538042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674943/; classtype:trojan-activity;sid:84538043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674944/; classtype:trojan-activity;sid:84538044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674945)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674945/; classtype:trojan-activity;sid:84538045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674946)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674946/; classtype:trojan-activity;sid:84538046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674947/; classtype:trojan-activity;sid:84538047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674935/; classtype:trojan-activity;sid:84538035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674936)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674936/; classtype:trojan-activity;sid:84538036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674937/; classtype:trojan-activity;sid:84538037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674938/; classtype:trojan-activity;sid:84538038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674939/; classtype:trojan-activity;sid:84538039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674940/; classtype:trojan-activity;sid:84538040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674941/; classtype:trojan-activity;sid:84538041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674931)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674931/; classtype:trojan-activity;sid:84538031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674932/; classtype:trojan-activity;sid:84538032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674933/; classtype:trojan-activity;sid:84538033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674934/; classtype:trojan-activity;sid:84538034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674915/; classtype:trojan-activity;sid:84538015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674916/; classtype:trojan-activity;sid:84538016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674917/; classtype:trojan-activity;sid:84538017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674918/; classtype:trojan-activity;sid:84538018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674919/; classtype:trojan-activity;sid:84538019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674920)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674920/; classtype:trojan-activity;sid:84538020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674921/; classtype:trojan-activity;sid:84538021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674922/; classtype:trojan-activity;sid:84538022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674923/; classtype:trojan-activity;sid:84538023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674924)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674924/; classtype:trojan-activity;sid:84538024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674925)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674925/; classtype:trojan-activity;sid:84538025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674926)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674926/; classtype:trojan-activity;sid:84538026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674927/; classtype:trojan-activity;sid:84538027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674928/; classtype:trojan-activity;sid:84538028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674929)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674929/; classtype:trojan-activity;sid:84538029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674930/; classtype:trojan-activity;sid:84538030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674914/; classtype:trojan-activity;sid:84538014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674912/; classtype:trojan-activity;sid:84538012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674913/; classtype:trojan-activity;sid:84538013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674907/; classtype:trojan-activity;sid:84538007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674908/; classtype:trojan-activity;sid:84538008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674909/; classtype:trojan-activity;sid:84538009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674910/; classtype:trojan-activity;sid:84538010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674911/; classtype:trojan-activity;sid:84538011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674903/; classtype:trojan-activity;sid:84538003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674904/; classtype:trojan-activity;sid:84538004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674905/; classtype:trojan-activity;sid:84538005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674906/; classtype:trojan-activity;sid:84538006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674893/; classtype:trojan-activity;sid:84537993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674894/; classtype:trojan-activity;sid:84537994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674895/; classtype:trojan-activity;sid:84537995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674896/; classtype:trojan-activity;sid:84537996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674897/; classtype:trojan-activity;sid:84537997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674898/; classtype:trojan-activity;sid:84537998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674899/; classtype:trojan-activity;sid:84537999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674900/; classtype:trojan-activity;sid:84538000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674901/; classtype:trojan-activity;sid:84538001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674902)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674902/; classtype:trojan-activity;sid:84538002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674881/; classtype:trojan-activity;sid:84537981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674882/; classtype:trojan-activity;sid:84537982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674883/; classtype:trojan-activity;sid:84537983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674884)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674884/; classtype:trojan-activity;sid:84537984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674885/; classtype:trojan-activity;sid:84537985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674886/; classtype:trojan-activity;sid:84537986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674887/; classtype:trojan-activity;sid:84537987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674888/; classtype:trojan-activity;sid:84537988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674889/; classtype:trojan-activity;sid:84537989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674890/; classtype:trojan-activity;sid:84537990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674891)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674891/; classtype:trojan-activity;sid:84537991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674892)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674892/; classtype:trojan-activity;sid:84537992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674873/; classtype:trojan-activity;sid:84537973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674874/; classtype:trojan-activity;sid:84537974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674875/; classtype:trojan-activity;sid:84537975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674876)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674876/; classtype:trojan-activity;sid:84537976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674877/; classtype:trojan-activity;sid:84537977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674878/; classtype:trojan-activity;sid:84537978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674879/; classtype:trojan-activity;sid:84537979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674880/; classtype:trojan-activity;sid:84537980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674872/; classtype:trojan-activity;sid:84537972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674869/; classtype:trojan-activity;sid:84537969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674870/; classtype:trojan-activity;sid:84537970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674871/; classtype:trojan-activity;sid:84537971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674866/; classtype:trojan-activity;sid:84537966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674867/; classtype:trojan-activity;sid:84537967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674868/; classtype:trojan-activity;sid:84537968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674865/; classtype:trojan-activity;sid:84537965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674860)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674860/; classtype:trojan-activity;sid:84537960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674861/; classtype:trojan-activity;sid:84537961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674862/; classtype:trojan-activity;sid:84537962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674863/; classtype:trojan-activity;sid:84537963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674864/; classtype:trojan-activity;sid:84537964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674837/; classtype:trojan-activity;sid:84537937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674838/; classtype:trojan-activity;sid:84537938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674839/; classtype:trojan-activity;sid:84537939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674840/; classtype:trojan-activity;sid:84537940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674841/; classtype:trojan-activity;sid:84537941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674842/; classtype:trojan-activity;sid:84537942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674843/; classtype:trojan-activity;sid:84537943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674844/; classtype:trojan-activity;sid:84537944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674845/; classtype:trojan-activity;sid:84537945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674846/; classtype:trojan-activity;sid:84537946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674847/; classtype:trojan-activity;sid:84537947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674848/; classtype:trojan-activity;sid:84537948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674849/; classtype:trojan-activity;sid:84537949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674850)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674850/; classtype:trojan-activity;sid:84537950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674851)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674851/; classtype:trojan-activity;sid:84537951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674852/; classtype:trojan-activity;sid:84537952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674853/; classtype:trojan-activity;sid:84537953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674854/; classtype:trojan-activity;sid:84537954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674855)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674855/; classtype:trojan-activity;sid:84537955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674856)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674856/; classtype:trojan-activity;sid:84537956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674857)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674857/; classtype:trojan-activity;sid:84537957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674858)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674858/; classtype:trojan-activity;sid:84537958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674859/; classtype:trojan-activity;sid:84537959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674833/; classtype:trojan-activity;sid:84537933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674834/; classtype:trojan-activity;sid:84537934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674835/; classtype:trojan-activity;sid:84537935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674836/; classtype:trojan-activity;sid:84537936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674832/; classtype:trojan-activity;sid:84537932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674828/; classtype:trojan-activity;sid:84537928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674829/; classtype:trojan-activity;sid:84537929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674830)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674830/; classtype:trojan-activity;sid:84537930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674831/; classtype:trojan-activity;sid:84537931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674827)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674827/; classtype:trojan-activity;sid:84537927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674821/; classtype:trojan-activity;sid:84537921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674822)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674822/; classtype:trojan-activity;sid:84537922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674823/; classtype:trojan-activity;sid:84537923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674824/; classtype:trojan-activity;sid:84537924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674825)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674825/; classtype:trojan-activity;sid:84537925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674826/; classtype:trojan-activity;sid:84537926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674818/; classtype:trojan-activity;sid:84537918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674819)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674819/; classtype:trojan-activity;sid:84537919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674820/; classtype:trojan-activity;sid:84537920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674817/; classtype:trojan-activity;sid:84537917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674795/; classtype:trojan-activity;sid:84537895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674796/; classtype:trojan-activity;sid:84537896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674797/; classtype:trojan-activity;sid:84537897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674798)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674798/; classtype:trojan-activity;sid:84537898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674799/; classtype:trojan-activity;sid:84537899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674800/; classtype:trojan-activity;sid:84537900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674801/; classtype:trojan-activity;sid:84537901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674802/; classtype:trojan-activity;sid:84537902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674803/; classtype:trojan-activity;sid:84537903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674804/; classtype:trojan-activity;sid:84537904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674805/; classtype:trojan-activity;sid:84537905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674806/; classtype:trojan-activity;sid:84537906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674807/; classtype:trojan-activity;sid:84537907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674808/; classtype:trojan-activity;sid:84537908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674809/; classtype:trojan-activity;sid:84537909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674810/; classtype:trojan-activity;sid:84537910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674811/; classtype:trojan-activity;sid:84537911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674812/; classtype:trojan-activity;sid:84537912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674813/; classtype:trojan-activity;sid:84537913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674814/; classtype:trojan-activity;sid:84537914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674815/; classtype:trojan-activity;sid:84537915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674816/; classtype:trojan-activity;sid:84537916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674793/; classtype:trojan-activity;sid:84537893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674794/; classtype:trojan-activity;sid:84537894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674784/; classtype:trojan-activity;sid:84537884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674785/; classtype:trojan-activity;sid:84537885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674786/; classtype:trojan-activity;sid:84537886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674787/; classtype:trojan-activity;sid:84537887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674788/; classtype:trojan-activity;sid:84537888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674789/; classtype:trojan-activity;sid:84537889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674790)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674790/; classtype:trojan-activity;sid:84537890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674791)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674791/; classtype:trojan-activity;sid:84537891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674792)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674792/; classtype:trojan-activity;sid:84537892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674783/; classtype:trojan-activity;sid:84537883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674782/; classtype:trojan-activity;sid:84537882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674767/; classtype:trojan-activity;sid:84537867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674768/; classtype:trojan-activity;sid:84537868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674769/; classtype:trojan-activity;sid:84537869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674770/; classtype:trojan-activity;sid:84537870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674771/; classtype:trojan-activity;sid:84537871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674772/; classtype:trojan-activity;sid:84537872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674773/; classtype:trojan-activity;sid:84537873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674774/; classtype:trojan-activity;sid:84537874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674775/; classtype:trojan-activity;sid:84537875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674776/; classtype:trojan-activity;sid:84537876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674777/; classtype:trojan-activity;sid:84537877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674778/; classtype:trojan-activity;sid:84537878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674779/; classtype:trojan-activity;sid:84537879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674780/; classtype:trojan-activity;sid:84537880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674781/; classtype:trojan-activity;sid:84537881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674762/; classtype:trojan-activity;sid:84537862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674763/; classtype:trojan-activity;sid:84537863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674764/; classtype:trojan-activity;sid:84537864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674765/; classtype:trojan-activity;sid:84537865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674766/; classtype:trojan-activity;sid:84537866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674757/; classtype:trojan-activity;sid:84537857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674758/; classtype:trojan-activity;sid:84537858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674759/; classtype:trojan-activity;sid:84537859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674760/; classtype:trojan-activity;sid:84537860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674761/; classtype:trojan-activity;sid:84537861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674755/; classtype:trojan-activity;sid:84537855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674756/; classtype:trojan-activity;sid:84537856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674754)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674754/; classtype:trojan-activity;sid:84537854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674751)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674751/; classtype:trojan-activity;sid:84537851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674752/; classtype:trojan-activity;sid:84537852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674753)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674753/; classtype:trojan-activity;sid:84537853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674736/; classtype:trojan-activity;sid:84537836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674737/; classtype:trojan-activity;sid:84537837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674738/; classtype:trojan-activity;sid:84537838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674739/; classtype:trojan-activity;sid:84537839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674740/; classtype:trojan-activity;sid:84537840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674741/; classtype:trojan-activity;sid:84537841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674742/; classtype:trojan-activity;sid:84537842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674743/; classtype:trojan-activity;sid:84537843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674744/; classtype:trojan-activity;sid:84537844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674745/; classtype:trojan-activity;sid:84537845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674746/; classtype:trojan-activity;sid:84537846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674747/; classtype:trojan-activity;sid:84537847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674748/; classtype:trojan-activity;sid:84537848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674749)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674749/; classtype:trojan-activity;sid:84537849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674750/; classtype:trojan-activity;sid:84537850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674735/; classtype:trojan-activity;sid:84537835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674726/; classtype:trojan-activity;sid:84537826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674727/; classtype:trojan-activity;sid:84537827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674728/; classtype:trojan-activity;sid:84537828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674729/; classtype:trojan-activity;sid:84537829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674730)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674730/; classtype:trojan-activity;sid:84537830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674731)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674731/; classtype:trojan-activity;sid:84537831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674732/; classtype:trojan-activity;sid:84537832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674733/; classtype:trojan-activity;sid:84537833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674734)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674734/; classtype:trojan-activity;sid:84537834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674725)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674725/; classtype:trojan-activity;sid:84537825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674722)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674722/; classtype:trojan-activity;sid:84537822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674723)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674723/; classtype:trojan-activity;sid:84537823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674724)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674724/; classtype:trojan-activity;sid:84537824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674719)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674719/; classtype:trojan-activity;sid:84537819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674720)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674720/; classtype:trojan-activity;sid:84537820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674721)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674721/; classtype:trojan-activity;sid:84537821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674716)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674716/; classtype:trojan-activity;sid:84537816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674717)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674717/; classtype:trojan-activity;sid:84537817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674718/; classtype:trojan-activity;sid:84537818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674713/; classtype:trojan-activity;sid:84537813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674714)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674714/; classtype:trojan-activity;sid:84537814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674715/; classtype:trojan-activity;sid:84537815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674711/; classtype:trojan-activity;sid:84537811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674712)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674712/; classtype:trojan-activity;sid:84537812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674709/; classtype:trojan-activity;sid:84537809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674710/; classtype:trojan-activity;sid:84537810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674703/; classtype:trojan-activity;sid:84537803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674704/; classtype:trojan-activity;sid:84537804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674705/; classtype:trojan-activity;sid:84537805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674706/; classtype:trojan-activity;sid:84537806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674707/; classtype:trojan-activity;sid:84537807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674708/; classtype:trojan-activity;sid:84537808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674697/; classtype:trojan-activity;sid:84537797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674698/; classtype:trojan-activity;sid:84537798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674699/; classtype:trojan-activity;sid:84537799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674700/; classtype:trojan-activity;sid:84537800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674701/; classtype:trojan-activity;sid:84537801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674702/; classtype:trojan-activity;sid:84537802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674695/; classtype:trojan-activity;sid:84537795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674696/; classtype:trojan-activity;sid:84537796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674693/; classtype:trojan-activity;sid:84537793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674694/; classtype:trojan-activity;sid:84537794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674685/; classtype:trojan-activity;sid:84537785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674686/; classtype:trojan-activity;sid:84537786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674687/; classtype:trojan-activity;sid:84537787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674688/; classtype:trojan-activity;sid:84537788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674689/; classtype:trojan-activity;sid:84537789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674690/; classtype:trojan-activity;sid:84537790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674691/; classtype:trojan-activity;sid:84537791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674692/; classtype:trojan-activity;sid:84537792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674684/; classtype:trojan-activity;sid:84537784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674681/; classtype:trojan-activity;sid:84537781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674682/; classtype:trojan-activity;sid:84537782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674683/; classtype:trojan-activity;sid:84537783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674680/; classtype:trojan-activity;sid:84537780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674679/; classtype:trojan-activity;sid:84537779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674654/; classtype:trojan-activity;sid:84537754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674655/; classtype:trojan-activity;sid:84537755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674656/; classtype:trojan-activity;sid:84537756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674657/; classtype:trojan-activity;sid:84537757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674658/; classtype:trojan-activity;sid:84537758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674659)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674659/; classtype:trojan-activity;sid:84537759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674660/; classtype:trojan-activity;sid:84537760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674661)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674661/; classtype:trojan-activity;sid:84537761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674662/; classtype:trojan-activity;sid:84537762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674663)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674663/; classtype:trojan-activity;sid:84537763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674664)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674664/; classtype:trojan-activity;sid:84537764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674665)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674665/; classtype:trojan-activity;sid:84537765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674666)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674666/; classtype:trojan-activity;sid:84537766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674667)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674667/; classtype:trojan-activity;sid:84537767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674668)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674668/; classtype:trojan-activity;sid:84537768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674669)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674669/; classtype:trojan-activity;sid:84537769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674670/; classtype:trojan-activity;sid:84537770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674671/; classtype:trojan-activity;sid:84537771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674672/; classtype:trojan-activity;sid:84537772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674673/; classtype:trojan-activity;sid:84537773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674674/; classtype:trojan-activity;sid:84537774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674675/; classtype:trojan-activity;sid:84537775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674676/; classtype:trojan-activity;sid:84537776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674677/; classtype:trojan-activity;sid:84537777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674678/; classtype:trojan-activity;sid:84537778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674653/; classtype:trojan-activity;sid:84537753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674651/; classtype:trojan-activity;sid:84537751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674652/; classtype:trojan-activity;sid:84537752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674650)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674650/; classtype:trojan-activity;sid:84537750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674648/; classtype:trojan-activity;sid:84537748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674649/; classtype:trojan-activity;sid:84537749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674647/; classtype:trojan-activity;sid:84537747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674646/; classtype:trojan-activity;sid:84537746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674641/; classtype:trojan-activity;sid:84537741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674642/; classtype:trojan-activity;sid:84537742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674643)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674643/; classtype:trojan-activity;sid:84537743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674644)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674644/; classtype:trojan-activity;sid:84537744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674645)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674645/; classtype:trojan-activity;sid:84537745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674640)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674640/; classtype:trojan-activity;sid:84537740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674639)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674639/; classtype:trojan-activity;sid:84537739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674612)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674612/; classtype:trojan-activity;sid:84537712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674613)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674613/; classtype:trojan-activity;sid:84537713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674614)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674614/; classtype:trojan-activity;sid:84537714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674615)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674615/; classtype:trojan-activity;sid:84537715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674616)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674616/; classtype:trojan-activity;sid:84537716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674617)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674617/; classtype:trojan-activity;sid:84537717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674618)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674618/; classtype:trojan-activity;sid:84537718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674619)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674619/; classtype:trojan-activity;sid:84537719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674620)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674620/; classtype:trojan-activity;sid:84537720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674621)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674621/; classtype:trojan-activity;sid:84537721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674622)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674622/; classtype:trojan-activity;sid:84537722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674623)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674623/; classtype:trojan-activity;sid:84537723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674624)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674624/; classtype:trojan-activity;sid:84537724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674625)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674625/; classtype:trojan-activity;sid:84537725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674626)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674626/; classtype:trojan-activity;sid:84537726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674627/; classtype:trojan-activity;sid:84537727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674628)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674628/; classtype:trojan-activity;sid:84537728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674629)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674629/; classtype:trojan-activity;sid:84537729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674630)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674630/; classtype:trojan-activity;sid:84537730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674631)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674631/; classtype:trojan-activity;sid:84537731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674632/; classtype:trojan-activity;sid:84537732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674633/; classtype:trojan-activity;sid:84537733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674634/; classtype:trojan-activity;sid:84537734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674635)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674635/; classtype:trojan-activity;sid:84537735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674636/; classtype:trojan-activity;sid:84537736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674637)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674637/; classtype:trojan-activity;sid:84537737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674638)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674638/; classtype:trojan-activity;sid:84537738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674611)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674611/; classtype:trojan-activity;sid:84537711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674610)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674610/; classtype:trojan-activity;sid:84537710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674609)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674609/; classtype:trojan-activity;sid:84537709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674606)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674606/; classtype:trojan-activity;sid:84537706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674607/; classtype:trojan-activity;sid:84537707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674608/; classtype:trojan-activity;sid:84537708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674605)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674605/; classtype:trojan-activity;sid:84537705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674573/; classtype:trojan-activity;sid:84537673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674574/; classtype:trojan-activity;sid:84537674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674575/; classtype:trojan-activity;sid:84537675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674576/; classtype:trojan-activity;sid:84537676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674577/; classtype:trojan-activity;sid:84537677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674578/; classtype:trojan-activity;sid:84537678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674579/; classtype:trojan-activity;sid:84537679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674580/; classtype:trojan-activity;sid:84537680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674581)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674581/; classtype:trojan-activity;sid:84537681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674582)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674582/; classtype:trojan-activity;sid:84537682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674583)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674583/; classtype:trojan-activity;sid:84537683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674584)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674584/; classtype:trojan-activity;sid:84537684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674585)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674585/; classtype:trojan-activity;sid:84537685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674586)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674586/; classtype:trojan-activity;sid:84537686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674587)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674587/; classtype:trojan-activity;sid:84537687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674588)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674588/; classtype:trojan-activity;sid:84537688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674589)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674589/; classtype:trojan-activity;sid:84537689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674590)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674590/; classtype:trojan-activity;sid:84537690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674591)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674591/; classtype:trojan-activity;sid:84537691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674592)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674592/; classtype:trojan-activity;sid:84537692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674593)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674593/; classtype:trojan-activity;sid:84537693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674594)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674594/; classtype:trojan-activity;sid:84537694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674595)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674595/; classtype:trojan-activity;sid:84537695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674596)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674596/; classtype:trojan-activity;sid:84537696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674597)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674597/; classtype:trojan-activity;sid:84537697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674598/; classtype:trojan-activity;sid:84537698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674599/; classtype:trojan-activity;sid:84537699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674600)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674600/; classtype:trojan-activity;sid:84537700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674601)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674601/; classtype:trojan-activity;sid:84537701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674602)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674602/; classtype:trojan-activity;sid:84537702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674603)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674603/; classtype:trojan-activity;sid:84537703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674604)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674604/; classtype:trojan-activity;sid:84537704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674572/; classtype:trojan-activity;sid:84537672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674571/; classtype:trojan-activity;sid:84537671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674566/; classtype:trojan-activity;sid:84537666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674567/; classtype:trojan-activity;sid:84537667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674568/; classtype:trojan-activity;sid:84537668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674569/; classtype:trojan-activity;sid:84537669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674570/; classtype:trojan-activity;sid:84537670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674564/; classtype:trojan-activity;sid:84537664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674565/; classtype:trojan-activity;sid:84537665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674560/; classtype:trojan-activity;sid:84537660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674561/; classtype:trojan-activity;sid:84537661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674562/; classtype:trojan-activity;sid:84537662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674563/; classtype:trojan-activity;sid:84537663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv4l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674559/; classtype:trojan-activity;sid:84537659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674549/; classtype:trojan-activity;sid:84537649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674550/; classtype:trojan-activity;sid:84537650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674551/; classtype:trojan-activity;sid:84537651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674552/; classtype:trojan-activity;sid:84537652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674553/; classtype:trojan-activity;sid:84537653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674554/; classtype:trojan-activity;sid:84537654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674555/; classtype:trojan-activity;sid:84537655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674556/; classtype:trojan-activity;sid:84537656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674557/; classtype:trojan-activity;sid:84537657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674558/; classtype:trojan-activity;sid:84537658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674538/; classtype:trojan-activity;sid:84537638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674539/; classtype:trojan-activity;sid:84537639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674540/; classtype:trojan-activity;sid:84537640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674541/; classtype:trojan-activity;sid:84537641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674542/; classtype:trojan-activity;sid:84537642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674543/; classtype:trojan-activity;sid:84537643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674544/; classtype:trojan-activity;sid:84537644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674545/; classtype:trojan-activity;sid:84537645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674546/; classtype:trojan-activity;sid:84537646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674547/; classtype:trojan-activity;sid:84537647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674548/; classtype:trojan-activity;sid:84537648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674537/; classtype:trojan-activity;sid:84537637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674531)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674531/; classtype:trojan-activity;sid:84537631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674532)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674532/; classtype:trojan-activity;sid:84537632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674533)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674533/; classtype:trojan-activity;sid:84537633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674534/; classtype:trojan-activity;sid:84537634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674535/; classtype:trojan-activity;sid:84537635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674536)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674536/; classtype:trojan-activity;sid:84537636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674529)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674529/; classtype:trojan-activity;sid:84537629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674530)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674530/; classtype:trojan-activity;sid:84537630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674528)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674528/; classtype:trojan-activity;sid:84537628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674515)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674515/; classtype:trojan-activity;sid:84537615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674516)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674516/; classtype:trojan-activity;sid:84537616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674517)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674517/; classtype:trojan-activity;sid:84537617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674518)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674518/; classtype:trojan-activity;sid:84537618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674519)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674519/; classtype:trojan-activity;sid:84537619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674520)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674520/; classtype:trojan-activity;sid:84537620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674521)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674521/; classtype:trojan-activity;sid:84537621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674522/; classtype:trojan-activity;sid:84537622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674523)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674523/; classtype:trojan-activity;sid:84537623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674524)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674524/; classtype:trojan-activity;sid:84537624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674525/; classtype:trojan-activity;sid:84537625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674526/; classtype:trojan-activity;sid:84537626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674527)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674527/; classtype:trojan-activity;sid:84537627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674503)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674503/; classtype:trojan-activity;sid:84537603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674504)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674504/; classtype:trojan-activity;sid:84537604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674505)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674505/; classtype:trojan-activity;sid:84537605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674506)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674506/; classtype:trojan-activity;sid:84537606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674507)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674507/; classtype:trojan-activity;sid:84537607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674508)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674508/; classtype:trojan-activity;sid:84537608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674509/; classtype:trojan-activity;sid:84537609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674510)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674510/; classtype:trojan-activity;sid:84537610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674511/; classtype:trojan-activity;sid:84537611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674512)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674512/; classtype:trojan-activity;sid:84537612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674513/; classtype:trojan-activity;sid:84537613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674514)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674514/; classtype:trojan-activity;sid:84537614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674502)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674502/; classtype:trojan-activity;sid:84537602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674484/; classtype:trojan-activity;sid:84537584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674485/; classtype:trojan-activity;sid:84537585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674486/; classtype:trojan-activity;sid:84537586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674487/; classtype:trojan-activity;sid:84537587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674488)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674488/; classtype:trojan-activity;sid:84537588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674489)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674489/; classtype:trojan-activity;sid:84537589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674490)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674490/; classtype:trojan-activity;sid:84537590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674491)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674491/; classtype:trojan-activity;sid:84537591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674492)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674492/; classtype:trojan-activity;sid:84537592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674493)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674493/; classtype:trojan-activity;sid:84537593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674494/; classtype:trojan-activity;sid:84537594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674495)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674495/; classtype:trojan-activity;sid:84537595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674496)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674496/; classtype:trojan-activity;sid:84537596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674497)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674497/; classtype:trojan-activity;sid:84537597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674498)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674498/; classtype:trojan-activity;sid:84537598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674499)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674499/; classtype:trojan-activity;sid:84537599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674500)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674500/; classtype:trojan-activity;sid:84537600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674501)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674501/; classtype:trojan-activity;sid:84537601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674481)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674481/; classtype:trojan-activity;sid:84537581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674482/; classtype:trojan-activity;sid:84537582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674483/; classtype:trojan-activity;sid:84537583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674480)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674480/; classtype:trojan-activity;sid:84537580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674479)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674479/; classtype:trojan-activity;sid:84537579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674474/; classtype:trojan-activity;sid:84537574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674475)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674475/; classtype:trojan-activity;sid:84537575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674476/; classtype:trojan-activity;sid:84537576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674477/; classtype:trojan-activity;sid:84537577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674478/; classtype:trojan-activity;sid:84537578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674469)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674469/; classtype:trojan-activity;sid:84537569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674470/; classtype:trojan-activity;sid:84537570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674471/; classtype:trojan-activity;sid:84537571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674472/; classtype:trojan-activity;sid:84537572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674473/; classtype:trojan-activity;sid:84537573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674457)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674457/; classtype:trojan-activity;sid:84537557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674458/; classtype:trojan-activity;sid:84537558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674459/; classtype:trojan-activity;sid:84537559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674460)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674460/; classtype:trojan-activity;sid:84537560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674461)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674461/; classtype:trojan-activity;sid:84537561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674462)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674462/; classtype:trojan-activity;sid:84537562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674463/; classtype:trojan-activity;sid:84537563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674464)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674464/; classtype:trojan-activity;sid:84537564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674465/; classtype:trojan-activity;sid:84537565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674466/; classtype:trojan-activity;sid:84537566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674467)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674467/; classtype:trojan-activity;sid:84537567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674468/; classtype:trojan-activity;sid:84537568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674446/; classtype:trojan-activity;sid:84537546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674447/; classtype:trojan-activity;sid:84537547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674448/; classtype:trojan-activity;sid:84537548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674449/; classtype:trojan-activity;sid:84537549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674450)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674450/; classtype:trojan-activity;sid:84537550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674451)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674451/; classtype:trojan-activity;sid:84537551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674452/; classtype:trojan-activity;sid:84537552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674453/; classtype:trojan-activity;sid:84537553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674454)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674454/; classtype:trojan-activity;sid:84537554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674455)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674455/; classtype:trojan-activity;sid:84537555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674456/; classtype:trojan-activity;sid:84537556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674445)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674445/; classtype:trojan-activity;sid:84537545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674443)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674443/; classtype:trojan-activity;sid:84537543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674444)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674444/; classtype:trojan-activity;sid:84537544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674442)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674442/; classtype:trojan-activity;sid:84537542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674441)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674441/; classtype:trojan-activity;sid:84537541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674438/; classtype:trojan-activity;sid:84537538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674439/; classtype:trojan-activity;sid:84537539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674440/; classtype:trojan-activity;sid:84537540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674435)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674435/; classtype:trojan-activity;sid:84537535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674436)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674436/; classtype:trojan-activity;sid:84537536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674437)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674437/; classtype:trojan-activity;sid:84537537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674406/; classtype:trojan-activity;sid:84537506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674407/; classtype:trojan-activity;sid:84537507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674408/; classtype:trojan-activity;sid:84537508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674409/; classtype:trojan-activity;sid:84537509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674410/; classtype:trojan-activity;sid:84537510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674411/; classtype:trojan-activity;sid:84537511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674412/; classtype:trojan-activity;sid:84537512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674413/; classtype:trojan-activity;sid:84537513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674414/; classtype:trojan-activity;sid:84537514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674415/; classtype:trojan-activity;sid:84537515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674416/; classtype:trojan-activity;sid:84537516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674417/; classtype:trojan-activity;sid:84537517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674418/; classtype:trojan-activity;sid:84537518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674419/; classtype:trojan-activity;sid:84537519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674420/; classtype:trojan-activity;sid:84537520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674421/; classtype:trojan-activity;sid:84537521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674422)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674422/; classtype:trojan-activity;sid:84537522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674423/; classtype:trojan-activity;sid:84537523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674424)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674424/; classtype:trojan-activity;sid:84537524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674425)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674425/; classtype:trojan-activity;sid:84537525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674426/; classtype:trojan-activity;sid:84537526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674427)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674427/; classtype:trojan-activity;sid:84537527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674428/; classtype:trojan-activity;sid:84537528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674429)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674429/; classtype:trojan-activity;sid:84537529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674430/; classtype:trojan-activity;sid:84537530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674431/; classtype:trojan-activity;sid:84537531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674432/; classtype:trojan-activity;sid:84537532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674433/; classtype:trojan-activity;sid:84537533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674434)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674434/; classtype:trojan-activity;sid:84537534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674403/; classtype:trojan-activity;sid:84537503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674404/; classtype:trojan-activity;sid:84537504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674405/; classtype:trojan-activity;sid:84537505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674401/; classtype:trojan-activity;sid:84537501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674402/; classtype:trojan-activity;sid:84537502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674399/; classtype:trojan-activity;sid:84537499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674400/; classtype:trojan-activity;sid:84537500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674397/; classtype:trojan-activity;sid:84537497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674398/; classtype:trojan-activity;sid:84537498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674391/; classtype:trojan-activity;sid:84537491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674392/; classtype:trojan-activity;sid:84537492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674393/; classtype:trojan-activity;sid:84537493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674394/; classtype:trojan-activity;sid:84537494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674395/; classtype:trojan-activity;sid:84537495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674396/; classtype:trojan-activity;sid:84537496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674387)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674387/; classtype:trojan-activity;sid:84537487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674388/; classtype:trojan-activity;sid:84537488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674389/; classtype:trojan-activity;sid:84537489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674390/; classtype:trojan-activity;sid:84537490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674373/; classtype:trojan-activity;sid:84537473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674374/; classtype:trojan-activity;sid:84537474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674375/; classtype:trojan-activity;sid:84537475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674376)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674376/; classtype:trojan-activity;sid:84537476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674377/; classtype:trojan-activity;sid:84537477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674378/; classtype:trojan-activity;sid:84537478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674379/; classtype:trojan-activity;sid:84537479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674380/; classtype:trojan-activity;sid:84537480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674381/; classtype:trojan-activity;sid:84537481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674382/; classtype:trojan-activity;sid:84537482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674383/; classtype:trojan-activity;sid:84537483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674384/; classtype:trojan-activity;sid:84537484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674385/; classtype:trojan-activity;sid:84537485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674386)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674386/; classtype:trojan-activity;sid:84537486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674363)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674363/; classtype:trojan-activity;sid:84537463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674364)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674364/; classtype:trojan-activity;sid:84537464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674365)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674365/; classtype:trojan-activity;sid:84537465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674366)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674366/; classtype:trojan-activity;sid:84537466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674367/; classtype:trojan-activity;sid:84537467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674368/; classtype:trojan-activity;sid:84537468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674369/; classtype:trojan-activity;sid:84537469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674370)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674370/; classtype:trojan-activity;sid:84537470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674371/; classtype:trojan-activity;sid:84537471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674372/; classtype:trojan-activity;sid:84537472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674361)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674361/; classtype:trojan-activity;sid:84537461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674362)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674362/; classtype:trojan-activity;sid:84537462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674359)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674359/; classtype:trojan-activity;sid:84537459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674360)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674360/; classtype:trojan-activity;sid:84537460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674351)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674351/; classtype:trojan-activity;sid:84537451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674352)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674352/; classtype:trojan-activity;sid:84537452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674353)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674353/; classtype:trojan-activity;sid:84537453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674354)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674354/; classtype:trojan-activity;sid:84537454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674355)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674355/; classtype:trojan-activity;sid:84537455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674356)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674356/; classtype:trojan-activity;sid:84537456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674357)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674357/; classtype:trojan-activity;sid:84537457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674358)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674358/; classtype:trojan-activity;sid:84537458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674349)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674349/; classtype:trojan-activity;sid:84537449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674350)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674350/; classtype:trojan-activity;sid:84537450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674333/; classtype:trojan-activity;sid:84537433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674334)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674334/; classtype:trojan-activity;sid:84537434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674335/; classtype:trojan-activity;sid:84537435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674336/; classtype:trojan-activity;sid:84537436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674337)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674337/; classtype:trojan-activity;sid:84537437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674338)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674338/; classtype:trojan-activity;sid:84537438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674339)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674339/; classtype:trojan-activity;sid:84537439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674340)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674340/; classtype:trojan-activity;sid:84537440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674341)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674341/; classtype:trojan-activity;sid:84537441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674342)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674342/; classtype:trojan-activity;sid:84537442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674343/; classtype:trojan-activity;sid:84537443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674344)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674344/; classtype:trojan-activity;sid:84537444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674345/; classtype:trojan-activity;sid:84537445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674346)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674346/; classtype:trojan-activity;sid:84537446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674347)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674347/; classtype:trojan-activity;sid:84537447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674348)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674348/; classtype:trojan-activity;sid:84537448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674332/; classtype:trojan-activity;sid:84537432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674325)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674325/; classtype:trojan-activity;sid:84537425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674326/; classtype:trojan-activity;sid:84537426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674327)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674327/; classtype:trojan-activity;sid:84537427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674328)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674328/; classtype:trojan-activity;sid:84537428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674329/; classtype:trojan-activity;sid:84537429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674330/; classtype:trojan-activity;sid:84537430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674331/; classtype:trojan-activity;sid:84537431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674320)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674320/; classtype:trojan-activity;sid:84537420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674321/; classtype:trojan-activity;sid:84537421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674322)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674322/; classtype:trojan-activity;sid:84537422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674323)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674323/; classtype:trojan-activity;sid:84537423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674324)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674324/; classtype:trojan-activity;sid:84537424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674308/; classtype:trojan-activity;sid:84537408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674309/; classtype:trojan-activity;sid:84537409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674310)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674310/; classtype:trojan-activity;sid:84537410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674311)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674311/; classtype:trojan-activity;sid:84537411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674312)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674312/; classtype:trojan-activity;sid:84537412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674313)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674313/; classtype:trojan-activity;sid:84537413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674314)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674314/; classtype:trojan-activity;sid:84537414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674315/; classtype:trojan-activity;sid:84537415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674316)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674316/; classtype:trojan-activity;sid:84537416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674317)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674317/; classtype:trojan-activity;sid:84537417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674318)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674318/; classtype:trojan-activity;sid:84537418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674319/; classtype:trojan-activity;sid:84537419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674301)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674301/; classtype:trojan-activity;sid:84537401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674302/; classtype:trojan-activity;sid:84537402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674303/; classtype:trojan-activity;sid:84537403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674304)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674304/; classtype:trojan-activity;sid:84537404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674305/; classtype:trojan-activity;sid:84537405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674306/; classtype:trojan-activity;sid:84537406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674307)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674307/; classtype:trojan-activity;sid:84537407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674285)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674285/; classtype:trojan-activity;sid:84537385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674286/; classtype:trojan-activity;sid:84537386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674287/; classtype:trojan-activity;sid:84537387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674288/; classtype:trojan-activity;sid:84537388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674289/; classtype:trojan-activity;sid:84537389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674290/; classtype:trojan-activity;sid:84537390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674291/; classtype:trojan-activity;sid:84537391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674292/; classtype:trojan-activity;sid:84537392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674293/; classtype:trojan-activity;sid:84537393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674294/; classtype:trojan-activity;sid:84537394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674295/; classtype:trojan-activity;sid:84537395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674296/; classtype:trojan-activity;sid:84537396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674297/; classtype:trojan-activity;sid:84537397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674298/; classtype:trojan-activity;sid:84537398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674299/; classtype:trojan-activity;sid:84537399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674300)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674300/; classtype:trojan-activity;sid:84537400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674284)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674284/; classtype:trojan-activity;sid:84537384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674280/; classtype:trojan-activity;sid:84537380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674281/; classtype:trojan-activity;sid:84537381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674282/; classtype:trojan-activity;sid:84537382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674283/; classtype:trojan-activity;sid:84537383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674276/; classtype:trojan-activity;sid:84537376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674277/; classtype:trojan-activity;sid:84537377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674278/; classtype:trojan-activity;sid:84537378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674279)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674279/; classtype:trojan-activity;sid:84537379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674274/; classtype:trojan-activity;sid:84537374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674275/; classtype:trojan-activity;sid:84537375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674272)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674272/; classtype:trojan-activity;sid:84537372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674273)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674273/; classtype:trojan-activity;sid:84537373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674269)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674269/; classtype:trojan-activity;sid:84537369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674270)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674270/; classtype:trojan-activity;sid:84537370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674271)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674271/; classtype:trojan-activity;sid:84537371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674268)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674268/; classtype:trojan-activity;sid:84537368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674266)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674266/; classtype:trojan-activity;sid:84537366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674267)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674267/; classtype:trojan-activity;sid:84537367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674265)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674265/; classtype:trojan-activity;sid:84537365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674263)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674263/; classtype:trojan-activity;sid:84537363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674264)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674264/; classtype:trojan-activity;sid:84537364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674260)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674260/; classtype:trojan-activity;sid:84537360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674261)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674261/; classtype:trojan-activity;sid:84537361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674262)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674262/; classtype:trojan-activity;sid:84537362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674247/; classtype:trojan-activity;sid:84537347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674248/; classtype:trojan-activity;sid:84537348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674249/; classtype:trojan-activity;sid:84537349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674250/; classtype:trojan-activity;sid:84537350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674251/; classtype:trojan-activity;sid:84537351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674252/; classtype:trojan-activity;sid:84537352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674253/; classtype:trojan-activity;sid:84537353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674254/; classtype:trojan-activity;sid:84537354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674255)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674255/; classtype:trojan-activity;sid:84537355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674256)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674256/; classtype:trojan-activity;sid:84537356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674257/; classtype:trojan-activity;sid:84537357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674258/; classtype:trojan-activity;sid:84537358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674259)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674259/; classtype:trojan-activity;sid:84537359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674245)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674245/; classtype:trojan-activity;sid:84537345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674246/; classtype:trojan-activity;sid:84537346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674244)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674244/; classtype:trojan-activity;sid:84537344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674241/; classtype:trojan-activity;sid:84537341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674242)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674242/; classtype:trojan-activity;sid:84537342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674243/; classtype:trojan-activity;sid:84537343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674239/; classtype:trojan-activity;sid:84537339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674240)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674240/; classtype:trojan-activity;sid:84537340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674237)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674237/; classtype:trojan-activity;sid:84537337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674238/; classtype:trojan-activity;sid:84537338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674232)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674232/; classtype:trojan-activity;sid:84537332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674233)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674233/; classtype:trojan-activity;sid:84537333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674234)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674234/; classtype:trojan-activity;sid:84537334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674235/; classtype:trojan-activity;sid:84537335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674236/; classtype:trojan-activity;sid:84537336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674231/; classtype:trojan-activity;sid:84537331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674230/; classtype:trojan-activity;sid:84537330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674228/; classtype:trojan-activity;sid:84537328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674229/; classtype:trojan-activity;sid:84537329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674227/; classtype:trojan-activity;sid:84537327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674205)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674205/; classtype:trojan-activity;sid:84537305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674206)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674206/; classtype:trojan-activity;sid:84537306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674207/; classtype:trojan-activity;sid:84537307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674208)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674208/; classtype:trojan-activity;sid:84537308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674209/; classtype:trojan-activity;sid:84537309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674210)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674210/; classtype:trojan-activity;sid:84537310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674211/; classtype:trojan-activity;sid:84537311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674212)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674212/; classtype:trojan-activity;sid:84537312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674213)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674213/; classtype:trojan-activity;sid:84537313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674214)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674214/; classtype:trojan-activity;sid:84537314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674215)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674215/; classtype:trojan-activity;sid:84537315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674216)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674216/; classtype:trojan-activity;sid:84537316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674217)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674217/; classtype:trojan-activity;sid:84537317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674218)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674218/; classtype:trojan-activity;sid:84537318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674219/; classtype:trojan-activity;sid:84537319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674220/; classtype:trojan-activity;sid:84537320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674221)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674221/; classtype:trojan-activity;sid:84537321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674222/; classtype:trojan-activity;sid:84537322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674223/; classtype:trojan-activity;sid:84537323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674224)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674224/; classtype:trojan-activity;sid:84537324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674225/; classtype:trojan-activity;sid:84537325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674226)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674226/; classtype:trojan-activity;sid:84537326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674194/; classtype:trojan-activity;sid:84537294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674195/; classtype:trojan-activity;sid:84537295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674196/; classtype:trojan-activity;sid:84537296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674197/; classtype:trojan-activity;sid:84537297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674198)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674198/; classtype:trojan-activity;sid:84537298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674199/; classtype:trojan-activity;sid:84537299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674200/; classtype:trojan-activity;sid:84537300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674201)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674201/; classtype:trojan-activity;sid:84537301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674202/; classtype:trojan-activity;sid:84537302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674203/; classtype:trojan-activity;sid:84537303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674204)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674204/; classtype:trojan-activity;sid:84537304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674193/; classtype:trojan-activity;sid:84537293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674184/; classtype:trojan-activity;sid:84537284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674185/; classtype:trojan-activity;sid:84537285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674186/; classtype:trojan-activity;sid:84537286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674187/; classtype:trojan-activity;sid:84537287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674188/; classtype:trojan-activity;sid:84537288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674189/; classtype:trojan-activity;sid:84537289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674190/; classtype:trojan-activity;sid:84537290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674191/; classtype:trojan-activity;sid:84537291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674192/; classtype:trojan-activity;sid:84537292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674172/; classtype:trojan-activity;sid:84537272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674173/; classtype:trojan-activity;sid:84537273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674174)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674174/; classtype:trojan-activity;sid:84537274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674175/; classtype:trojan-activity;sid:84537275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674176)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674176/; classtype:trojan-activity;sid:84537276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674177/; classtype:trojan-activity;sid:84537277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674178/; classtype:trojan-activity;sid:84537278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674179/; classtype:trojan-activity;sid:84537279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674180)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674180/; classtype:trojan-activity;sid:84537280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674181)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674181/; classtype:trojan-activity;sid:84537281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674182/; classtype:trojan-activity;sid:84537282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674183/; classtype:trojan-activity;sid:84537283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674160/; classtype:trojan-activity;sid:84537260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674161)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674161/; classtype:trojan-activity;sid:84537261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674162)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674162/; classtype:trojan-activity;sid:84537262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674163)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674163/; classtype:trojan-activity;sid:84537263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674164)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674164/; classtype:trojan-activity;sid:84537264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674165)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674165/; classtype:trojan-activity;sid:84537265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674166)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674166/; classtype:trojan-activity;sid:84537266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674167/; classtype:trojan-activity;sid:84537267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674168/; classtype:trojan-activity;sid:84537268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674169)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674169/; classtype:trojan-activity;sid:84537269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674170)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674170/; classtype:trojan-activity;sid:84537270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674171/; classtype:trojan-activity;sid:84537271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674159)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674159/; classtype:trojan-activity;sid:84537259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674157/; classtype:trojan-activity;sid:84537257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674158)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674158/; classtype:trojan-activity;sid:84537258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674133)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674133/; classtype:trojan-activity;sid:84537233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674134)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674134/; classtype:trojan-activity;sid:84537234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674135)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674135/; classtype:trojan-activity;sid:84537235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674136)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674136/; classtype:trojan-activity;sid:84537236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674137)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674137/; classtype:trojan-activity;sid:84537237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674138)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674138/; classtype:trojan-activity;sid:84537238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674139)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674139/; classtype:trojan-activity;sid:84537239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674140)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674140/; classtype:trojan-activity;sid:84537240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674141)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674141/; classtype:trojan-activity;sid:84537241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674142/; classtype:trojan-activity;sid:84537242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674143/; classtype:trojan-activity;sid:84537243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674144/; classtype:trojan-activity;sid:84537244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674145/; classtype:trojan-activity;sid:84537245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674146/; classtype:trojan-activity;sid:84537246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674147/; classtype:trojan-activity;sid:84537247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674148/; classtype:trojan-activity;sid:84537248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674149/; classtype:trojan-activity;sid:84537249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674150/; classtype:trojan-activity;sid:84537250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674151/; classtype:trojan-activity;sid:84537251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674152/; classtype:trojan-activity;sid:84537252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674153/; classtype:trojan-activity;sid:84537253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674154/; classtype:trojan-activity;sid:84537254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674155/; classtype:trojan-activity;sid:84537255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674156/; classtype:trojan-activity;sid:84537256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674125)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674125/; classtype:trojan-activity;sid:84537225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674126)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674126/; classtype:trojan-activity;sid:84537226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674127)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674127/; classtype:trojan-activity;sid:84537227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674128)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674128/; classtype:trojan-activity;sid:84537228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674129/; classtype:trojan-activity;sid:84537229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674130)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674130/; classtype:trojan-activity;sid:84537230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674131)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674131/; classtype:trojan-activity;sid:84537231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674132/; classtype:trojan-activity;sid:84537232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674124)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674124/; classtype:trojan-activity;sid:84537224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674123)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674123/; classtype:trojan-activity;sid:84537223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674122)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674122/; classtype:trojan-activity;sid:84537222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674121)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674121/; classtype:trojan-activity;sid:84537221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674090/; classtype:trojan-activity;sid:84537190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674091)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674091/; classtype:trojan-activity;sid:84537191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674092)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674092/; classtype:trojan-activity;sid:84537192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674093)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674093/; classtype:trojan-activity;sid:84537193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674094)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674094/; classtype:trojan-activity;sid:84537194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674095)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674095/; classtype:trojan-activity;sid:84537195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674096)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674096/; classtype:trojan-activity;sid:84537196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674097/; classtype:trojan-activity;sid:84537197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674098/; classtype:trojan-activity;sid:84537198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674099/; classtype:trojan-activity;sid:84537199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674100/; classtype:trojan-activity;sid:84537200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674101/; classtype:trojan-activity;sid:84537201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674102/; classtype:trojan-activity;sid:84537202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674103/; classtype:trojan-activity;sid:84537203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674104/; classtype:trojan-activity;sid:84537204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674105/; classtype:trojan-activity;sid:84537205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674106/; classtype:trojan-activity;sid:84537206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674107/; classtype:trojan-activity;sid:84537207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674108/; classtype:trojan-activity;sid:84537208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674109/; classtype:trojan-activity;sid:84537209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674110)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674110/; classtype:trojan-activity;sid:84537210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674111/; classtype:trojan-activity;sid:84537211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674112/; classtype:trojan-activity;sid:84537212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674113/; classtype:trojan-activity;sid:84537213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674114/; classtype:trojan-activity;sid:84537214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674115/; classtype:trojan-activity;sid:84537215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674116/; classtype:trojan-activity;sid:84537216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674117/; classtype:trojan-activity;sid:84537217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674118)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674118/; classtype:trojan-activity;sid:84537218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674119/; classtype:trojan-activity;sid:84537219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674120)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674120/; classtype:trojan-activity;sid:84537220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674089)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674089/; classtype:trojan-activity;sid:84537189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674088/; classtype:trojan-activity;sid:84537188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674087/; classtype:trojan-activity;sid:84537187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674084/; classtype:trojan-activity;sid:84537184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674085/; classtype:trojan-activity;sid:84537185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674086/; classtype:trojan-activity;sid:84537186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674082/; classtype:trojan-activity;sid:84537182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674083/; classtype:trojan-activity;sid:84537183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674079/; classtype:trojan-activity;sid:84537179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674080/; classtype:trojan-activity;sid:84537180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674081/; classtype:trojan-activity;sid:84537181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674070/; classtype:trojan-activity;sid:84537170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674071/; classtype:trojan-activity;sid:84537171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674072/; classtype:trojan-activity;sid:84537172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674073)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674073/; classtype:trojan-activity;sid:84537173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674074/; classtype:trojan-activity;sid:84537174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674075/; classtype:trojan-activity;sid:84537175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674076/; classtype:trojan-activity;sid:84537176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674077/; classtype:trojan-activity;sid:84537177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674078)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674078/; classtype:trojan-activity;sid:84537178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674066/; classtype:trojan-activity;sid:84537166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674067/; classtype:trojan-activity;sid:84537167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674068/; classtype:trojan-activity;sid:84537168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674069/; classtype:trojan-activity;sid:84537169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674065/; classtype:trojan-activity;sid:84537165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674047/; classtype:trojan-activity;sid:84537147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674048/; classtype:trojan-activity;sid:84537148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674049/; classtype:trojan-activity;sid:84537149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674050)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674050/; classtype:trojan-activity;sid:84537150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674051/; classtype:trojan-activity;sid:84537151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674052/; classtype:trojan-activity;sid:84537152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674053/; classtype:trojan-activity;sid:84537153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674054/; classtype:trojan-activity;sid:84537154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674055/; classtype:trojan-activity;sid:84537155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674056/; classtype:trojan-activity;sid:84537156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674057/; classtype:trojan-activity;sid:84537157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674058/; classtype:trojan-activity;sid:84537158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674059/; classtype:trojan-activity;sid:84537159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674060/; classtype:trojan-activity;sid:84537160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674061/; classtype:trojan-activity;sid:84537161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674062/; classtype:trojan-activity;sid:84537162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674063/; classtype:trojan-activity;sid:84537163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674064/; classtype:trojan-activity;sid:84537164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674044/; classtype:trojan-activity;sid:84537144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674045/; classtype:trojan-activity;sid:84537145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674046/; classtype:trojan-activity;sid:84537146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674042/; classtype:trojan-activity;sid:84537142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674043/; classtype:trojan-activity;sid:84537143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674041)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674041/; classtype:trojan-activity;sid:84537141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674030/; classtype:trojan-activity;sid:84537130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674031/; classtype:trojan-activity;sid:84537131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674032/; classtype:trojan-activity;sid:84537132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674033/; classtype:trojan-activity;sid:84537133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674034/; classtype:trojan-activity;sid:84537134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674035)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674035/; classtype:trojan-activity;sid:84537135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674036/; classtype:trojan-activity;sid:84537136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674037/; classtype:trojan-activity;sid:84537137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674038)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674038/; classtype:trojan-activity;sid:84537138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674039/; classtype:trojan-activity;sid:84537139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674040)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674040/; classtype:trojan-activity;sid:84537140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674028/; classtype:trojan-activity;sid:84537128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674029/; classtype:trojan-activity;sid:84537129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674024/; classtype:trojan-activity;sid:84537124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674025/; classtype:trojan-activity;sid:84537125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674026/; classtype:trojan-activity;sid:84537126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674027/; classtype:trojan-activity;sid:84537127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674022/; classtype:trojan-activity;sid:84537122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674023/; classtype:trojan-activity;sid:84537123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673995/; classtype:trojan-activity;sid:84537095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673996/; classtype:trojan-activity;sid:84537096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673997/; classtype:trojan-activity;sid:84537097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673998/; classtype:trojan-activity;sid:84537098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673999/; classtype:trojan-activity;sid:84537099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674000/; classtype:trojan-activity;sid:84537100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674001/; classtype:trojan-activity;sid:84537101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674002/; classtype:trojan-activity;sid:84537102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674003/; classtype:trojan-activity;sid:84537103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674004/; classtype:trojan-activity;sid:84537104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674005/; classtype:trojan-activity;sid:84537105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674006/; classtype:trojan-activity;sid:84537106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674007/; classtype:trojan-activity;sid:84537107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674008/; classtype:trojan-activity;sid:84537108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674009/; classtype:trojan-activity;sid:84537109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674010/; classtype:trojan-activity;sid:84537110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674011/; classtype:trojan-activity;sid:84537111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674012/; classtype:trojan-activity;sid:84537112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674013)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674013/; classtype:trojan-activity;sid:84537113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674014/; classtype:trojan-activity;sid:84537114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674015/; classtype:trojan-activity;sid:84537115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674016/; classtype:trojan-activity;sid:84537116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674017/; classtype:trojan-activity;sid:84537117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674018/; classtype:trojan-activity;sid:84537118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674019/; classtype:trojan-activity;sid:84537119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674020/; classtype:trojan-activity;sid:84537120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3674021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3674021/; classtype:trojan-activity;sid:84537121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673994/; classtype:trojan-activity;sid:84537094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673987)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673987/; classtype:trojan-activity;sid:84537087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673988/; classtype:trojan-activity;sid:84537088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673989/; classtype:trojan-activity;sid:84537089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673990/; classtype:trojan-activity;sid:84537090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673991/; classtype:trojan-activity;sid:84537091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673992/; classtype:trojan-activity;sid:84537092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673993/; classtype:trojan-activity;sid:84537093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673976/; classtype:trojan-activity;sid:84537076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673977/; classtype:trojan-activity;sid:84537077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673978/; classtype:trojan-activity;sid:84537078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673979)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673979/; classtype:trojan-activity;sid:84537079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673980/; classtype:trojan-activity;sid:84537080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673981/; classtype:trojan-activity;sid:84537081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673982/; classtype:trojan-activity;sid:84537082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673983/; classtype:trojan-activity;sid:84537083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673984/; classtype:trojan-activity;sid:84537084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673985/; classtype:trojan-activity;sid:84537085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673986/; classtype:trojan-activity;sid:84537086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673953/; classtype:trojan-activity;sid:84537053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673954/; classtype:trojan-activity;sid:84537054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673955)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673955/; classtype:trojan-activity;sid:84537055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673956/; classtype:trojan-activity;sid:84537056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673957)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673957/; classtype:trojan-activity;sid:84537057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673958/; classtype:trojan-activity;sid:84537058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673959/; classtype:trojan-activity;sid:84537059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673960/; classtype:trojan-activity;sid:84537060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673961/; classtype:trojan-activity;sid:84537061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673962)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673962/; classtype:trojan-activity;sid:84537062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673963)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673963/; classtype:trojan-activity;sid:84537063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673964/; classtype:trojan-activity;sid:84537064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673965)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673965/; classtype:trojan-activity;sid:84537065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673966)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673966/; classtype:trojan-activity;sid:84537066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673967)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673967/; classtype:trojan-activity;sid:84537067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673968)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673968/; classtype:trojan-activity;sid:84537068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673969)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673969/; classtype:trojan-activity;sid:84537069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673970)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673970/; classtype:trojan-activity;sid:84537070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673971)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673971/; classtype:trojan-activity;sid:84537071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673972/; classtype:trojan-activity;sid:84537072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673973/; classtype:trojan-activity;sid:84537073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673974)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673974/; classtype:trojan-activity;sid:84537074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673975/; classtype:trojan-activity;sid:84537075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv5l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673952/; classtype:trojan-activity;sid:84537052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673951/; classtype:trojan-activity;sid:84537051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673946)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673946/; classtype:trojan-activity;sid:84537046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673947/; classtype:trojan-activity;sid:84537047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673948/; classtype:trojan-activity;sid:84537048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673949/; classtype:trojan-activity;sid:84537049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673950/; classtype:trojan-activity;sid:84537050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673945)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673945/; classtype:trojan-activity;sid:84537045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673939/; classtype:trojan-activity;sid:84537039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673940/; classtype:trojan-activity;sid:84537040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673941/; classtype:trojan-activity;sid:84537041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673942/; classtype:trojan-activity;sid:84537042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673943/; classtype:trojan-activity;sid:84537043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673944/; classtype:trojan-activity;sid:84537044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673936)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673936/; classtype:trojan-activity;sid:84537036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673937/; classtype:trojan-activity;sid:84537037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673938/; classtype:trojan-activity;sid:84537038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673934/; classtype:trojan-activity;sid:84537034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673935/; classtype:trojan-activity;sid:84537035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673902/; classtype:trojan-activity;sid:84537002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673903/; classtype:trojan-activity;sid:84537003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673904/; classtype:trojan-activity;sid:84537004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673905/; classtype:trojan-activity;sid:84537005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673906/; classtype:trojan-activity;sid:84537006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673907/; classtype:trojan-activity;sid:84537007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673908/; classtype:trojan-activity;sid:84537008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673909/; classtype:trojan-activity;sid:84537009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673910/; classtype:trojan-activity;sid:84537010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673911/; classtype:trojan-activity;sid:84537011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673912/; classtype:trojan-activity;sid:84537012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673913/; classtype:trojan-activity;sid:84537013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673914/; classtype:trojan-activity;sid:84537014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673915/; classtype:trojan-activity;sid:84537015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673916/; classtype:trojan-activity;sid:84537016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673917/; classtype:trojan-activity;sid:84537017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673918/; classtype:trojan-activity;sid:84537018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673919/; classtype:trojan-activity;sid:84537019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673920)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673920/; classtype:trojan-activity;sid:84537020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673921/; classtype:trojan-activity;sid:84537021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673922/; classtype:trojan-activity;sid:84537022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673923/; classtype:trojan-activity;sid:84537023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673924)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673924/; classtype:trojan-activity;sid:84537024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673925)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673925/; classtype:trojan-activity;sid:84537025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673926)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673926/; classtype:trojan-activity;sid:84537026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673927/; classtype:trojan-activity;sid:84537027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673928/; classtype:trojan-activity;sid:84537028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673929)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673929/; classtype:trojan-activity;sid:84537029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673930/; classtype:trojan-activity;sid:84537030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673931)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673931/; classtype:trojan-activity;sid:84537031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673932/; classtype:trojan-activity;sid:84537032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673933/; classtype:trojan-activity;sid:84537033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673901/; classtype:trojan-activity;sid:84537001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673900/; classtype:trojan-activity;sid:84537000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673897/; classtype:trojan-activity;sid:84536997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673898/; classtype:trojan-activity;sid:84536998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673899/; classtype:trojan-activity;sid:84536999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673896/; classtype:trojan-activity;sid:84536996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673893/; classtype:trojan-activity;sid:84536993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673894/; classtype:trojan-activity;sid:84536994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673895/; classtype:trojan-activity;sid:84536995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673892)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673892/; classtype:trojan-activity;sid:84536992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673891)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673891/; classtype:trojan-activity;sid:84536991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673875/; classtype:trojan-activity;sid:84536975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673876)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673876/; classtype:trojan-activity;sid:84536976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673877/; classtype:trojan-activity;sid:84536977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673878/; classtype:trojan-activity;sid:84536978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673879/; classtype:trojan-activity;sid:84536979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673880/; classtype:trojan-activity;sid:84536980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673881/; classtype:trojan-activity;sid:84536981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673882/; classtype:trojan-activity;sid:84536982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673883/; classtype:trojan-activity;sid:84536983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673884)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673884/; classtype:trojan-activity;sid:84536984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673885/; classtype:trojan-activity;sid:84536985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673886/; classtype:trojan-activity;sid:84536986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673887/; classtype:trojan-activity;sid:84536987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673888/; classtype:trojan-activity;sid:84536988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673889/; classtype:trojan-activity;sid:84536989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673890/; classtype:trojan-activity;sid:84536990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673857)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673857/; classtype:trojan-activity;sid:84536957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673858)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673858/; classtype:trojan-activity;sid:84536958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673859/; classtype:trojan-activity;sid:84536959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673860)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673860/; classtype:trojan-activity;sid:84536960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673861/; classtype:trojan-activity;sid:84536961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673862/; classtype:trojan-activity;sid:84536962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673863/; classtype:trojan-activity;sid:84536963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673864/; classtype:trojan-activity;sid:84536964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673865/; classtype:trojan-activity;sid:84536965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673866/; classtype:trojan-activity;sid:84536966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673867/; classtype:trojan-activity;sid:84536967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673868/; classtype:trojan-activity;sid:84536968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673869/; classtype:trojan-activity;sid:84536969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673870/; classtype:trojan-activity;sid:84536970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673871/; classtype:trojan-activity;sid:84536971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673872/; classtype:trojan-activity;sid:84536972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673873/; classtype:trojan-activity;sid:84536973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673874/; classtype:trojan-activity;sid:84536974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673856)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673856/; classtype:trojan-activity;sid:84536956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673855)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673855/; classtype:trojan-activity;sid:84536955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673843/; classtype:trojan-activity;sid:84536943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673844/; classtype:trojan-activity;sid:84536944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673845/; classtype:trojan-activity;sid:84536945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673846/; classtype:trojan-activity;sid:84536946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673847/; classtype:trojan-activity;sid:84536947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673848/; classtype:trojan-activity;sid:84536948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673849/; classtype:trojan-activity;sid:84536949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673850)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673850/; classtype:trojan-activity;sid:84536950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673851)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673851/; classtype:trojan-activity;sid:84536951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673852/; classtype:trojan-activity;sid:84536952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673853/; classtype:trojan-activity;sid:84536953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"artier-recourser.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673854/; classtype:trojan-activity;sid:84536954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673839/; classtype:trojan-activity;sid:84536939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673840/; classtype:trojan-activity;sid:84536940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673841/; classtype:trojan-activity;sid:84536941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673842/; classtype:trojan-activity;sid:84536942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673825)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673825/; classtype:trojan-activity;sid:84536925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673826/; classtype:trojan-activity;sid:84536926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673827)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673827/; classtype:trojan-activity;sid:84536927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673828/; classtype:trojan-activity;sid:84536928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673829/; classtype:trojan-activity;sid:84536929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673830)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673830/; classtype:trojan-activity;sid:84536930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673831/; classtype:trojan-activity;sid:84536931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673832/; classtype:trojan-activity;sid:84536932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673833/; classtype:trojan-activity;sid:84536933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673834/; classtype:trojan-activity;sid:84536934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673835/; classtype:trojan-activity;sid:84536935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673836/; classtype:trojan-activity;sid:84536936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673837/; classtype:trojan-activity;sid:84536937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673838/; classtype:trojan-activity;sid:84536938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673824/; classtype:trojan-activity;sid:84536924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673820/; classtype:trojan-activity;sid:84536920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673821/; classtype:trojan-activity;sid:84536921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673822)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673822/; classtype:trojan-activity;sid:84536922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673823/; classtype:trojan-activity;sid:84536923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673818/; classtype:trojan-activity;sid:84536918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673819)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673819/; classtype:trojan-activity;sid:84536919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673809/; classtype:trojan-activity;sid:84536909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673810/; classtype:trojan-activity;sid:84536910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673811/; classtype:trojan-activity;sid:84536911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673812/; classtype:trojan-activity;sid:84536912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673813/; classtype:trojan-activity;sid:84536913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673814/; classtype:trojan-activity;sid:84536914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673815/; classtype:trojan-activity;sid:84536915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673816/; classtype:trojan-activity;sid:84536916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673817/; classtype:trojan-activity;sid:84536917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673807/; classtype:trojan-activity;sid:84536907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673808/; classtype:trojan-activity;sid:84536908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673806/; classtype:trojan-activity;sid:84536906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673795/; classtype:trojan-activity;sid:84536895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673796/; classtype:trojan-activity;sid:84536896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673797/; classtype:trojan-activity;sid:84536897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673798/; classtype:trojan-activity;sid:84536898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673799/; classtype:trojan-activity;sid:84536899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673800/; classtype:trojan-activity;sid:84536900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673801/; classtype:trojan-activity;sid:84536901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673802/; classtype:trojan-activity;sid:84536902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673803/; classtype:trojan-activity;sid:84536903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673804/; classtype:trojan-activity;sid:84536904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673805/; classtype:trojan-activity;sid:84536905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673791)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673791/; classtype:trojan-activity;sid:84536891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673792)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673792/; classtype:trojan-activity;sid:84536892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673793/; classtype:trojan-activity;sid:84536893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673794/; classtype:trojan-activity;sid:84536894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673786/; classtype:trojan-activity;sid:84536886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673787/; classtype:trojan-activity;sid:84536887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673788/; classtype:trojan-activity;sid:84536888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673789/; classtype:trojan-activity;sid:84536889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673790)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673790/; classtype:trojan-activity;sid:84536890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673768/; classtype:trojan-activity;sid:84536868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673769/; classtype:trojan-activity;sid:84536869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673770/; classtype:trojan-activity;sid:84536870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673771/; classtype:trojan-activity;sid:84536871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673772/; classtype:trojan-activity;sid:84536872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673773/; classtype:trojan-activity;sid:84536873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673774/; classtype:trojan-activity;sid:84536874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673775/; classtype:trojan-activity;sid:84536875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673776/; classtype:trojan-activity;sid:84536876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673777/; classtype:trojan-activity;sid:84536877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673778/; classtype:trojan-activity;sid:84536878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673779/; classtype:trojan-activity;sid:84536879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673780/; classtype:trojan-activity;sid:84536880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673781/; classtype:trojan-activity;sid:84536881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673782/; classtype:trojan-activity;sid:84536882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673783/; classtype:trojan-activity;sid:84536883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673784/; classtype:trojan-activity;sid:84536884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673785/; classtype:trojan-activity;sid:84536885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673767/; classtype:trojan-activity;sid:84536867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673766/; classtype:trojan-activity;sid:84536866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673747/; classtype:trojan-activity;sid:84536847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673748/; classtype:trojan-activity;sid:84536848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673749)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673749/; classtype:trojan-activity;sid:84536849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673750/; classtype:trojan-activity;sid:84536850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673751)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673751/; classtype:trojan-activity;sid:84536851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673752/; classtype:trojan-activity;sid:84536852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673753)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673753/; classtype:trojan-activity;sid:84536853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673754)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673754/; classtype:trojan-activity;sid:84536854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673755/; classtype:trojan-activity;sid:84536855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673756/; classtype:trojan-activity;sid:84536856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673757/; classtype:trojan-activity;sid:84536857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673758/; classtype:trojan-activity;sid:84536858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673759/; classtype:trojan-activity;sid:84536859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673760/; classtype:trojan-activity;sid:84536860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673761/; classtype:trojan-activity;sid:84536861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673762/; classtype:trojan-activity;sid:84536862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673763/; classtype:trojan-activity;sid:84536863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673764/; classtype:trojan-activity;sid:84536864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673765/; classtype:trojan-activity;sid:84536865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673744/; classtype:trojan-activity;sid:84536844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673745/; classtype:trojan-activity;sid:84536845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673746/; classtype:trojan-activity;sid:84536846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673743)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673743/; classtype:trojan-activity;sid:84536843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673738/; classtype:trojan-activity;sid:84536838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673739/; classtype:trojan-activity;sid:84536839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673740/; classtype:trojan-activity;sid:84536840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673741/; classtype:trojan-activity;sid:84536841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673742/; classtype:trojan-activity;sid:84536842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673724)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673724/; classtype:trojan-activity;sid:84536824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673725)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673725/; classtype:trojan-activity;sid:84536825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673726/; classtype:trojan-activity;sid:84536826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673727/; classtype:trojan-activity;sid:84536827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673728/; classtype:trojan-activity;sid:84536828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673729/; classtype:trojan-activity;sid:84536829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673730)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673730/; classtype:trojan-activity;sid:84536830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673731)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673731/; classtype:trojan-activity;sid:84536831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673732/; classtype:trojan-activity;sid:84536832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673733/; classtype:trojan-activity;sid:84536833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673734)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673734/; classtype:trojan-activity;sid:84536834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673735/; classtype:trojan-activity;sid:84536835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673736/; classtype:trojan-activity;sid:84536836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673737/; classtype:trojan-activity;sid:84536837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673712)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673712/; classtype:trojan-activity;sid:84536812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673713/; classtype:trojan-activity;sid:84536813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673714)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673714/; classtype:trojan-activity;sid:84536814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673715/; classtype:trojan-activity;sid:84536815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673716)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673716/; classtype:trojan-activity;sid:84536816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673717)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673717/; classtype:trojan-activity;sid:84536817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673718/; classtype:trojan-activity;sid:84536818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673719)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673719/; classtype:trojan-activity;sid:84536819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673720)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673720/; classtype:trojan-activity;sid:84536820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673721)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673721/; classtype:trojan-activity;sid:84536821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673722)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673722/; classtype:trojan-activity;sid:84536822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673723)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673723/; classtype:trojan-activity;sid:84536823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673710/; classtype:trojan-activity;sid:84536810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673711/; classtype:trojan-activity;sid:84536811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673698/; classtype:trojan-activity;sid:84536798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673699/; classtype:trojan-activity;sid:84536799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673700/; classtype:trojan-activity;sid:84536800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673701/; classtype:trojan-activity;sid:84536801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673702/; classtype:trojan-activity;sid:84536802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673703/; classtype:trojan-activity;sid:84536803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673704/; classtype:trojan-activity;sid:84536804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673705/; classtype:trojan-activity;sid:84536805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673706/; classtype:trojan-activity;sid:84536806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673707/; classtype:trojan-activity;sid:84536807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673708/; classtype:trojan-activity;sid:84536808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673709/; classtype:trojan-activity;sid:84536809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673693/; classtype:trojan-activity;sid:84536793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673694/; classtype:trojan-activity;sid:84536794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673695/; classtype:trojan-activity;sid:84536795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673696/; classtype:trojan-activity;sid:84536796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673697/; classtype:trojan-activity;sid:84536797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673691/; classtype:trojan-activity;sid:84536791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673692/; classtype:trojan-activity;sid:84536792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673687/; classtype:trojan-activity;sid:84536787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673688/; classtype:trojan-activity;sid:84536788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673689)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673689/; classtype:trojan-activity;sid:84536789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673690/; classtype:trojan-activity;sid:84536790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673667)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673667/; classtype:trojan-activity;sid:84536767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673668)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673668/; classtype:trojan-activity;sid:84536768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673669)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673669/; classtype:trojan-activity;sid:84536769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673670/; classtype:trojan-activity;sid:84536770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673671/; classtype:trojan-activity;sid:84536771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673672/; classtype:trojan-activity;sid:84536772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673673/; classtype:trojan-activity;sid:84536773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673674/; classtype:trojan-activity;sid:84536774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673675/; classtype:trojan-activity;sid:84536775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673676/; classtype:trojan-activity;sid:84536776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673677/; classtype:trojan-activity;sid:84536777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673678/; classtype:trojan-activity;sid:84536778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673679/; classtype:trojan-activity;sid:84536779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673680/; classtype:trojan-activity;sid:84536780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.254.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673681/; classtype:trojan-activity;sid:84536781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673682/; classtype:trojan-activity;sid:84536782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673683/; classtype:trojan-activity;sid:84536783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673684/; classtype:trojan-activity;sid:84536784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673685/; classtype:trojan-activity;sid:84536785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673686/; classtype:trojan-activity;sid:84536786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673660/; classtype:trojan-activity;sid:84536760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673661)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673661/; classtype:trojan-activity;sid:84536761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673662/; classtype:trojan-activity;sid:84536762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673663)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673663/; classtype:trojan-activity;sid:84536763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673664)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673664/; classtype:trojan-activity;sid:84536764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673665)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673665/; classtype:trojan-activity;sid:84536765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673666)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673666/; classtype:trojan-activity;sid:84536766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673640)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673640/; classtype:trojan-activity;sid:84536740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673641/; classtype:trojan-activity;sid:84536741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673642/; classtype:trojan-activity;sid:84536742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673643)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673643/; classtype:trojan-activity;sid:84536743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673644)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673644/; classtype:trojan-activity;sid:84536744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673645)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673645/; classtype:trojan-activity;sid:84536745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673646/; classtype:trojan-activity;sid:84536746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673647/; classtype:trojan-activity;sid:84536747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673648/; classtype:trojan-activity;sid:84536748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673649/; classtype:trojan-activity;sid:84536749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673650)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673650/; classtype:trojan-activity;sid:84536750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673651/; classtype:trojan-activity;sid:84536751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673652/; classtype:trojan-activity;sid:84536752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673653/; classtype:trojan-activity;sid:84536753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673654/; classtype:trojan-activity;sid:84536754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673655/; classtype:trojan-activity;sid:84536755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673656/; classtype:trojan-activity;sid:84536756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673657/; classtype:trojan-activity;sid:84536757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673658/; classtype:trojan-activity;sid:84536758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673659)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673659/; classtype:trojan-activity;sid:84536759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673637)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673637/; classtype:trojan-activity;sid:84536737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673638)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673638/; classtype:trojan-activity;sid:84536738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673639)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673639/; classtype:trojan-activity;sid:84536739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673634/; classtype:trojan-activity;sid:84536734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673635)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673635/; classtype:trojan-activity;sid:84536735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673636/; classtype:trojan-activity;sid:84536736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673632/; classtype:trojan-activity;sid:84536732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673633/; classtype:trojan-activity;sid:84536733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673627/; classtype:trojan-activity;sid:84536727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673628)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673628/; classtype:trojan-activity;sid:84536728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673629)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673629/; classtype:trojan-activity;sid:84536729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673630)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673630/; classtype:trojan-activity;sid:84536730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673631)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673631/; classtype:trojan-activity;sid:84536731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673624)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673624/; classtype:trojan-activity;sid:84536724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673625)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673625/; classtype:trojan-activity;sid:84536725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673626)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673626/; classtype:trojan-activity;sid:84536726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673623)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673623/; classtype:trojan-activity;sid:84536723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673604)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673604/; classtype:trojan-activity;sid:84536704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673605)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673605/; classtype:trojan-activity;sid:84536705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673606)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673606/; classtype:trojan-activity;sid:84536706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673607/; classtype:trojan-activity;sid:84536707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673608/; classtype:trojan-activity;sid:84536708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673609)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673609/; classtype:trojan-activity;sid:84536709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673610)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673610/; classtype:trojan-activity;sid:84536710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673611)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673611/; classtype:trojan-activity;sid:84536711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673612)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673612/; classtype:trojan-activity;sid:84536712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673613)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673613/; classtype:trojan-activity;sid:84536713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673614)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673614/; classtype:trojan-activity;sid:84536714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673615)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673615/; classtype:trojan-activity;sid:84536715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673616)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673616/; classtype:trojan-activity;sid:84536716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673617)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673617/; classtype:trojan-activity;sid:84536717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673618)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673618/; classtype:trojan-activity;sid:84536718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673619)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673619/; classtype:trojan-activity;sid:84536719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673620)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673620/; classtype:trojan-activity;sid:84536720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673621)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673621/; classtype:trojan-activity;sid:84536721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673622)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673622/; classtype:trojan-activity;sid:84536722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673603)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673603/; classtype:trojan-activity;sid:84536703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673601)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673601/; classtype:trojan-activity;sid:84536701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673602)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673602/; classtype:trojan-activity;sid:84536702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673585)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673585/; classtype:trojan-activity;sid:84536685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673586)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673586/; classtype:trojan-activity;sid:84536686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673587)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673587/; classtype:trojan-activity;sid:84536687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673588)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673588/; classtype:trojan-activity;sid:84536688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673589)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673589/; classtype:trojan-activity;sid:84536689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673590)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673590/; classtype:trojan-activity;sid:84536690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673591)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673591/; classtype:trojan-activity;sid:84536691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673592)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673592/; classtype:trojan-activity;sid:84536692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673593)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673593/; classtype:trojan-activity;sid:84536693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673594)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673594/; classtype:trojan-activity;sid:84536694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673595)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673595/; classtype:trojan-activity;sid:84536695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673596)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673596/; classtype:trojan-activity;sid:84536696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673597)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673597/; classtype:trojan-activity;sid:84536697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673598/; classtype:trojan-activity;sid:84536698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673599/; classtype:trojan-activity;sid:84536699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673600)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673600/; classtype:trojan-activity;sid:84536700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673581)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673581/; classtype:trojan-activity;sid:84536681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673582)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673582/; classtype:trojan-activity;sid:84536682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673583)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673583/; classtype:trojan-activity;sid:84536683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673584)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673584/; classtype:trojan-activity;sid:84536684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673579/; classtype:trojan-activity;sid:84536679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673580/; classtype:trojan-activity;sid:84536680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673578/; classtype:trojan-activity;sid:84536678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673564/; classtype:trojan-activity;sid:84536664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673565/; classtype:trojan-activity;sid:84536665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673566/; classtype:trojan-activity;sid:84536666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673567/; classtype:trojan-activity;sid:84536667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673568/; classtype:trojan-activity;sid:84536668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673569/; classtype:trojan-activity;sid:84536669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673570/; classtype:trojan-activity;sid:84536670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673571/; classtype:trojan-activity;sid:84536671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673572/; classtype:trojan-activity;sid:84536672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673573/; classtype:trojan-activity;sid:84536673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673574/; classtype:trojan-activity;sid:84536674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673575/; classtype:trojan-activity;sid:84536675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673576/; classtype:trojan-activity;sid:84536676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673577/; classtype:trojan-activity;sid:84536677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673550/; classtype:trojan-activity;sid:84536650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673551/; classtype:trojan-activity;sid:84536651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673552/; classtype:trojan-activity;sid:84536652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673553/; classtype:trojan-activity;sid:84536653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673554/; classtype:trojan-activity;sid:84536654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673555/; classtype:trojan-activity;sid:84536655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673556/; classtype:trojan-activity;sid:84536656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673557/; classtype:trojan-activity;sid:84536657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673558/; classtype:trojan-activity;sid:84536658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673559/; classtype:trojan-activity;sid:84536659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673560/; classtype:trojan-activity;sid:84536660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673561/; classtype:trojan-activity;sid:84536661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673562/; classtype:trojan-activity;sid:84536662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673563/; classtype:trojan-activity;sid:84536663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673541/; classtype:trojan-activity;sid:84536641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673542/; classtype:trojan-activity;sid:84536642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673543/; classtype:trojan-activity;sid:84536643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673544/; classtype:trojan-activity;sid:84536644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673545/; classtype:trojan-activity;sid:84536645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673546/; classtype:trojan-activity;sid:84536646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673547/; classtype:trojan-activity;sid:84536647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673548/; classtype:trojan-activity;sid:84536648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673549/; classtype:trojan-activity;sid:84536649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673538/; classtype:trojan-activity;sid:84536638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673539/; classtype:trojan-activity;sid:84536639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673540/; classtype:trojan-activity;sid:84536640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673532)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673532/; classtype:trojan-activity;sid:84536632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673533)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673533/; classtype:trojan-activity;sid:84536633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673534/; classtype:trojan-activity;sid:84536634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673535/; classtype:trojan-activity;sid:84536635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673536)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673536/; classtype:trojan-activity;sid:84536636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673537/; classtype:trojan-activity;sid:84536637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673527)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673527/; classtype:trojan-activity;sid:84536627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673528)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673528/; classtype:trojan-activity;sid:84536628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673529)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673529/; classtype:trojan-activity;sid:84536629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673530)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673530/; classtype:trojan-activity;sid:84536630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673531)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673531/; classtype:trojan-activity;sid:84536631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673526/; classtype:trojan-activity;sid:84536626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673517)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673517/; classtype:trojan-activity;sid:84536617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673518)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673518/; classtype:trojan-activity;sid:84536618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673519)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673519/; classtype:trojan-activity;sid:84536619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673520)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673520/; classtype:trojan-activity;sid:84536620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673521)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673521/; classtype:trojan-activity;sid:84536621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673522/; classtype:trojan-activity;sid:84536622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673523)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673523/; classtype:trojan-activity;sid:84536623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673524)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673524/; classtype:trojan-activity;sid:84536624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673525/; classtype:trojan-activity;sid:84536625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673513/; classtype:trojan-activity;sid:84536613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673514)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673514/; classtype:trojan-activity;sid:84536614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673515)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673515/; classtype:trojan-activity;sid:84536615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673516)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673516/; classtype:trojan-activity;sid:84536616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673503)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673503/; classtype:trojan-activity;sid:84536603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673504)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673504/; classtype:trojan-activity;sid:84536604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673505)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673505/; classtype:trojan-activity;sid:84536605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673506)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673506/; classtype:trojan-activity;sid:84536606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673507)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673507/; classtype:trojan-activity;sid:84536607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673508)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673508/; classtype:trojan-activity;sid:84536608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673509/; classtype:trojan-activity;sid:84536609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673510)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673510/; classtype:trojan-activity;sid:84536610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673511/; classtype:trojan-activity;sid:84536611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673512)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673512/; classtype:trojan-activity;sid:84536612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673502)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673502/; classtype:trojan-activity;sid:84536602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673501)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673501/; classtype:trojan-activity;sid:84536601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673495)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673495/; classtype:trojan-activity;sid:84536595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673496)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673496/; classtype:trojan-activity;sid:84536596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673497)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673497/; classtype:trojan-activity;sid:84536597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673498)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673498/; classtype:trojan-activity;sid:84536598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673499)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673499/; classtype:trojan-activity;sid:84536599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673500)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673500/; classtype:trojan-activity;sid:84536600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673494/; classtype:trojan-activity;sid:84536594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673489)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673489/; classtype:trojan-activity;sid:84536589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673490)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673490/; classtype:trojan-activity;sid:84536590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673491)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673491/; classtype:trojan-activity;sid:84536591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673492)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673492/; classtype:trojan-activity;sid:84536592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673493)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673493/; classtype:trojan-activity;sid:84536593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673482/; classtype:trojan-activity;sid:84536582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673483/; classtype:trojan-activity;sid:84536583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673484/; classtype:trojan-activity;sid:84536584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673485/; classtype:trojan-activity;sid:84536585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673486/; classtype:trojan-activity;sid:84536586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673487/; classtype:trojan-activity;sid:84536587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673488)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673488/; classtype:trojan-activity;sid:84536588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673474/; classtype:trojan-activity;sid:84536574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673475)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673475/; classtype:trojan-activity;sid:84536575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673476/; classtype:trojan-activity;sid:84536576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673477/; classtype:trojan-activity;sid:84536577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673478/; classtype:trojan-activity;sid:84536578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673479)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673479/; classtype:trojan-activity;sid:84536579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673480)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673480/; classtype:trojan-activity;sid:84536580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673481)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673481/; classtype:trojan-activity;sid:84536581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673457)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673457/; classtype:trojan-activity;sid:84536557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673458/; classtype:trojan-activity;sid:84536558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673459/; classtype:trojan-activity;sid:84536559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673460)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673460/; classtype:trojan-activity;sid:84536560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673461)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673461/; classtype:trojan-activity;sid:84536561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673462)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673462/; classtype:trojan-activity;sid:84536562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673463/; classtype:trojan-activity;sid:84536563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673464)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673464/; classtype:trojan-activity;sid:84536564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673465/; classtype:trojan-activity;sid:84536565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673466/; classtype:trojan-activity;sid:84536566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673467)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673467/; classtype:trojan-activity;sid:84536567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673468/; classtype:trojan-activity;sid:84536568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673469)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673469/; classtype:trojan-activity;sid:84536569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673470/; classtype:trojan-activity;sid:84536570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673471/; classtype:trojan-activity;sid:84536571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673472/; classtype:trojan-activity;sid:84536572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673473/; classtype:trojan-activity;sid:84536573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673447/; classtype:trojan-activity;sid:84536547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673448/; classtype:trojan-activity;sid:84536548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673449/; classtype:trojan-activity;sid:84536549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673450)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673450/; classtype:trojan-activity;sid:84536550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673451)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673451/; classtype:trojan-activity;sid:84536551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673452/; classtype:trojan-activity;sid:84536552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673453/; classtype:trojan-activity;sid:84536553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673454)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673454/; classtype:trojan-activity;sid:84536554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673455)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673455/; classtype:trojan-activity;sid:84536555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673456/; classtype:trojan-activity;sid:84536556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673446/; classtype:trojan-activity;sid:84536546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673438/; classtype:trojan-activity;sid:84536538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673439/; classtype:trojan-activity;sid:84536539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673440/; classtype:trojan-activity;sid:84536540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673441)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673441/; classtype:trojan-activity;sid:84536541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673442)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673442/; classtype:trojan-activity;sid:84536542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673443)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673443/; classtype:trojan-activity;sid:84536543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673444)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673444/; classtype:trojan-activity;sid:84536544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673445)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673445/; classtype:trojan-activity;sid:84536545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673435)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673435/; classtype:trojan-activity;sid:84536535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673436)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673436/; classtype:trojan-activity;sid:84536536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673437)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673437/; classtype:trojan-activity;sid:84536537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673416/; classtype:trojan-activity;sid:84536516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673417/; classtype:trojan-activity;sid:84536517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673418/; classtype:trojan-activity;sid:84536518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673419/; classtype:trojan-activity;sid:84536519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673420/; classtype:trojan-activity;sid:84536520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673421/; classtype:trojan-activity;sid:84536521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673422)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673422/; classtype:trojan-activity;sid:84536522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673423/; classtype:trojan-activity;sid:84536523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673424)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673424/; classtype:trojan-activity;sid:84536524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673425)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673425/; classtype:trojan-activity;sid:84536525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673426/; classtype:trojan-activity;sid:84536526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673427)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673427/; classtype:trojan-activity;sid:84536527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673428/; classtype:trojan-activity;sid:84536528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673429)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673429/; classtype:trojan-activity;sid:84536529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673430/; classtype:trojan-activity;sid:84536530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673431/; classtype:trojan-activity;sid:84536531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673432/; classtype:trojan-activity;sid:84536532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673433/; classtype:trojan-activity;sid:84536533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673434)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673434/; classtype:trojan-activity;sid:84536534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673415/; classtype:trojan-activity;sid:84536515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673408/; classtype:trojan-activity;sid:84536508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673409/; classtype:trojan-activity;sid:84536509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673410/; classtype:trojan-activity;sid:84536510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673411/; classtype:trojan-activity;sid:84536511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673412/; classtype:trojan-activity;sid:84536512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673413/; classtype:trojan-activity;sid:84536513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673414/; classtype:trojan-activity;sid:84536514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673407/; classtype:trojan-activity;sid:84536507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673404/; classtype:trojan-activity;sid:84536504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673405/; classtype:trojan-activity;sid:84536505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673406/; classtype:trojan-activity;sid:84536506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673402/; classtype:trojan-activity;sid:84536502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673403/; classtype:trojan-activity;sid:84536503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673392/; classtype:trojan-activity;sid:84536492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673393/; classtype:trojan-activity;sid:84536493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673394/; classtype:trojan-activity;sid:84536494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673395/; classtype:trojan-activity;sid:84536495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673396/; classtype:trojan-activity;sid:84536496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673397/; classtype:trojan-activity;sid:84536497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673398/; classtype:trojan-activity;sid:84536498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673399/; classtype:trojan-activity;sid:84536499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673400/; classtype:trojan-activity;sid:84536500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673401/; classtype:trojan-activity;sid:84536501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673386)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673386/; classtype:trojan-activity;sid:84536486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673387)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673387/; classtype:trojan-activity;sid:84536487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673388/; classtype:trojan-activity;sid:84536488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673389/; classtype:trojan-activity;sid:84536489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673390/; classtype:trojan-activity;sid:84536490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673391/; classtype:trojan-activity;sid:84536491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673385/; classtype:trojan-activity;sid:84536485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673377/; classtype:trojan-activity;sid:84536477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673378/; classtype:trojan-activity;sid:84536478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673379/; classtype:trojan-activity;sid:84536479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673380/; classtype:trojan-activity;sid:84536480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673381/; classtype:trojan-activity;sid:84536481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673382/; classtype:trojan-activity;sid:84536482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673383/; classtype:trojan-activity;sid:84536483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673384/; classtype:trojan-activity;sid:84536484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673372/; classtype:trojan-activity;sid:84536472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673373/; classtype:trojan-activity;sid:84536473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673374/; classtype:trojan-activity;sid:84536474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673375/; classtype:trojan-activity;sid:84536475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673376)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673376/; classtype:trojan-activity;sid:84536476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673370)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673370/; classtype:trojan-activity;sid:84536470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673371/; classtype:trojan-activity;sid:84536471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673353)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673353/; classtype:trojan-activity;sid:84536453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673354)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673354/; classtype:trojan-activity;sid:84536454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673355)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673355/; classtype:trojan-activity;sid:84536455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673356)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673356/; classtype:trojan-activity;sid:84536456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673357)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673357/; classtype:trojan-activity;sid:84536457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673358)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673358/; classtype:trojan-activity;sid:84536458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673359)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673359/; classtype:trojan-activity;sid:84536459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673360)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673360/; classtype:trojan-activity;sid:84536460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673361)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673361/; classtype:trojan-activity;sid:84536461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673362)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673362/; classtype:trojan-activity;sid:84536462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673363)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673363/; classtype:trojan-activity;sid:84536463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673364)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673364/; classtype:trojan-activity;sid:84536464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673365)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673365/; classtype:trojan-activity;sid:84536465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673366)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673366/; classtype:trojan-activity;sid:84536466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673367/; classtype:trojan-activity;sid:84536467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673368/; classtype:trojan-activity;sid:84536468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673369/; classtype:trojan-activity;sid:84536469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673352)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673352/; classtype:trojan-activity;sid:84536452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673350)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673350/; classtype:trojan-activity;sid:84536450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673351)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673351/; classtype:trojan-activity;sid:84536451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673336/; classtype:trojan-activity;sid:84536436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673337)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673337/; classtype:trojan-activity;sid:84536437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673338)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673338/; classtype:trojan-activity;sid:84536438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673339)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673339/; classtype:trojan-activity;sid:84536439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673340)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673340/; classtype:trojan-activity;sid:84536440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673341)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673341/; classtype:trojan-activity;sid:84536441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673342)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673342/; classtype:trojan-activity;sid:84536442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673343/; classtype:trojan-activity;sid:84536443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673344)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673344/; classtype:trojan-activity;sid:84536444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673345/; classtype:trojan-activity;sid:84536445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673346)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673346/; classtype:trojan-activity;sid:84536446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673347)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673347/; classtype:trojan-activity;sid:84536447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673348)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673348/; classtype:trojan-activity;sid:84536448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673349)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673349/; classtype:trojan-activity;sid:84536449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673335/; classtype:trojan-activity;sid:84536435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673331/; classtype:trojan-activity;sid:84536431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673332/; classtype:trojan-activity;sid:84536432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673333/; classtype:trojan-activity;sid:84536433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673334)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673334/; classtype:trojan-activity;sid:84536434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673317)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673317/; classtype:trojan-activity;sid:84536417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673318)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673318/; classtype:trojan-activity;sid:84536418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673319/; classtype:trojan-activity;sid:84536419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673320)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673320/; classtype:trojan-activity;sid:84536420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673321/; classtype:trojan-activity;sid:84536421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673322)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673322/; classtype:trojan-activity;sid:84536422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673323)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673323/; classtype:trojan-activity;sid:84536423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673324)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673324/; classtype:trojan-activity;sid:84536424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673325)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673325/; classtype:trojan-activity;sid:84536425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673326/; classtype:trojan-activity;sid:84536426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673327)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673327/; classtype:trojan-activity;sid:84536427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673328)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673328/; classtype:trojan-activity;sid:84536428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673329/; classtype:trojan-activity;sid:84536429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673330/; classtype:trojan-activity;sid:84536430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673316)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673316/; classtype:trojan-activity;sid:84536416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673296/; classtype:trojan-activity;sid:84536396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673297/; classtype:trojan-activity;sid:84536397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673298/; classtype:trojan-activity;sid:84536398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673299/; classtype:trojan-activity;sid:84536399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673300)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673300/; classtype:trojan-activity;sid:84536400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673301)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673301/; classtype:trojan-activity;sid:84536401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673302/; classtype:trojan-activity;sid:84536402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673303/; classtype:trojan-activity;sid:84536403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673304)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673304/; classtype:trojan-activity;sid:84536404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673305/; classtype:trojan-activity;sid:84536405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673306/; classtype:trojan-activity;sid:84536406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673307)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673307/; classtype:trojan-activity;sid:84536407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673308/; classtype:trojan-activity;sid:84536408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673309/; classtype:trojan-activity;sid:84536409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673310)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673310/; classtype:trojan-activity;sid:84536410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673311)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673311/; classtype:trojan-activity;sid:84536411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673312)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673312/; classtype:trojan-activity;sid:84536412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673313)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673313/; classtype:trojan-activity;sid:84536413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673314)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673314/; classtype:trojan-activity;sid:84536414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673315/; classtype:trojan-activity;sid:84536415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673295/; classtype:trojan-activity;sid:84536395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673287/; classtype:trojan-activity;sid:84536387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673288/; classtype:trojan-activity;sid:84536388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673289/; classtype:trojan-activity;sid:84536389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673290/; classtype:trojan-activity;sid:84536390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673291/; classtype:trojan-activity;sid:84536391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673292/; classtype:trojan-activity;sid:84536392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673293/; classtype:trojan-activity;sid:84536393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673294/; classtype:trojan-activity;sid:84536394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673286/; classtype:trojan-activity;sid:84536386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673285)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673285/; classtype:trojan-activity;sid:84536385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673282/; classtype:trojan-activity;sid:84536382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673283/; classtype:trojan-activity;sid:84536383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673284)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673284/; classtype:trojan-activity;sid:84536384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673280/; classtype:trojan-activity;sid:84536380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673281/; classtype:trojan-activity;sid:84536381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673272)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673272/; classtype:trojan-activity;sid:84536372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673273)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673273/; classtype:trojan-activity;sid:84536373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673274/; classtype:trojan-activity;sid:84536374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673275/; classtype:trojan-activity;sid:84536375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673276/; classtype:trojan-activity;sid:84536376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673277/; classtype:trojan-activity;sid:84536377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673278/; classtype:trojan-activity;sid:84536378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673279)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673279/; classtype:trojan-activity;sid:84536379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673271)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673271/; classtype:trojan-activity;sid:84536371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673265)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673265/; classtype:trojan-activity;sid:84536365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673266)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673266/; classtype:trojan-activity;sid:84536366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673267)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673267/; classtype:trojan-activity;sid:84536367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673268)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673268/; classtype:trojan-activity;sid:84536368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673269)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673269/; classtype:trojan-activity;sid:84536369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673270)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673270/; classtype:trojan-activity;sid:84536370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673248/; classtype:trojan-activity;sid:84536348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673249/; classtype:trojan-activity;sid:84536349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673250/; classtype:trojan-activity;sid:84536350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673251/; classtype:trojan-activity;sid:84536351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673252/; classtype:trojan-activity;sid:84536352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673253/; classtype:trojan-activity;sid:84536353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673254/; classtype:trojan-activity;sid:84536354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673255)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673255/; classtype:trojan-activity;sid:84536355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673256)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673256/; classtype:trojan-activity;sid:84536356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673257/; classtype:trojan-activity;sid:84536357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673258/; classtype:trojan-activity;sid:84536358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673259)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673259/; classtype:trojan-activity;sid:84536359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673260)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673260/; classtype:trojan-activity;sid:84536360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673261)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673261/; classtype:trojan-activity;sid:84536361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673262)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673262/; classtype:trojan-activity;sid:84536362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673263)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673263/; classtype:trojan-activity;sid:84536363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673264)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673264/; classtype:trojan-activity;sid:84536364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673237)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673237/; classtype:trojan-activity;sid:84536337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673238/; classtype:trojan-activity;sid:84536338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673239/; classtype:trojan-activity;sid:84536339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673240)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673240/; classtype:trojan-activity;sid:84536340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673241/; classtype:trojan-activity;sid:84536341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673242)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673242/; classtype:trojan-activity;sid:84536342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673243/; classtype:trojan-activity;sid:84536343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673244)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673244/; classtype:trojan-activity;sid:84536344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673245)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673245/; classtype:trojan-activity;sid:84536345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673246/; classtype:trojan-activity;sid:84536346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673247/; classtype:trojan-activity;sid:84536347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673236/; classtype:trojan-activity;sid:84536336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673235/; classtype:trojan-activity;sid:84536335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673234)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673234/; classtype:trojan-activity;sid:84536334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673198)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673198/; classtype:trojan-activity;sid:84536298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673199/; classtype:trojan-activity;sid:84536299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673200/; classtype:trojan-activity;sid:84536300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673201)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673201/; classtype:trojan-activity;sid:84536301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673202/; classtype:trojan-activity;sid:84536302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673203/; classtype:trojan-activity;sid:84536303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673204)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673204/; classtype:trojan-activity;sid:84536304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673205)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673205/; classtype:trojan-activity;sid:84536305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673206)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673206/; classtype:trojan-activity;sid:84536306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673207/; classtype:trojan-activity;sid:84536307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673208)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673208/; classtype:trojan-activity;sid:84536308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673209/; classtype:trojan-activity;sid:84536309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673210)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673210/; classtype:trojan-activity;sid:84536310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673211/; classtype:trojan-activity;sid:84536311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673212)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673212/; classtype:trojan-activity;sid:84536312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673213)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673213/; classtype:trojan-activity;sid:84536313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673214)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673214/; classtype:trojan-activity;sid:84536314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673215)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673215/; classtype:trojan-activity;sid:84536315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673216)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673216/; classtype:trojan-activity;sid:84536316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673217)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673217/; classtype:trojan-activity;sid:84536317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673218)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673218/; classtype:trojan-activity;sid:84536318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673219/; classtype:trojan-activity;sid:84536319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673220/; classtype:trojan-activity;sid:84536320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673221)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673221/; classtype:trojan-activity;sid:84536321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673222/; classtype:trojan-activity;sid:84536322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673223/; classtype:trojan-activity;sid:84536323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673224)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673224/; classtype:trojan-activity;sid:84536324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673225/; classtype:trojan-activity;sid:84536325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673226)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673226/; classtype:trojan-activity;sid:84536326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673227/; classtype:trojan-activity;sid:84536327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673228/; classtype:trojan-activity;sid:84536328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673229/; classtype:trojan-activity;sid:84536329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673230/; classtype:trojan-activity;sid:84536330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673231/; classtype:trojan-activity;sid:84536331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673232)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673232/; classtype:trojan-activity;sid:84536332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673233)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673233/; classtype:trojan-activity;sid:84536333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673197/; classtype:trojan-activity;sid:84536297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673196/; classtype:trojan-activity;sid:84536296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673191/; classtype:trojan-activity;sid:84536291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673192/; classtype:trojan-activity;sid:84536292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673193/; classtype:trojan-activity;sid:84536293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673194/; classtype:trojan-activity;sid:84536294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673195/; classtype:trojan-activity;sid:84536295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673185/; classtype:trojan-activity;sid:84536285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673186/; classtype:trojan-activity;sid:84536286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673187/; classtype:trojan-activity;sid:84536287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673188/; classtype:trojan-activity;sid:84536288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673189/; classtype:trojan-activity;sid:84536289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673190/; classtype:trojan-activity;sid:84536290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673154/; classtype:trojan-activity;sid:84536254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673155/; classtype:trojan-activity;sid:84536255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673156/; classtype:trojan-activity;sid:84536256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673157/; classtype:trojan-activity;sid:84536257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673158)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673158/; classtype:trojan-activity;sid:84536258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673159)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673159/; classtype:trojan-activity;sid:84536259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673160/; classtype:trojan-activity;sid:84536260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673161)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673161/; classtype:trojan-activity;sid:84536261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673162)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673162/; classtype:trojan-activity;sid:84536262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673163)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673163/; classtype:trojan-activity;sid:84536263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673164)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673164/; classtype:trojan-activity;sid:84536264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673165)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673165/; classtype:trojan-activity;sid:84536265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673166)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673166/; classtype:trojan-activity;sid:84536266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673167/; classtype:trojan-activity;sid:84536267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673168/; classtype:trojan-activity;sid:84536268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673169)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673169/; classtype:trojan-activity;sid:84536269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673170)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673170/; classtype:trojan-activity;sid:84536270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673171/; classtype:trojan-activity;sid:84536271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673172/; classtype:trojan-activity;sid:84536272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673173/; classtype:trojan-activity;sid:84536273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673174)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673174/; classtype:trojan-activity;sid:84536274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673175/; classtype:trojan-activity;sid:84536275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673176)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673176/; classtype:trojan-activity;sid:84536276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673177/; classtype:trojan-activity;sid:84536277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673178/; classtype:trojan-activity;sid:84536278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673179/; classtype:trojan-activity;sid:84536279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673180)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673180/; classtype:trojan-activity;sid:84536280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673181)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673181/; classtype:trojan-activity;sid:84536281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673182/; classtype:trojan-activity;sid:84536282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673183/; classtype:trojan-activity;sid:84536283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673184/; classtype:trojan-activity;sid:84536284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673149/; classtype:trojan-activity;sid:84536249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673150/; classtype:trojan-activity;sid:84536250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673151/; classtype:trojan-activity;sid:84536251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673152/; classtype:trojan-activity;sid:84536252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673153/; classtype:trojan-activity;sid:84536253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673148/; classtype:trojan-activity;sid:84536248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673144/; classtype:trojan-activity;sid:84536244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673145/; classtype:trojan-activity;sid:84536245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673146/; classtype:trojan-activity;sid:84536246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673147/; classtype:trojan-activity;sid:84536247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673122)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673122/; classtype:trojan-activity;sid:84536222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673123)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673123/; classtype:trojan-activity;sid:84536223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673124)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673124/; classtype:trojan-activity;sid:84536224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673125)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673125/; classtype:trojan-activity;sid:84536225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673126)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673126/; classtype:trojan-activity;sid:84536226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673127)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673127/; classtype:trojan-activity;sid:84536227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673128)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673128/; classtype:trojan-activity;sid:84536228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673129/; classtype:trojan-activity;sid:84536229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673130)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673130/; classtype:trojan-activity;sid:84536230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673131)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673131/; classtype:trojan-activity;sid:84536231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673132/; classtype:trojan-activity;sid:84536232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673133)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673133/; classtype:trojan-activity;sid:84536233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673134)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673134/; classtype:trojan-activity;sid:84536234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673135)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673135/; classtype:trojan-activity;sid:84536235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673136)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673136/; classtype:trojan-activity;sid:84536236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673137)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673137/; classtype:trojan-activity;sid:84536237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673138)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673138/; classtype:trojan-activity;sid:84536238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673139)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673139/; classtype:trojan-activity;sid:84536239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673140)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673140/; classtype:trojan-activity;sid:84536240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673141)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673141/; classtype:trojan-activity;sid:84536241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673142/; classtype:trojan-activity;sid:84536242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673143/; classtype:trojan-activity;sid:84536243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673112/; classtype:trojan-activity;sid:84536212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673113/; classtype:trojan-activity;sid:84536213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673114/; classtype:trojan-activity;sid:84536214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673115/; classtype:trojan-activity;sid:84536215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673116/; classtype:trojan-activity;sid:84536216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673117/; classtype:trojan-activity;sid:84536217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673118)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673118/; classtype:trojan-activity;sid:84536218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673119/; classtype:trojan-activity;sid:84536219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673120)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673120/; classtype:trojan-activity;sid:84536220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673121)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673121/; classtype:trojan-activity;sid:84536221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673111/; classtype:trojan-activity;sid:84536211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673110)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673110/; classtype:trojan-activity;sid:84536210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673094)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673094/; classtype:trojan-activity;sid:84536194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673095)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673095/; classtype:trojan-activity;sid:84536195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673096)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673096/; classtype:trojan-activity;sid:84536196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673097/; classtype:trojan-activity;sid:84536197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673098/; classtype:trojan-activity;sid:84536198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673099/; classtype:trojan-activity;sid:84536199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673100/; classtype:trojan-activity;sid:84536200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673101/; classtype:trojan-activity;sid:84536201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673102/; classtype:trojan-activity;sid:84536202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673103/; classtype:trojan-activity;sid:84536203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673104/; classtype:trojan-activity;sid:84536204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673105/; classtype:trojan-activity;sid:84536205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673106/; classtype:trojan-activity;sid:84536206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673107/; classtype:trojan-activity;sid:84536207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673108/; classtype:trojan-activity;sid:84536208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673109/; classtype:trojan-activity;sid:84536209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673084/; classtype:trojan-activity;sid:84536184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673085/; classtype:trojan-activity;sid:84536185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673086/; classtype:trojan-activity;sid:84536186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673087/; classtype:trojan-activity;sid:84536187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673088/; classtype:trojan-activity;sid:84536188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673089)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673089/; classtype:trojan-activity;sid:84536189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673090/; classtype:trojan-activity;sid:84536190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673091)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673091/; classtype:trojan-activity;sid:84536191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673092)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673092/; classtype:trojan-activity;sid:84536192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673093)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673093/; classtype:trojan-activity;sid:84536193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673076/; classtype:trojan-activity;sid:84536176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673077/; classtype:trojan-activity;sid:84536177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673078)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673078/; classtype:trojan-activity;sid:84536178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673079/; classtype:trojan-activity;sid:84536179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673080/; classtype:trojan-activity;sid:84536180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673081/; classtype:trojan-activity;sid:84536181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673082/; classtype:trojan-activity;sid:84536182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673083/; classtype:trojan-activity;sid:84536183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673069/; classtype:trojan-activity;sid:84536169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673070/; classtype:trojan-activity;sid:84536170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673071/; classtype:trojan-activity;sid:84536171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673072/; classtype:trojan-activity;sid:84536172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673073)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673073/; classtype:trojan-activity;sid:84536173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673074/; classtype:trojan-activity;sid:84536174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673075/; classtype:trojan-activity;sid:84536175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673068/; classtype:trojan-activity;sid:84536168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673067/; classtype:trojan-activity;sid:84536167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673060/; classtype:trojan-activity;sid:84536160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673061/; classtype:trojan-activity;sid:84536161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673062/; classtype:trojan-activity;sid:84536162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673063/; classtype:trojan-activity;sid:84536163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673064/; classtype:trojan-activity;sid:84536164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.mipsel"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673065/; classtype:trojan-activity;sid:84536165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673066/; classtype:trojan-activity;sid:84536166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673058/; classtype:trojan-activity;sid:84536158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673059/; classtype:trojan-activity;sid:84536159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673057/; classtype:trojan-activity;sid:84536157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673051/; classtype:trojan-activity;sid:84536151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673052/; classtype:trojan-activity;sid:84536152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673053/; classtype:trojan-activity;sid:84536153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673054/; classtype:trojan-activity;sid:84536154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673055/; classtype:trojan-activity;sid:84536155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673056/; classtype:trojan-activity;sid:84536156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673047/; classtype:trojan-activity;sid:84536147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673048/; classtype:trojan-activity;sid:84536148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673049/; classtype:trojan-activity;sid:84536149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673050)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673050/; classtype:trojan-activity;sid:84536150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673022/; classtype:trojan-activity;sid:84536122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673023/; classtype:trojan-activity;sid:84536123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673024/; classtype:trojan-activity;sid:84536124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673025/; classtype:trojan-activity;sid:84536125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673026/; classtype:trojan-activity;sid:84536126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673027/; classtype:trojan-activity;sid:84536127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673028/; classtype:trojan-activity;sid:84536128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673029/; classtype:trojan-activity;sid:84536129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673030/; classtype:trojan-activity;sid:84536130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673031/; classtype:trojan-activity;sid:84536131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673032/; classtype:trojan-activity;sid:84536132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673033/; classtype:trojan-activity;sid:84536133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673034/; classtype:trojan-activity;sid:84536134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673035)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673035/; classtype:trojan-activity;sid:84536135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673036/; classtype:trojan-activity;sid:84536136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673037/; classtype:trojan-activity;sid:84536137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673038)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673038/; classtype:trojan-activity;sid:84536138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673039/; classtype:trojan-activity;sid:84536139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673040)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673040/; classtype:trojan-activity;sid:84536140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673041)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673041/; classtype:trojan-activity;sid:84536141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673042/; classtype:trojan-activity;sid:84536142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673043/; classtype:trojan-activity;sid:84536143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673044/; classtype:trojan-activity;sid:84536144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673045/; classtype:trojan-activity;sid:84536145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673046/; classtype:trojan-activity;sid:84536146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673012/; classtype:trojan-activity;sid:84536112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673013)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673013/; classtype:trojan-activity;sid:84536113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673014/; classtype:trojan-activity;sid:84536114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673015/; classtype:trojan-activity;sid:84536115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673016/; classtype:trojan-activity;sid:84536116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673017/; classtype:trojan-activity;sid:84536117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673018/; classtype:trojan-activity;sid:84536118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673019/; classtype:trojan-activity;sid:84536119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673020/; classtype:trojan-activity;sid:84536120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673021/; classtype:trojan-activity;sid:84536121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673009/; classtype:trojan-activity;sid:84536109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673010/; classtype:trojan-activity;sid:84536110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673011/; classtype:trojan-activity;sid:84536111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672998/; classtype:trojan-activity;sid:84536098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672999/; classtype:trojan-activity;sid:84536099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673000/; classtype:trojan-activity;sid:84536100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673001/; classtype:trojan-activity;sid:84536101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673002/; classtype:trojan-activity;sid:84536102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673003/; classtype:trojan-activity;sid:84536103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673004/; classtype:trojan-activity;sid:84536104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673005/; classtype:trojan-activity;sid:84536105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673006/; classtype:trojan-activity;sid:84536106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673007/; classtype:trojan-activity;sid:84536107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3673008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3673008/; classtype:trojan-activity;sid:84536108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672997/; classtype:trojan-activity;sid:84536097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672981/; classtype:trojan-activity;sid:84536081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672982/; classtype:trojan-activity;sid:84536082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672983/; classtype:trojan-activity;sid:84536083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672984/; classtype:trojan-activity;sid:84536084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672985/; classtype:trojan-activity;sid:84536085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672986/; classtype:trojan-activity;sid:84536086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672987)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672987/; classtype:trojan-activity;sid:84536087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672988/; classtype:trojan-activity;sid:84536088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672989/; classtype:trojan-activity;sid:84536089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672990/; classtype:trojan-activity;sid:84536090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672991/; classtype:trojan-activity;sid:84536091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672992/; classtype:trojan-activity;sid:84536092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672993/; classtype:trojan-activity;sid:84536093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672994/; classtype:trojan-activity;sid:84536094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672995/; classtype:trojan-activity;sid:84536095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672996/; classtype:trojan-activity;sid:84536096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.armv7l"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672980/; classtype:trojan-activity;sid:84536080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672972/; classtype:trojan-activity;sid:84536072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672973/; classtype:trojan-activity;sid:84536073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672974)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672974/; classtype:trojan-activity;sid:84536074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672975/; classtype:trojan-activity;sid:84536075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672976/; classtype:trojan-activity;sid:84536076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672977/; classtype:trojan-activity;sid:84536077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672978/; classtype:trojan-activity;sid:84536078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672979)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672979/; classtype:trojan-activity;sid:84536079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672970)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672970/; classtype:trojan-activity;sid:84536070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672971)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672971/; classtype:trojan-activity;sid:84536071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672962)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672962/; classtype:trojan-activity;sid:84536062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672963)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672963/; classtype:trojan-activity;sid:84536063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672964/; classtype:trojan-activity;sid:84536064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672965)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672965/; classtype:trojan-activity;sid:84536065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672966)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672966/; classtype:trojan-activity;sid:84536066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672967)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672967/; classtype:trojan-activity;sid:84536067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672968)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672968/; classtype:trojan-activity;sid:84536068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672969)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672969/; classtype:trojan-activity;sid:84536069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672945)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672945/; classtype:trojan-activity;sid:84536045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672946)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672946/; classtype:trojan-activity;sid:84536046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672947/; classtype:trojan-activity;sid:84536047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672948/; classtype:trojan-activity;sid:84536048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672949/; classtype:trojan-activity;sid:84536049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672950/; classtype:trojan-activity;sid:84536050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672951/; classtype:trojan-activity;sid:84536051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672952/; classtype:trojan-activity;sid:84536052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672953/; classtype:trojan-activity;sid:84536053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672954/; classtype:trojan-activity;sid:84536054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672955)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672955/; classtype:trojan-activity;sid:84536055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672956/; classtype:trojan-activity;sid:84536056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672957)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672957/; classtype:trojan-activity;sid:84536057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672958/; classtype:trojan-activity;sid:84536058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672959/; classtype:trojan-activity;sid:84536059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672960/; classtype:trojan-activity;sid:84536060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672961/; classtype:trojan-activity;sid:84536061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672939/; classtype:trojan-activity;sid:84536039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672940/; classtype:trojan-activity;sid:84536040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672941/; classtype:trojan-activity;sid:84536041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672942/; classtype:trojan-activity;sid:84536042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672943/; classtype:trojan-activity;sid:84536043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672944/; classtype:trojan-activity;sid:84536044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672935/; classtype:trojan-activity;sid:84536035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672936)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672936/; classtype:trojan-activity;sid:84536036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672937/; classtype:trojan-activity;sid:84536037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672938/; classtype:trojan-activity;sid:84536038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672929)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672929/; classtype:trojan-activity;sid:84536029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672930/; classtype:trojan-activity;sid:84536030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672931)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672931/; classtype:trojan-activity;sid:84536031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672932/; classtype:trojan-activity;sid:84536032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672933/; classtype:trojan-activity;sid:84536033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672934/; classtype:trojan-activity;sid:84536034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672913/; classtype:trojan-activity;sid:84536013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672914/; classtype:trojan-activity;sid:84536014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672915/; classtype:trojan-activity;sid:84536015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672916/; classtype:trojan-activity;sid:84536016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672917/; classtype:trojan-activity;sid:84536017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672918/; classtype:trojan-activity;sid:84536018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672919/; classtype:trojan-activity;sid:84536019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672920)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672920/; classtype:trojan-activity;sid:84536020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672921/; classtype:trojan-activity;sid:84536021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672922/; classtype:trojan-activity;sid:84536022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672923/; classtype:trojan-activity;sid:84536023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672924)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672924/; classtype:trojan-activity;sid:84536024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672925)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672925/; classtype:trojan-activity;sid:84536025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672926)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672926/; classtype:trojan-activity;sid:84536026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672927/; classtype:trojan-activity;sid:84536027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672928/; classtype:trojan-activity;sid:84536028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672901/; classtype:trojan-activity;sid:84536001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672902/; classtype:trojan-activity;sid:84536002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672903/; classtype:trojan-activity;sid:84536003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672904/; classtype:trojan-activity;sid:84536004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672905/; classtype:trojan-activity;sid:84536005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672906/; classtype:trojan-activity;sid:84536006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672907/; classtype:trojan-activity;sid:84536007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672908/; classtype:trojan-activity;sid:84536008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672909/; classtype:trojan-activity;sid:84536009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672910/; classtype:trojan-activity;sid:84536010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672911/; classtype:trojan-activity;sid:84536011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672912/; classtype:trojan-activity;sid:84536012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672897/; classtype:trojan-activity;sid:84535997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672898/; classtype:trojan-activity;sid:84535998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672899/; classtype:trojan-activity;sid:84535999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672900/; classtype:trojan-activity;sid:84536000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672894/; classtype:trojan-activity;sid:84535994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672895/; classtype:trojan-activity;sid:84535995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672896/; classtype:trojan-activity;sid:84535996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672891)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672891/; classtype:trojan-activity;sid:84535991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672892)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672892/; classtype:trojan-activity;sid:84535992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672893/; classtype:trojan-activity;sid:84535993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672869/; classtype:trojan-activity;sid:84535969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672870/; classtype:trojan-activity;sid:84535970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672871/; classtype:trojan-activity;sid:84535971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672872/; classtype:trojan-activity;sid:84535972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672873/; classtype:trojan-activity;sid:84535973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672874/; classtype:trojan-activity;sid:84535974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672875/; classtype:trojan-activity;sid:84535975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672876)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672876/; classtype:trojan-activity;sid:84535976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672877/; classtype:trojan-activity;sid:84535977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672878/; classtype:trojan-activity;sid:84535978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672879/; classtype:trojan-activity;sid:84535979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672880/; classtype:trojan-activity;sid:84535980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672881/; classtype:trojan-activity;sid:84535981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672882/; classtype:trojan-activity;sid:84535982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672883/; classtype:trojan-activity;sid:84535983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672884)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672884/; classtype:trojan-activity;sid:84535984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672885/; classtype:trojan-activity;sid:84535985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672886/; classtype:trojan-activity;sid:84535986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672887/; classtype:trojan-activity;sid:84535987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672888/; classtype:trojan-activity;sid:84535988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672889/; classtype:trojan-activity;sid:84535989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672890/; classtype:trojan-activity;sid:84535990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672864/; classtype:trojan-activity;sid:84535964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672865/; classtype:trojan-activity;sid:84535965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672866)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672866/; classtype:trojan-activity;sid:84535966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672867/; classtype:trojan-activity;sid:84535967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672868/; classtype:trojan-activity;sid:84535968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672833/; classtype:trojan-activity;sid:84535933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672834/; classtype:trojan-activity;sid:84535934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672835/; classtype:trojan-activity;sid:84535935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672836/; classtype:trojan-activity;sid:84535936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672837/; classtype:trojan-activity;sid:84535937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672838/; classtype:trojan-activity;sid:84535938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672839/; classtype:trojan-activity;sid:84535939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672840/; classtype:trojan-activity;sid:84535940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672841/; classtype:trojan-activity;sid:84535941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672842/; classtype:trojan-activity;sid:84535942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672843/; classtype:trojan-activity;sid:84535943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672844/; classtype:trojan-activity;sid:84535944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672845/; classtype:trojan-activity;sid:84535945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672846/; classtype:trojan-activity;sid:84535946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672847/; classtype:trojan-activity;sid:84535947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672848/; classtype:trojan-activity;sid:84535948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672849/; classtype:trojan-activity;sid:84535949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672850)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672850/; classtype:trojan-activity;sid:84535950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672851)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672851/; classtype:trojan-activity;sid:84535951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672852/; classtype:trojan-activity;sid:84535952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672853/; classtype:trojan-activity;sid:84535953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672854/; classtype:trojan-activity;sid:84535954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672855)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672855/; classtype:trojan-activity;sid:84535955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672856)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672856/; classtype:trojan-activity;sid:84535956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672857)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672857/; classtype:trojan-activity;sid:84535957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672858)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672858/; classtype:trojan-activity;sid:84535958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672859/; classtype:trojan-activity;sid:84535959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672860)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672860/; classtype:trojan-activity;sid:84535960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672861/; classtype:trojan-activity;sid:84535961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672862/; classtype:trojan-activity;sid:84535962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672863/; classtype:trojan-activity;sid:84535963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672831/; classtype:trojan-activity;sid:84535931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672832/; classtype:trojan-activity;sid:84535932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672828/; classtype:trojan-activity;sid:84535928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672829/; classtype:trojan-activity;sid:84535929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672830)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672830/; classtype:trojan-activity;sid:84535930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672821/; classtype:trojan-activity;sid:84535921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672822)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672822/; classtype:trojan-activity;sid:84535922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672823/; classtype:trojan-activity;sid:84535923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672824/; classtype:trojan-activity;sid:84535924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672825)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672825/; classtype:trojan-activity;sid:84535925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672826/; classtype:trojan-activity;sid:84535926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672827)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672827/; classtype:trojan-activity;sid:84535927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672820/; classtype:trojan-activity;sid:84535920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672808/; classtype:trojan-activity;sid:84535908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672809/; classtype:trojan-activity;sid:84535909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672810/; classtype:trojan-activity;sid:84535910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672811/; classtype:trojan-activity;sid:84535911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672812/; classtype:trojan-activity;sid:84535912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672813/; classtype:trojan-activity;sid:84535913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672814/; classtype:trojan-activity;sid:84535914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672815/; classtype:trojan-activity;sid:84535915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672816/; classtype:trojan-activity;sid:84535916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672817/; classtype:trojan-activity;sid:84535917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672818/; classtype:trojan-activity;sid:84535918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672819)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672819/; classtype:trojan-activity;sid:84535919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672807/; classtype:trojan-activity;sid:84535907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672806/; classtype:trojan-activity;sid:84535906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672805/; classtype:trojan-activity;sid:84535905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672792)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672792/; classtype:trojan-activity;sid:84535892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672793/; classtype:trojan-activity;sid:84535893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672794/; classtype:trojan-activity;sid:84535894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672795/; classtype:trojan-activity;sid:84535895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672796/; classtype:trojan-activity;sid:84535896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672797/; classtype:trojan-activity;sid:84535897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672798/; classtype:trojan-activity;sid:84535898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672799/; classtype:trojan-activity;sid:84535899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672800/; classtype:trojan-activity;sid:84535900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672801/; classtype:trojan-activity;sid:84535901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672802/; classtype:trojan-activity;sid:84535902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672803/; classtype:trojan-activity;sid:84535903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672804/; classtype:trojan-activity;sid:84535904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672791)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672791/; classtype:trojan-activity;sid:84535891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672772/; classtype:trojan-activity;sid:84535872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672773/; classtype:trojan-activity;sid:84535873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672774/; classtype:trojan-activity;sid:84535874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672775/; classtype:trojan-activity;sid:84535875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672776/; classtype:trojan-activity;sid:84535876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672777/; classtype:trojan-activity;sid:84535877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672778/; classtype:trojan-activity;sid:84535878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672779/; classtype:trojan-activity;sid:84535879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672780/; classtype:trojan-activity;sid:84535880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672781/; classtype:trojan-activity;sid:84535881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672782/; classtype:trojan-activity;sid:84535882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672783/; classtype:trojan-activity;sid:84535883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672784/; classtype:trojan-activity;sid:84535884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672785/; classtype:trojan-activity;sid:84535885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672786/; classtype:trojan-activity;sid:84535886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672787/; classtype:trojan-activity;sid:84535887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672788/; classtype:trojan-activity;sid:84535888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672789/; classtype:trojan-activity;sid:84535889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672790)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672790/; classtype:trojan-activity;sid:84535890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672771/; classtype:trojan-activity;sid:84535871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672763/; classtype:trojan-activity;sid:84535863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672764/; classtype:trojan-activity;sid:84535864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672765/; classtype:trojan-activity;sid:84535865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672766/; classtype:trojan-activity;sid:84535866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672767/; classtype:trojan-activity;sid:84535867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672768/; classtype:trojan-activity;sid:84535868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672769/; classtype:trojan-activity;sid:84535869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672770/; classtype:trojan-activity;sid:84535870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672756/; classtype:trojan-activity;sid:84535856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672757/; classtype:trojan-activity;sid:84535857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672758/; classtype:trojan-activity;sid:84535858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672759/; classtype:trojan-activity;sid:84535859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672760/; classtype:trojan-activity;sid:84535860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672761/; classtype:trojan-activity;sid:84535861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672762/; classtype:trojan-activity;sid:84535862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672755/; classtype:trojan-activity;sid:84535855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672750/; classtype:trojan-activity;sid:84535850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672751)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672751/; classtype:trojan-activity;sid:84535851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672752/; classtype:trojan-activity;sid:84535852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672753)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"artier-recourser.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672753/; classtype:trojan-activity;sid:84535853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672754)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672754/; classtype:trojan-activity;sid:84535854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672749)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672749/; classtype:trojan-activity;sid:84535849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672739/; classtype:trojan-activity;sid:84535839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672740/; classtype:trojan-activity;sid:84535840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672741/; classtype:trojan-activity;sid:84535841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672742/; classtype:trojan-activity;sid:84535842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672743/; classtype:trojan-activity;sid:84535843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672744/; classtype:trojan-activity;sid:84535844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672745/; classtype:trojan-activity;sid:84535845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672746/; classtype:trojan-activity;sid:84535846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672747/; classtype:trojan-activity;sid:84535847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672748/; classtype:trojan-activity;sid:84535848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672738/; classtype:trojan-activity;sid:84535838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672735/; classtype:trojan-activity;sid:84535835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672736/; classtype:trojan-activity;sid:84535836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672737/; classtype:trojan-activity;sid:84535837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672715/; classtype:trojan-activity;sid:84535815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672716)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672716/; classtype:trojan-activity;sid:84535816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672717)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672717/; classtype:trojan-activity;sid:84535817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672718/; classtype:trojan-activity;sid:84535818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672719)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672719/; classtype:trojan-activity;sid:84535819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672720)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672720/; classtype:trojan-activity;sid:84535820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672721)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672721/; classtype:trojan-activity;sid:84535821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672722)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672722/; classtype:trojan-activity;sid:84535822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672723)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672723/; classtype:trojan-activity;sid:84535823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672724)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672724/; classtype:trojan-activity;sid:84535824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672725)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672725/; classtype:trojan-activity;sid:84535825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672726/; classtype:trojan-activity;sid:84535826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672727/; classtype:trojan-activity;sid:84535827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672728/; classtype:trojan-activity;sid:84535828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672729/; classtype:trojan-activity;sid:84535829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672730)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672730/; classtype:trojan-activity;sid:84535830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672731)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672731/; classtype:trojan-activity;sid:84535831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672732/; classtype:trojan-activity;sid:84535832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672733/; classtype:trojan-activity;sid:84535833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672734)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672734/; classtype:trojan-activity;sid:84535834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672714)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672714/; classtype:trojan-activity;sid:84535814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672712)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672712/; classtype:trojan-activity;sid:84535812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672713/; classtype:trojan-activity;sid:84535813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672700/; classtype:trojan-activity;sid:84535800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672701/; classtype:trojan-activity;sid:84535801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672702/; classtype:trojan-activity;sid:84535802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672703/; classtype:trojan-activity;sid:84535803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672704/; classtype:trojan-activity;sid:84535804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672705/; classtype:trojan-activity;sid:84535805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672706/; classtype:trojan-activity;sid:84535806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672707/; classtype:trojan-activity;sid:84535807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672708/; classtype:trojan-activity;sid:84535808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672709/; classtype:trojan-activity;sid:84535809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672710/; classtype:trojan-activity;sid:84535810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672711/; classtype:trojan-activity;sid:84535811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672692/; classtype:trojan-activity;sid:84535792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672693/; classtype:trojan-activity;sid:84535793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672694/; classtype:trojan-activity;sid:84535794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672695/; classtype:trojan-activity;sid:84535795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672696/; classtype:trojan-activity;sid:84535796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672697/; classtype:trojan-activity;sid:84535797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672698/; classtype:trojan-activity;sid:84535798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672699/; classtype:trojan-activity;sid:84535799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672691/; classtype:trojan-activity;sid:84535791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672690/; classtype:trojan-activity;sid:84535790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672687/; classtype:trojan-activity;sid:84535787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672688/; classtype:trojan-activity;sid:84535788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672689/; classtype:trojan-activity;sid:84535789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672685/; classtype:trojan-activity;sid:84535785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672686/; classtype:trojan-activity;sid:84535786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672657/; classtype:trojan-activity;sid:84535757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672658/; classtype:trojan-activity;sid:84535758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672659)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672659/; classtype:trojan-activity;sid:84535759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672660/; classtype:trojan-activity;sid:84535760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672661)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672661/; classtype:trojan-activity;sid:84535761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672662/; classtype:trojan-activity;sid:84535762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672663)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672663/; classtype:trojan-activity;sid:84535763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672664)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672664/; classtype:trojan-activity;sid:84535764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672665)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672665/; classtype:trojan-activity;sid:84535765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672666)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672666/; classtype:trojan-activity;sid:84535766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672667)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672667/; classtype:trojan-activity;sid:84535767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672668)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672668/; classtype:trojan-activity;sid:84535768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672669)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672669/; classtype:trojan-activity;sid:84535769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672670/; classtype:trojan-activity;sid:84535770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672671/; classtype:trojan-activity;sid:84535771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672672/; classtype:trojan-activity;sid:84535772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672673/; classtype:trojan-activity;sid:84535773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672674/; classtype:trojan-activity;sid:84535774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672675/; classtype:trojan-activity;sid:84535775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672676/; classtype:trojan-activity;sid:84535776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672677/; classtype:trojan-activity;sid:84535777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672678/; classtype:trojan-activity;sid:84535778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672679/; classtype:trojan-activity;sid:84535779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672680/; classtype:trojan-activity;sid:84535780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672681/; classtype:trojan-activity;sid:84535781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672682/; classtype:trojan-activity;sid:84535782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672683/; classtype:trojan-activity;sid:84535783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672684/; classtype:trojan-activity;sid:84535784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672654/; classtype:trojan-activity;sid:84535754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672655/; classtype:trojan-activity;sid:84535755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672656/; classtype:trojan-activity;sid:84535756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672653/; classtype:trojan-activity;sid:84535753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672651/; classtype:trojan-activity;sid:84535751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672652/; classtype:trojan-activity;sid:84535752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672649/; classtype:trojan-activity;sid:84535749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672650/; classtype:trojan-activity;sid:84535750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672646/; classtype:trojan-activity;sid:84535746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672647/; classtype:trojan-activity;sid:84535747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672648/; classtype:trojan-activity;sid:84535748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672644)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672644/; classtype:trojan-activity;sid:84535744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672645)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672645/; classtype:trojan-activity;sid:84535745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672641/; classtype:trojan-activity;sid:84535741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672642/; classtype:trojan-activity;sid:84535742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672643)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672643/; classtype:trojan-activity;sid:84535743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672636/; classtype:trojan-activity;sid:84535736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672637)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672637/; classtype:trojan-activity;sid:84535737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672638)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672638/; classtype:trojan-activity;sid:84535738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672639)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672639/; classtype:trojan-activity;sid:84535739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672640)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672640/; classtype:trojan-activity;sid:84535740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672626)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672626/; classtype:trojan-activity;sid:84535726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672627/; classtype:trojan-activity;sid:84535727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672628)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672628/; classtype:trojan-activity;sid:84535728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672629)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672629/; classtype:trojan-activity;sid:84535729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672630)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672630/; classtype:trojan-activity;sid:84535730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672631)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672631/; classtype:trojan-activity;sid:84535731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672632/; classtype:trojan-activity;sid:84535732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672633/; classtype:trojan-activity;sid:84535733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672634/; classtype:trojan-activity;sid:84535734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672635)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672635/; classtype:trojan-activity;sid:84535735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672623)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672623/; classtype:trojan-activity;sid:84535723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672624)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672624/; classtype:trojan-activity;sid:84535724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672625)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672625/; classtype:trojan-activity;sid:84535725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672612)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672612/; classtype:trojan-activity;sid:84535712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672613)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672613/; classtype:trojan-activity;sid:84535713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672614)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672614/; classtype:trojan-activity;sid:84535714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672615)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672615/; classtype:trojan-activity;sid:84535715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672616)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672616/; classtype:trojan-activity;sid:84535716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672617)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672617/; classtype:trojan-activity;sid:84535717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672618)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672618/; classtype:trojan-activity;sid:84535718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672619)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672619/; classtype:trojan-activity;sid:84535719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672620)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672620/; classtype:trojan-activity;sid:84535720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672621)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672621/; classtype:trojan-activity;sid:84535721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672622)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672622/; classtype:trojan-activity;sid:84535722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672608/; classtype:trojan-activity;sid:84535708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672609)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672609/; classtype:trojan-activity;sid:84535709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672610)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672610/; classtype:trojan-activity;sid:84535710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672611)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672611/; classtype:trojan-activity;sid:84535711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672605)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672605/; classtype:trojan-activity;sid:84535705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672606)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672606/; classtype:trojan-activity;sid:84535706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672607/; classtype:trojan-activity;sid:84535707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672604)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672604/; classtype:trojan-activity;sid:84535704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672603)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672603/; classtype:trojan-activity;sid:84535703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672600)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672600/; classtype:trojan-activity;sid:84535700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672601)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672601/; classtype:trojan-activity;sid:84535701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672602)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672602/; classtype:trojan-activity;sid:84535702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672598/; classtype:trojan-activity;sid:84535698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672599/; classtype:trojan-activity;sid:84535699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672583)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672583/; classtype:trojan-activity;sid:84535683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672584)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672584/; classtype:trojan-activity;sid:84535684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672585)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672585/; classtype:trojan-activity;sid:84535685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672586)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672586/; classtype:trojan-activity;sid:84535686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672587)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672587/; classtype:trojan-activity;sid:84535687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672588)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672588/; classtype:trojan-activity;sid:84535688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672589)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672589/; classtype:trojan-activity;sid:84535689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672590)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672590/; classtype:trojan-activity;sid:84535690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672591)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672591/; classtype:trojan-activity;sid:84535691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672592)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672592/; classtype:trojan-activity;sid:84535692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672593)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672593/; classtype:trojan-activity;sid:84535693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672594)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672594/; classtype:trojan-activity;sid:84535694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672595)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672595/; classtype:trojan-activity;sid:84535695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672596)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672596/; classtype:trojan-activity;sid:84535696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672597)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672597/; classtype:trojan-activity;sid:84535697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672582)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672582/; classtype:trojan-activity;sid:84535682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672574/; classtype:trojan-activity;sid:84535674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672575/; classtype:trojan-activity;sid:84535675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672576/; classtype:trojan-activity;sid:84535676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672577/; classtype:trojan-activity;sid:84535677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672578/; classtype:trojan-activity;sid:84535678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672579/; classtype:trojan-activity;sid:84535679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672580/; classtype:trojan-activity;sid:84535680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672581)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672581/; classtype:trojan-activity;sid:84535681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672570/; classtype:trojan-activity;sid:84535670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672571/; classtype:trojan-activity;sid:84535671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672572/; classtype:trojan-activity;sid:84535672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672573/; classtype:trojan-activity;sid:84535673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672567/; classtype:trojan-activity;sid:84535667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672568/; classtype:trojan-activity;sid:84535668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672569/; classtype:trojan-activity;sid:84535669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672566/; classtype:trojan-activity;sid:84535666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672562/; classtype:trojan-activity;sid:84535662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672563/; classtype:trojan-activity;sid:84535663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672564/; classtype:trojan-activity;sid:84535664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672565/; classtype:trojan-activity;sid:84535665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672561/; classtype:trojan-activity;sid:84535661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672556/; classtype:trojan-activity;sid:84535656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672557/; classtype:trojan-activity;sid:84535657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672558/; classtype:trojan-activity;sid:84535658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672559/; classtype:trojan-activity;sid:84535659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672560)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"notificationcentral.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672560/; classtype:trojan-activity;sid:84535660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672529)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672529/; classtype:trojan-activity;sid:84535629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672530)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672530/; classtype:trojan-activity;sid:84535630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672531)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672531/; classtype:trojan-activity;sid:84535631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672532)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672532/; classtype:trojan-activity;sid:84535632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672533)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672533/; classtype:trojan-activity;sid:84535633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672534/; classtype:trojan-activity;sid:84535634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672535/; classtype:trojan-activity;sid:84535635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672536)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672536/; classtype:trojan-activity;sid:84535636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672537/; classtype:trojan-activity;sid:84535637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672538/; classtype:trojan-activity;sid:84535638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672539/; classtype:trojan-activity;sid:84535639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672540/; classtype:trojan-activity;sid:84535640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672541/; classtype:trojan-activity;sid:84535641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672542/; classtype:trojan-activity;sid:84535642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672543/; classtype:trojan-activity;sid:84535643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672544/; classtype:trojan-activity;sid:84535644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672545/; classtype:trojan-activity;sid:84535645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672546/; classtype:trojan-activity;sid:84535646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672547/; classtype:trojan-activity;sid:84535647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672548/; classtype:trojan-activity;sid:84535648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672549/; classtype:trojan-activity;sid:84535649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672550/; classtype:trojan-activity;sid:84535650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672551/; classtype:trojan-activity;sid:84535651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672552/; classtype:trojan-activity;sid:84535652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672553/; classtype:trojan-activity;sid:84535653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672554/; classtype:trojan-activity;sid:84535654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672555/; classtype:trojan-activity;sid:84535655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672528)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672528/; classtype:trojan-activity;sid:84535628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672527)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672527/; classtype:trojan-activity;sid:84535627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672525/; classtype:trojan-activity;sid:84535625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672526/; classtype:trojan-activity;sid:84535626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672513/; classtype:trojan-activity;sid:84535613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672514)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672514/; classtype:trojan-activity;sid:84535614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672515)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672515/; classtype:trojan-activity;sid:84535615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672516)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672516/; classtype:trojan-activity;sid:84535616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672517)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672517/; classtype:trojan-activity;sid:84535617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672518)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672518/; classtype:trojan-activity;sid:84535618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672519)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672519/; classtype:trojan-activity;sid:84535619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672520)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672520/; classtype:trojan-activity;sid:84535620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672521)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672521/; classtype:trojan-activity;sid:84535621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672522/; classtype:trojan-activity;sid:84535622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672523)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672523/; classtype:trojan-activity;sid:84535623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672524)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672524/; classtype:trojan-activity;sid:84535624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672503)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672503/; classtype:trojan-activity;sid:84535603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672504)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672504/; classtype:trojan-activity;sid:84535604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672505)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672505/; classtype:trojan-activity;sid:84535605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672506)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672506/; classtype:trojan-activity;sid:84535606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672507)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672507/; classtype:trojan-activity;sid:84535607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672508)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672508/; classtype:trojan-activity;sid:84535608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672509/; classtype:trojan-activity;sid:84535609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672510)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672510/; classtype:trojan-activity;sid:84535610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672511/; classtype:trojan-activity;sid:84535611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672512)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672512/; classtype:trojan-activity;sid:84535612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672502)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672502/; classtype:trojan-activity;sid:84535602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672498)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672498/; classtype:trojan-activity;sid:84535598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672499)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672499/; classtype:trojan-activity;sid:84535599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672500)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672500/; classtype:trojan-activity;sid:84535600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672501)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672501/; classtype:trojan-activity;sid:84535601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672492)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672492/; classtype:trojan-activity;sid:84535592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672493)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672493/; classtype:trojan-activity;sid:84535593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672494/; classtype:trojan-activity;sid:84535594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672495)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672495/; classtype:trojan-activity;sid:84535595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672496)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672496/; classtype:trojan-activity;sid:84535596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672497)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672497/; classtype:trojan-activity;sid:84535597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672477/; classtype:trojan-activity;sid:84535577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672478/; classtype:trojan-activity;sid:84535578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672479)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672479/; classtype:trojan-activity;sid:84535579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672480)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672480/; classtype:trojan-activity;sid:84535580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672481)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672481/; classtype:trojan-activity;sid:84535581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672482/; classtype:trojan-activity;sid:84535582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672483/; classtype:trojan-activity;sid:84535583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672484/; classtype:trojan-activity;sid:84535584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672485/; classtype:trojan-activity;sid:84535585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672486/; classtype:trojan-activity;sid:84535586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672487/; classtype:trojan-activity;sid:84535587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672488)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672488/; classtype:trojan-activity;sid:84535588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672489)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672489/; classtype:trojan-activity;sid:84535589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672490)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672490/; classtype:trojan-activity;sid:84535590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672491)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672491/; classtype:trojan-activity;sid:84535591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672469)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672469/; classtype:trojan-activity;sid:84535569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672470/; classtype:trojan-activity;sid:84535570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672471/; classtype:trojan-activity;sid:84535571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672472/; classtype:trojan-activity;sid:84535572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672473/; classtype:trojan-activity;sid:84535573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672474/; classtype:trojan-activity;sid:84535574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672475)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672475/; classtype:trojan-activity;sid:84535575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672476/; classtype:trojan-activity;sid:84535576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672468/; classtype:trojan-activity;sid:84535568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672466/; classtype:trojan-activity;sid:84535566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672467)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672467/; classtype:trojan-activity;sid:84535567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672465/; classtype:trojan-activity;sid:84535565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672444)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672444/; classtype:trojan-activity;sid:84535544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672445)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672445/; classtype:trojan-activity;sid:84535545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672446/; classtype:trojan-activity;sid:84535546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672447/; classtype:trojan-activity;sid:84535547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672448/; classtype:trojan-activity;sid:84535548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672449/; classtype:trojan-activity;sid:84535549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672450)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672450/; classtype:trojan-activity;sid:84535550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672451)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672451/; classtype:trojan-activity;sid:84535551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672452/; classtype:trojan-activity;sid:84535552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672453/; classtype:trojan-activity;sid:84535553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672454)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672454/; classtype:trojan-activity;sid:84535554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672455)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672455/; classtype:trojan-activity;sid:84535555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672456/; classtype:trojan-activity;sid:84535556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672457)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672457/; classtype:trojan-activity;sid:84535557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672458/; classtype:trojan-activity;sid:84535558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672459/; classtype:trojan-activity;sid:84535559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672460)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672460/; classtype:trojan-activity;sid:84535560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672461)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672461/; classtype:trojan-activity;sid:84535561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672462)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672462/; classtype:trojan-activity;sid:84535562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672463/; classtype:trojan-activity;sid:84535563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672464)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672464/; classtype:trojan-activity;sid:84535564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672436)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672436/; classtype:trojan-activity;sid:84535536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672437)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672437/; classtype:trojan-activity;sid:84535537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672438/; classtype:trojan-activity;sid:84535538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672439/; classtype:trojan-activity;sid:84535539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672440/; classtype:trojan-activity;sid:84535540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672441)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672441/; classtype:trojan-activity;sid:84535541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672442)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672442/; classtype:trojan-activity;sid:84535542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672443)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672443/; classtype:trojan-activity;sid:84535543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672433/; classtype:trojan-activity;sid:84535533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672434)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672434/; classtype:trojan-activity;sid:84535534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672435)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672435/; classtype:trojan-activity;sid:84535535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672430/; classtype:trojan-activity;sid:84535530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672431/; classtype:trojan-activity;sid:84535531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672432/; classtype:trojan-activity;sid:84535532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672423/; classtype:trojan-activity;sid:84535523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672424)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672424/; classtype:trojan-activity;sid:84535524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672425)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672425/; classtype:trojan-activity;sid:84535525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672426/; classtype:trojan-activity;sid:84535526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672427)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672427/; classtype:trojan-activity;sid:84535527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672428/; classtype:trojan-activity;sid:84535528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672429)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672429/; classtype:trojan-activity;sid:84535529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672419/; classtype:trojan-activity;sid:84535519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672420/; classtype:trojan-activity;sid:84535520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672421/; classtype:trojan-activity;sid:84535521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672422)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672422/; classtype:trojan-activity;sid:84535522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672417/; classtype:trojan-activity;sid:84535517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672418/; classtype:trojan-activity;sid:84535518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672411/; classtype:trojan-activity;sid:84535511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672412/; classtype:trojan-activity;sid:84535512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672413/; classtype:trojan-activity;sid:84535513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672414/; classtype:trojan-activity;sid:84535514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672415/; classtype:trojan-activity;sid:84535515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672416/; classtype:trojan-activity;sid:84535516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672409/; classtype:trojan-activity;sid:84535509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672410/; classtype:trojan-activity;sid:84535510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672405/; classtype:trojan-activity;sid:84535505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672406/; classtype:trojan-activity;sid:84535506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672407/; classtype:trojan-activity;sid:84535507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672408/; classtype:trojan-activity;sid:84535508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672400/; classtype:trojan-activity;sid:84535500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672401/; classtype:trojan-activity;sid:84535501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672402/; classtype:trojan-activity;sid:84535502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672403/; classtype:trojan-activity;sid:84535503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672404/; classtype:trojan-activity;sid:84535504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672399/; classtype:trojan-activity;sid:84535499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672373/; classtype:trojan-activity;sid:84535473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672374/; classtype:trojan-activity;sid:84535474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672375/; classtype:trojan-activity;sid:84535475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672376)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672376/; classtype:trojan-activity;sid:84535476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672377/; classtype:trojan-activity;sid:84535477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672378/; classtype:trojan-activity;sid:84535478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672379/; classtype:trojan-activity;sid:84535479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672380/; classtype:trojan-activity;sid:84535480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672381/; classtype:trojan-activity;sid:84535481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672382/; classtype:trojan-activity;sid:84535482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672383/; classtype:trojan-activity;sid:84535483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672384/; classtype:trojan-activity;sid:84535484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672385/; classtype:trojan-activity;sid:84535485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672386)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672386/; classtype:trojan-activity;sid:84535486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672387)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672387/; classtype:trojan-activity;sid:84535487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672388/; classtype:trojan-activity;sid:84535488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672389/; classtype:trojan-activity;sid:84535489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672390/; classtype:trojan-activity;sid:84535490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672391/; classtype:trojan-activity;sid:84535491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672392/; classtype:trojan-activity;sid:84535492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672393/; classtype:trojan-activity;sid:84535493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672394/; classtype:trojan-activity;sid:84535494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672395/; classtype:trojan-activity;sid:84535495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672396/; classtype:trojan-activity;sid:84535496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672397/; classtype:trojan-activity;sid:84535497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672398/; classtype:trojan-activity;sid:84535498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672372/; classtype:trojan-activity;sid:84535472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672371/; classtype:trojan-activity;sid:84535471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672365)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672365/; classtype:trojan-activity;sid:84535465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672366)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672366/; classtype:trojan-activity;sid:84535466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672367/; classtype:trojan-activity;sid:84535467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672368/; classtype:trojan-activity;sid:84535468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672369/; classtype:trojan-activity;sid:84535469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672370)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.142.10.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672370/; classtype:trojan-activity;sid:84535470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672356)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672356/; classtype:trojan-activity;sid:84535456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672357)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672357/; classtype:trojan-activity;sid:84535457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672358)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672358/; classtype:trojan-activity;sid:84535458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672359)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672359/; classtype:trojan-activity;sid:84535459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672360)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672360/; classtype:trojan-activity;sid:84535460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672361)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672361/; classtype:trojan-activity;sid:84535461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672362)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672362/; classtype:trojan-activity;sid:84535462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672363)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672363/; classtype:trojan-activity;sid:84535463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672364)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672364/; classtype:trojan-activity;sid:84535464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672346)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672346/; classtype:trojan-activity;sid:84535446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672347)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672347/; classtype:trojan-activity;sid:84535447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672348)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672348/; classtype:trojan-activity;sid:84535448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672349)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672349/; classtype:trojan-activity;sid:84535449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672350)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672350/; classtype:trojan-activity;sid:84535450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672351)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672351/; classtype:trojan-activity;sid:84535451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672352)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672352/; classtype:trojan-activity;sid:84535452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672353)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672353/; classtype:trojan-activity;sid:84535453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672354)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672354/; classtype:trojan-activity;sid:84535454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672355)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672355/; classtype:trojan-activity;sid:84535455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672334)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672334/; classtype:trojan-activity;sid:84535434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672335/; classtype:trojan-activity;sid:84535435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672336/; classtype:trojan-activity;sid:84535436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672337)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672337/; classtype:trojan-activity;sid:84535437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672338)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672338/; classtype:trojan-activity;sid:84535438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672339)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672339/; classtype:trojan-activity;sid:84535439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672340)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672340/; classtype:trojan-activity;sid:84535440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672341)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672341/; classtype:trojan-activity;sid:84535441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672342)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672342/; classtype:trojan-activity;sid:84535442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672343/; classtype:trojan-activity;sid:84535443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672344)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672344/; classtype:trojan-activity;sid:84535444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672345/; classtype:trojan-activity;sid:84535445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672332/; classtype:trojan-activity;sid:84535432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672333/; classtype:trojan-activity;sid:84535433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"artier-recourser.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672331/; classtype:trojan-activity;sid:84535431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672316)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672316/; classtype:trojan-activity;sid:84535416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672317)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672317/; classtype:trojan-activity;sid:84535417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672318)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672318/; classtype:trojan-activity;sid:84535418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672319/; classtype:trojan-activity;sid:84535419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672320)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672320/; classtype:trojan-activity;sid:84535420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672321/; classtype:trojan-activity;sid:84535421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672322)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672322/; classtype:trojan-activity;sid:84535422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672323)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672323/; classtype:trojan-activity;sid:84535423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672324)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672324/; classtype:trojan-activity;sid:84535424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672325)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672325/; classtype:trojan-activity;sid:84535425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672326/; classtype:trojan-activity;sid:84535426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672327)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672327/; classtype:trojan-activity;sid:84535427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672328)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672328/; classtype:trojan-activity;sid:84535428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672329/; classtype:trojan-activity;sid:84535429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672330/; classtype:trojan-activity;sid:84535430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672302/; classtype:trojan-activity;sid:84535402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672303/; classtype:trojan-activity;sid:84535403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672304)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672304/; classtype:trojan-activity;sid:84535404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672305/; classtype:trojan-activity;sid:84535405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672306/; classtype:trojan-activity;sid:84535406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672307)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672307/; classtype:trojan-activity;sid:84535407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672308/; classtype:trojan-activity;sid:84535408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672309/; classtype:trojan-activity;sid:84535409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672310)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672310/; classtype:trojan-activity;sid:84535410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672311)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672311/; classtype:trojan-activity;sid:84535411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672312)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672312/; classtype:trojan-activity;sid:84535412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672313)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672313/; classtype:trojan-activity;sid:84535413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672314)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672314/; classtype:trojan-activity;sid:84535414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672315/; classtype:trojan-activity;sid:84535415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672293/; classtype:trojan-activity;sid:84535393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672294/; classtype:trojan-activity;sid:84535394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672295/; classtype:trojan-activity;sid:84535395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672296/; classtype:trojan-activity;sid:84535396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672297/; classtype:trojan-activity;sid:84535397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672298/; classtype:trojan-activity;sid:84535398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672299/; classtype:trojan-activity;sid:84535399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672300)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672300/; classtype:trojan-activity;sid:84535400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672301)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672301/; classtype:trojan-activity;sid:84535401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672292/; classtype:trojan-activity;sid:84535392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672278/; classtype:trojan-activity;sid:84535378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672279)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672279/; classtype:trojan-activity;sid:84535379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672280/; classtype:trojan-activity;sid:84535380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672281/; classtype:trojan-activity;sid:84535381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672282/; classtype:trojan-activity;sid:84535382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672283/; classtype:trojan-activity;sid:84535383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672284)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672284/; classtype:trojan-activity;sid:84535384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672285)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672285/; classtype:trojan-activity;sid:84535385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672286/; classtype:trojan-activity;sid:84535386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672287/; classtype:trojan-activity;sid:84535387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672288/; classtype:trojan-activity;sid:84535388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672289/; classtype:trojan-activity;sid:84535389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672290/; classtype:trojan-activity;sid:84535390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672291/; classtype:trojan-activity;sid:84535391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672277/; classtype:trojan-activity;sid:84535377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672268)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672268/; classtype:trojan-activity;sid:84535368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672269)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672269/; classtype:trojan-activity;sid:84535369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672270)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672270/; classtype:trojan-activity;sid:84535370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672271)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672271/; classtype:trojan-activity;sid:84535371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672272)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672272/; classtype:trojan-activity;sid:84535372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672273)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672273/; classtype:trojan-activity;sid:84535373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672274/; classtype:trojan-activity;sid:84535374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672275/; classtype:trojan-activity;sid:84535375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672276)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672276/; classtype:trojan-activity;sid:84535376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672262)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672262/; classtype:trojan-activity;sid:84535362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672263)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672263/; classtype:trojan-activity;sid:84535363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672264)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672264/; classtype:trojan-activity;sid:84535364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672265)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672265/; classtype:trojan-activity;sid:84535365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672266)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672266/; classtype:trojan-activity;sid:84535366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672267)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672267/; classtype:trojan-activity;sid:84535367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672261)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mynode.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.222.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672261/; classtype:trojan-activity;sid:84535361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672260)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"artier-recourser.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672260/; classtype:trojan-activity;sid:84535360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672259)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672259/; classtype:trojan-activity;sid:84535359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672243/; classtype:trojan-activity;sid:84535343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672244)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672244/; classtype:trojan-activity;sid:84535344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672245)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672245/; classtype:trojan-activity;sid:84535345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672246/; classtype:trojan-activity;sid:84535346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672247/; classtype:trojan-activity;sid:84535347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672248/; classtype:trojan-activity;sid:84535348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672249/; classtype:trojan-activity;sid:84535349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672250/; classtype:trojan-activity;sid:84535350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672251/; classtype:trojan-activity;sid:84535351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672252/; classtype:trojan-activity;sid:84535352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672253/; classtype:trojan-activity;sid:84535353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672254/; classtype:trojan-activity;sid:84535354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672255)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672255/; classtype:trojan-activity;sid:84535355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672256)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672256/; classtype:trojan-activity;sid:84535356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672257/; classtype:trojan-activity;sid:84535357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672258/; classtype:trojan-activity;sid:84535358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672240)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672240/; classtype:trojan-activity;sid:84535340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672241/; classtype:trojan-activity;sid:84535341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672242)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672242/; classtype:trojan-activity;sid:84535342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672239/; classtype:trojan-activity;sid:84535339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672237)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672237/; classtype:trojan-activity;sid:84535337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672238/; classtype:trojan-activity;sid:84535338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672236/; classtype:trojan-activity;sid:84535336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672234)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672234/; classtype:trojan-activity;sid:84535334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672235/; classtype:trojan-activity;sid:84535335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672211/; classtype:trojan-activity;sid:84535311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672212)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672212/; classtype:trojan-activity;sid:84535312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672213)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672213/; classtype:trojan-activity;sid:84535313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672214)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672214/; classtype:trojan-activity;sid:84535314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672215)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672215/; classtype:trojan-activity;sid:84535315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672216)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672216/; classtype:trojan-activity;sid:84535316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672217)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672217/; classtype:trojan-activity;sid:84535317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672218)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672218/; classtype:trojan-activity;sid:84535318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672219/; classtype:trojan-activity;sid:84535319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672220/; classtype:trojan-activity;sid:84535320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672221)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672221/; classtype:trojan-activity;sid:84535321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672222/; classtype:trojan-activity;sid:84535322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672223/; classtype:trojan-activity;sid:84535323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672224)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672224/; classtype:trojan-activity;sid:84535324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672225/; classtype:trojan-activity;sid:84535325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672226)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672226/; classtype:trojan-activity;sid:84535326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672227/; classtype:trojan-activity;sid:84535327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672228/; classtype:trojan-activity;sid:84535328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672229/; classtype:trojan-activity;sid:84535329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672230/; classtype:trojan-activity;sid:84535330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672231/; classtype:trojan-activity;sid:84535331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672232)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672232/; classtype:trojan-activity;sid:84535332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672233)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672233/; classtype:trojan-activity;sid:84535333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672208)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672208/; classtype:trojan-activity;sid:84535308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672209/; classtype:trojan-activity;sid:84535309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672210)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672210/; classtype:trojan-activity;sid:84535310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672207/; classtype:trojan-activity;sid:84535307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672205)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672205/; classtype:trojan-activity;sid:84535305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672206)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672206/; classtype:trojan-activity;sid:84535306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672204)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672204/; classtype:trojan-activity;sid:84535304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672203/; classtype:trojan-activity;sid:84535303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672199/; classtype:trojan-activity;sid:84535299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672200/; classtype:trojan-activity;sid:84535300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672201)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672201/; classtype:trojan-activity;sid:84535301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672202/; classtype:trojan-activity;sid:84535302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672186/; classtype:trojan-activity;sid:84535286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672187/; classtype:trojan-activity;sid:84535287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672188/; classtype:trojan-activity;sid:84535288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672189/; classtype:trojan-activity;sid:84535289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672190/; classtype:trojan-activity;sid:84535290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672191/; classtype:trojan-activity;sid:84535291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672192/; classtype:trojan-activity;sid:84535292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672193/; classtype:trojan-activity;sid:84535293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672194/; classtype:trojan-activity;sid:84535294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672195/; classtype:trojan-activity;sid:84535295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672196/; classtype:trojan-activity;sid:84535296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672197/; classtype:trojan-activity;sid:84535297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672198)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672198/; classtype:trojan-activity;sid:84535298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672183/; classtype:trojan-activity;sid:84535283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672184/; classtype:trojan-activity;sid:84535284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672185/; classtype:trojan-activity;sid:84535285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672172/; classtype:trojan-activity;sid:84535272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672173/; classtype:trojan-activity;sid:84535273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672174)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672174/; classtype:trojan-activity;sid:84535274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672175/; classtype:trojan-activity;sid:84535275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672176)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672176/; classtype:trojan-activity;sid:84535276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672177/; classtype:trojan-activity;sid:84535277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672178/; classtype:trojan-activity;sid:84535278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672179/; classtype:trojan-activity;sid:84535279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672180)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672180/; classtype:trojan-activity;sid:84535280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672181)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672181/; classtype:trojan-activity;sid:84535281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672182/; classtype:trojan-activity;sid:84535282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672159)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672159/; classtype:trojan-activity;sid:84535259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672160/; classtype:trojan-activity;sid:84535260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672161)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672161/; classtype:trojan-activity;sid:84535261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672162)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672162/; classtype:trojan-activity;sid:84535262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672163)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672163/; classtype:trojan-activity;sid:84535263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672164)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672164/; classtype:trojan-activity;sid:84535264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672165)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672165/; classtype:trojan-activity;sid:84535265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672166)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672166/; classtype:trojan-activity;sid:84535266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672167/; classtype:trojan-activity;sid:84535267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672168/; classtype:trojan-activity;sid:84535268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672169)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672169/; classtype:trojan-activity;sid:84535269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672170)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672170/; classtype:trojan-activity;sid:84535270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672171/; classtype:trojan-activity;sid:84535271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672151/; classtype:trojan-activity;sid:84535251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672152/; classtype:trojan-activity;sid:84535252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672153/; classtype:trojan-activity;sid:84535253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672154/; classtype:trojan-activity;sid:84535254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672155/; classtype:trojan-activity;sid:84535255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672156/; classtype:trojan-activity;sid:84535256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672157/; classtype:trojan-activity;sid:84535257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672158)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672158/; classtype:trojan-activity;sid:84535258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672148/; classtype:trojan-activity;sid:84535248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672149/; classtype:trojan-activity;sid:84535249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672150/; classtype:trojan-activity;sid:84535250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672142/; classtype:trojan-activity;sid:84535242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672143/; classtype:trojan-activity;sid:84535243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672144/; classtype:trojan-activity;sid:84535244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672145/; classtype:trojan-activity;sid:84535245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672146/; classtype:trojan-activity;sid:84535246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672147/; classtype:trojan-activity;sid:84535247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672141)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672141/; classtype:trojan-activity;sid:84535241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672129/; classtype:trojan-activity;sid:84535229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672130)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672130/; classtype:trojan-activity;sid:84535230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672131)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672131/; classtype:trojan-activity;sid:84535231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672132/; classtype:trojan-activity;sid:84535232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672133)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672133/; classtype:trojan-activity;sid:84535233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672134)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672134/; classtype:trojan-activity;sid:84535234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672135)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672135/; classtype:trojan-activity;sid:84535235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672136)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672136/; classtype:trojan-activity;sid:84535236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672137)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672137/; classtype:trojan-activity;sid:84535237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672138)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672138/; classtype:trojan-activity;sid:84535238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672139)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672139/; classtype:trojan-activity;sid:84535239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672140)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672140/; classtype:trojan-activity;sid:84535240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672126)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672126/; classtype:trojan-activity;sid:84535226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672127)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672127/; classtype:trojan-activity;sid:84535227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672128)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672128/; classtype:trojan-activity;sid:84535228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672110)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672110/; classtype:trojan-activity;sid:84535210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672111/; classtype:trojan-activity;sid:84535211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672112/; classtype:trojan-activity;sid:84535212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672113/; classtype:trojan-activity;sid:84535213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672114/; classtype:trojan-activity;sid:84535214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672115/; classtype:trojan-activity;sid:84535215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672116/; classtype:trojan-activity;sid:84535216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bravoteam6.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672117/; classtype:trojan-activity;sid:84535217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672118)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672118/; classtype:trojan-activity;sid:84535218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672119/; classtype:trojan-activity;sid:84535219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672120)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672120/; classtype:trojan-activity;sid:84535220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672121)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672121/; classtype:trojan-activity;sid:84535221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672122)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672122/; classtype:trojan-activity;sid:84535222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672123)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672123/; classtype:trojan-activity;sid:84535223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672124)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672124/; classtype:trojan-activity;sid:84535224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672125)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672125/; classtype:trojan-activity;sid:84535225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672107/; classtype:trojan-activity;sid:84535207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672108/; classtype:trojan-activity;sid:84535208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672109/; classtype:trojan-activity;sid:84535209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672103/; classtype:trojan-activity;sid:84535203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672104/; classtype:trojan-activity;sid:84535204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672105/; classtype:trojan-activity;sid:84535205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672106/; classtype:trojan-activity;sid:84535206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672102/; classtype:trojan-activity;sid:84535202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672073)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672073/; classtype:trojan-activity;sid:84535173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672074/; classtype:trojan-activity;sid:84535174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672075/; classtype:trojan-activity;sid:84535175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672076/; classtype:trojan-activity;sid:84535176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672077/; classtype:trojan-activity;sid:84535177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672078)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672078/; classtype:trojan-activity;sid:84535178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672079/; classtype:trojan-activity;sid:84535179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672080/; classtype:trojan-activity;sid:84535180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672081/; classtype:trojan-activity;sid:84535181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672082/; classtype:trojan-activity;sid:84535182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672083/; classtype:trojan-activity;sid:84535183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672084/; classtype:trojan-activity;sid:84535184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672085/; classtype:trojan-activity;sid:84535185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672086/; classtype:trojan-activity;sid:84535186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672087/; classtype:trojan-activity;sid:84535187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672088/; classtype:trojan-activity;sid:84535188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672089)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672089/; classtype:trojan-activity;sid:84535189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672090/; classtype:trojan-activity;sid:84535190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672091)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672091/; classtype:trojan-activity;sid:84535191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672092)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672092/; classtype:trojan-activity;sid:84535192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672093)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672093/; classtype:trojan-activity;sid:84535193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672094)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672094/; classtype:trojan-activity;sid:84535194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672095)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672095/; classtype:trojan-activity;sid:84535195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672096)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672096/; classtype:trojan-activity;sid:84535196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672097/; classtype:trojan-activity;sid:84535197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672098/; classtype:trojan-activity;sid:84535198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672099/; classtype:trojan-activity;sid:84535199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672100/; classtype:trojan-activity;sid:84535200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672101/; classtype:trojan-activity;sid:84535201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672070/; classtype:trojan-activity;sid:84535170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672071/; classtype:trojan-activity;sid:84535171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672072/; classtype:trojan-activity;sid:84535172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672065/; classtype:trojan-activity;sid:84535165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672066/; classtype:trojan-activity;sid:84535166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672067/; classtype:trojan-activity;sid:84535167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672068/; classtype:trojan-activity;sid:84535168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672069/; classtype:trojan-activity;sid:84535169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672064/; classtype:trojan-activity;sid:84535164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672062/; classtype:trojan-activity;sid:84535162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672063/; classtype:trojan-activity;sid:84535163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672056/; classtype:trojan-activity;sid:84535156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672057/; classtype:trojan-activity;sid:84535157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672058/; classtype:trojan-activity;sid:84535158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672059/; classtype:trojan-activity;sid:84535159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672060/; classtype:trojan-activity;sid:84535160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672061/; classtype:trojan-activity;sid:84535161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672051/; classtype:trojan-activity;sid:84535151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672052/; classtype:trojan-activity;sid:84535152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672053/; classtype:trojan-activity;sid:84535153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672054/; classtype:trojan-activity;sid:84535154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672055/; classtype:trojan-activity;sid:84535155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672049/; classtype:trojan-activity;sid:84535149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672050)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672050/; classtype:trojan-activity;sid:84535150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672048/; classtype:trojan-activity;sid:84535148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672043/; classtype:trojan-activity;sid:84535143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672044/; classtype:trojan-activity;sid:84535144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672045/; classtype:trojan-activity;sid:84535145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672046/; classtype:trojan-activity;sid:84535146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672047/; classtype:trojan-activity;sid:84535147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672035)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672035/; classtype:trojan-activity;sid:84535135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672036/; classtype:trojan-activity;sid:84535136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672037/; classtype:trojan-activity;sid:84535137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672038)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672038/; classtype:trojan-activity;sid:84535138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672039/; classtype:trojan-activity;sid:84535139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672040)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672040/; classtype:trojan-activity;sid:84535140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672041)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672041/; classtype:trojan-activity;sid:84535141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672042/; classtype:trojan-activity;sid:84535142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672012/; classtype:trojan-activity;sid:84535112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672013)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672013/; classtype:trojan-activity;sid:84535113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672014/; classtype:trojan-activity;sid:84535114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672015/; classtype:trojan-activity;sid:84535115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672016/; classtype:trojan-activity;sid:84535116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672017/; classtype:trojan-activity;sid:84535117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672018/; classtype:trojan-activity;sid:84535118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672019/; classtype:trojan-activity;sid:84535119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672020/; classtype:trojan-activity;sid:84535120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672021/; classtype:trojan-activity;sid:84535121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672022/; classtype:trojan-activity;sid:84535122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672023/; classtype:trojan-activity;sid:84535123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672024/; classtype:trojan-activity;sid:84535124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672025/; classtype:trojan-activity;sid:84535125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672026/; classtype:trojan-activity;sid:84535126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672027/; classtype:trojan-activity;sid:84535127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672028/; classtype:trojan-activity;sid:84535128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672029/; classtype:trojan-activity;sid:84535129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672030/; classtype:trojan-activity;sid:84535130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672031/; classtype:trojan-activity;sid:84535131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672032/; classtype:trojan-activity;sid:84535132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672033/; classtype:trojan-activity;sid:84535133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672034/; classtype:trojan-activity;sid:84535134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672010/; classtype:trojan-activity;sid:84535110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672011/; classtype:trojan-activity;sid:84535111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672008/; classtype:trojan-activity;sid:84535108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672009/; classtype:trojan-activity;sid:84535109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672002/; classtype:trojan-activity;sid:84535102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672003/; classtype:trojan-activity;sid:84535103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672004/; classtype:trojan-activity;sid:84535104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672005/; classtype:trojan-activity;sid:84535105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672006/; classtype:trojan-activity;sid:84535106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672007/; classtype:trojan-activity;sid:84535107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671998/; classtype:trojan-activity;sid:84535098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671999/; classtype:trojan-activity;sid:84535099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672000/; classtype:trojan-activity;sid:84535100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3672001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3672001/; classtype:trojan-activity;sid:84535101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671996/; classtype:trojan-activity;sid:84535096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671997/; classtype:trojan-activity;sid:84535097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671995/; classtype:trojan-activity;sid:84535095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671991/; classtype:trojan-activity;sid:84535091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671992/; classtype:trojan-activity;sid:84535092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671993/; classtype:trojan-activity;sid:84535093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671994/; classtype:trojan-activity;sid:84535094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671988/; classtype:trojan-activity;sid:84535088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671989/; classtype:trojan-activity;sid:84535089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671990/; classtype:trojan-activity;sid:84535090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671962)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671962/; classtype:trojan-activity;sid:84535062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671963)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671963/; classtype:trojan-activity;sid:84535063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671964/; classtype:trojan-activity;sid:84535064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671965)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671965/; classtype:trojan-activity;sid:84535065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671966)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671966/; classtype:trojan-activity;sid:84535066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671967)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671967/; classtype:trojan-activity;sid:84535067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671968)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671968/; classtype:trojan-activity;sid:84535068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671969)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671969/; classtype:trojan-activity;sid:84535069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671970)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671970/; classtype:trojan-activity;sid:84535070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671971)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671971/; classtype:trojan-activity;sid:84535071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671972/; classtype:trojan-activity;sid:84535072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671973/; classtype:trojan-activity;sid:84535073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671974)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671974/; classtype:trojan-activity;sid:84535074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671975/; classtype:trojan-activity;sid:84535075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671976/; classtype:trojan-activity;sid:84535076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671977/; classtype:trojan-activity;sid:84535077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671978/; classtype:trojan-activity;sid:84535078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671979)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671979/; classtype:trojan-activity;sid:84535079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671980/; classtype:trojan-activity;sid:84535080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671981/; classtype:trojan-activity;sid:84535081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671982/; classtype:trojan-activity;sid:84535082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671983/; classtype:trojan-activity;sid:84535083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671984/; classtype:trojan-activity;sid:84535084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671985/; classtype:trojan-activity;sid:84535085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671986/; classtype:trojan-activity;sid:84535086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671987)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671987/; classtype:trojan-activity;sid:84535087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671960/; classtype:trojan-activity;sid:84535060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671961/; classtype:trojan-activity;sid:84535061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671959/; classtype:trojan-activity;sid:84535059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671957)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671957/; classtype:trojan-activity;sid:84535057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671958/; classtype:trojan-activity;sid:84535058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671955)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671955/; classtype:trojan-activity;sid:84535055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671956/; classtype:trojan-activity;sid:84535056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671929)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671929/; classtype:trojan-activity;sid:84535029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671930/; classtype:trojan-activity;sid:84535030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671931)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671931/; classtype:trojan-activity;sid:84535031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671932/; classtype:trojan-activity;sid:84535032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671933/; classtype:trojan-activity;sid:84535033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671934/; classtype:trojan-activity;sid:84535034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671935/; classtype:trojan-activity;sid:84535035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671936)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671936/; classtype:trojan-activity;sid:84535036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671937/; classtype:trojan-activity;sid:84535037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671938/; classtype:trojan-activity;sid:84535038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671939/; classtype:trojan-activity;sid:84535039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671940/; classtype:trojan-activity;sid:84535040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671941/; classtype:trojan-activity;sid:84535041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671942/; classtype:trojan-activity;sid:84535042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671943/; classtype:trojan-activity;sid:84535043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671944/; classtype:trojan-activity;sid:84535044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671945)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671945/; classtype:trojan-activity;sid:84535045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671946)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671946/; classtype:trojan-activity;sid:84535046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671947/; classtype:trojan-activity;sid:84535047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671948/; classtype:trojan-activity;sid:84535048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671949/; classtype:trojan-activity;sid:84535049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671950/; classtype:trojan-activity;sid:84535050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671951/; classtype:trojan-activity;sid:84535051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671952/; classtype:trojan-activity;sid:84535052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671953/; classtype:trojan-activity;sid:84535053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671954/; classtype:trojan-activity;sid:84535054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671923/; classtype:trojan-activity;sid:84535023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671924)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671924/; classtype:trojan-activity;sid:84535024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671925)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671925/; classtype:trojan-activity;sid:84535025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671926)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671926/; classtype:trojan-activity;sid:84535026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671927/; classtype:trojan-activity;sid:84535027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671928/; classtype:trojan-activity;sid:84535028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671922/; classtype:trojan-activity;sid:84535022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671920)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671920/; classtype:trojan-activity;sid:84535020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671921/; classtype:trojan-activity;sid:84535021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671906/; classtype:trojan-activity;sid:84535006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671907/; classtype:trojan-activity;sid:84535007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671908/; classtype:trojan-activity;sid:84535008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671909/; classtype:trojan-activity;sid:84535009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671910/; classtype:trojan-activity;sid:84535010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671911/; classtype:trojan-activity;sid:84535011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671912/; classtype:trojan-activity;sid:84535012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671913/; classtype:trojan-activity;sid:84535013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671914/; classtype:trojan-activity;sid:84535014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671915/; classtype:trojan-activity;sid:84535015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671916/; classtype:trojan-activity;sid:84535016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671917/; classtype:trojan-activity;sid:84535017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671918/; classtype:trojan-activity;sid:84535018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671919/; classtype:trojan-activity;sid:84535019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671904/; classtype:trojan-activity;sid:84535004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671905/; classtype:trojan-activity;sid:84535005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671902/; classtype:trojan-activity;sid:84535002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671903/; classtype:trojan-activity;sid:84535003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671884)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671884/; classtype:trojan-activity;sid:84534984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671885/; classtype:trojan-activity;sid:84534985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671886/; classtype:trojan-activity;sid:84534986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671887/; classtype:trojan-activity;sid:84534987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671888/; classtype:trojan-activity;sid:84534988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671889/; classtype:trojan-activity;sid:84534989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671890/; classtype:trojan-activity;sid:84534990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671891)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671891/; classtype:trojan-activity;sid:84534991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671892)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671892/; classtype:trojan-activity;sid:84534992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671893/; classtype:trojan-activity;sid:84534993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671894/; classtype:trojan-activity;sid:84534994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671895/; classtype:trojan-activity;sid:84534995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671896/; classtype:trojan-activity;sid:84534996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671897/; classtype:trojan-activity;sid:84534997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671898/; classtype:trojan-activity;sid:84534998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671899/; classtype:trojan-activity;sid:84534999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671900/; classtype:trojan-activity;sid:84535000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671901/; classtype:trojan-activity;sid:84535001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671870/; classtype:trojan-activity;sid:84534970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671871/; classtype:trojan-activity;sid:84534971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671872/; classtype:trojan-activity;sid:84534972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671873/; classtype:trojan-activity;sid:84534973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671874/; classtype:trojan-activity;sid:84534974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671875/; classtype:trojan-activity;sid:84534975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671876)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671876/; classtype:trojan-activity;sid:84534976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671877/; classtype:trojan-activity;sid:84534977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671878/; classtype:trojan-activity;sid:84534978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671879/; classtype:trojan-activity;sid:84534979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671880/; classtype:trojan-activity;sid:84534980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671881/; classtype:trojan-activity;sid:84534981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671882/; classtype:trojan-activity;sid:84534982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671883/; classtype:trojan-activity;sid:84534983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671863/; classtype:trojan-activity;sid:84534963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671864/; classtype:trojan-activity;sid:84534964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671865/; classtype:trojan-activity;sid:84534965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671866/; classtype:trojan-activity;sid:84534966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671867/; classtype:trojan-activity;sid:84534967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671868/; classtype:trojan-activity;sid:84534968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671869/; classtype:trojan-activity;sid:84534969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671850)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671850/; classtype:trojan-activity;sid:84534950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671851)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671851/; classtype:trojan-activity;sid:84534951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671852/; classtype:trojan-activity;sid:84534952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671853/; classtype:trojan-activity;sid:84534953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671854/; classtype:trojan-activity;sid:84534954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671855)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671855/; classtype:trojan-activity;sid:84534955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671856)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671856/; classtype:trojan-activity;sid:84534956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671857)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671857/; classtype:trojan-activity;sid:84534957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671858)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671858/; classtype:trojan-activity;sid:84534958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671859/; classtype:trojan-activity;sid:84534959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671860)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671860/; classtype:trojan-activity;sid:84534960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671861/; classtype:trojan-activity;sid:84534961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671862/; classtype:trojan-activity;sid:84534962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671847/; classtype:trojan-activity;sid:84534947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671848/; classtype:trojan-activity;sid:84534948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671849/; classtype:trojan-activity;sid:84534949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671845/; classtype:trojan-activity;sid:84534945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671846/; classtype:trojan-activity;sid:84534946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671808/; classtype:trojan-activity;sid:84534908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671809/; classtype:trojan-activity;sid:84534909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671810/; classtype:trojan-activity;sid:84534910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671811/; classtype:trojan-activity;sid:84534911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671812/; classtype:trojan-activity;sid:84534912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671813/; classtype:trojan-activity;sid:84534913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671814/; classtype:trojan-activity;sid:84534914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671815/; classtype:trojan-activity;sid:84534915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671816/; classtype:trojan-activity;sid:84534916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671817/; classtype:trojan-activity;sid:84534917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671818/; classtype:trojan-activity;sid:84534918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671819)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671819/; classtype:trojan-activity;sid:84534919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671820/; classtype:trojan-activity;sid:84534920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671821/; classtype:trojan-activity;sid:84534921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671822)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671822/; classtype:trojan-activity;sid:84534922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671823/; classtype:trojan-activity;sid:84534923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671824/; classtype:trojan-activity;sid:84534924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671825)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671825/; classtype:trojan-activity;sid:84534925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671826/; classtype:trojan-activity;sid:84534926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671827)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671827/; classtype:trojan-activity;sid:84534927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671828/; classtype:trojan-activity;sid:84534928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671829/; classtype:trojan-activity;sid:84534929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671830)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671830/; classtype:trojan-activity;sid:84534930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671831/; classtype:trojan-activity;sid:84534931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671832/; classtype:trojan-activity;sid:84534932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671833/; classtype:trojan-activity;sid:84534933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671834/; classtype:trojan-activity;sid:84534934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671835/; classtype:trojan-activity;sid:84534935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671836/; classtype:trojan-activity;sid:84534936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671837/; classtype:trojan-activity;sid:84534937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671838/; classtype:trojan-activity;sid:84534938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671839/; classtype:trojan-activity;sid:84534939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671840/; classtype:trojan-activity;sid:84534940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671841/; classtype:trojan-activity;sid:84534941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671842/; classtype:trojan-activity;sid:84534942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671843/; classtype:trojan-activity;sid:84534943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671844/; classtype:trojan-activity;sid:84534944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671807/; classtype:trojan-activity;sid:84534907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671806/; classtype:trojan-activity;sid:84534906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671804/; classtype:trojan-activity;sid:84534904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671805/; classtype:trojan-activity;sid:84534905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671800/; classtype:trojan-activity;sid:84534900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671801/; classtype:trojan-activity;sid:84534901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671802/; classtype:trojan-activity;sid:84534902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671803/; classtype:trojan-activity;sid:84534903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671793/; classtype:trojan-activity;sid:84534893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671794/; classtype:trojan-activity;sid:84534894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671795/; classtype:trojan-activity;sid:84534895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671796/; classtype:trojan-activity;sid:84534896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671797/; classtype:trojan-activity;sid:84534897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671798/; classtype:trojan-activity;sid:84534898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671799/; classtype:trojan-activity;sid:84534899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671788/; classtype:trojan-activity;sid:84534888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671789/; classtype:trojan-activity;sid:84534889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671790)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671790/; classtype:trojan-activity;sid:84534890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671791)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671791/; classtype:trojan-activity;sid:84534891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671792)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671792/; classtype:trojan-activity;sid:84534892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671784/; classtype:trojan-activity;sid:84534884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671785/; classtype:trojan-activity;sid:84534885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671786/; classtype:trojan-activity;sid:84534886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671787/; classtype:trojan-activity;sid:84534887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671782/; classtype:trojan-activity;sid:84534882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671783/; classtype:trojan-activity;sid:84534883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671776/; classtype:trojan-activity;sid:84534876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671777/; classtype:trojan-activity;sid:84534877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671778/; classtype:trojan-activity;sid:84534878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671779/; classtype:trojan-activity;sid:84534879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671780/; classtype:trojan-activity;sid:84534880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671781/; classtype:trojan-activity;sid:84534881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671773/; classtype:trojan-activity;sid:84534873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671774/; classtype:trojan-activity;sid:84534874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671775/; classtype:trojan-activity;sid:84534875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671754)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671754/; classtype:trojan-activity;sid:84534854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671755/; classtype:trojan-activity;sid:84534855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671756/; classtype:trojan-activity;sid:84534856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671757/; classtype:trojan-activity;sid:84534857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671758/; classtype:trojan-activity;sid:84534858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671759/; classtype:trojan-activity;sid:84534859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671760/; classtype:trojan-activity;sid:84534860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671761/; classtype:trojan-activity;sid:84534861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671762/; classtype:trojan-activity;sid:84534862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671763/; classtype:trojan-activity;sid:84534863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671764/; classtype:trojan-activity;sid:84534864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671765/; classtype:trojan-activity;sid:84534865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671766/; classtype:trojan-activity;sid:84534866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671767/; classtype:trojan-activity;sid:84534867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671768/; classtype:trojan-activity;sid:84534868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671769/; classtype:trojan-activity;sid:84534869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671770/; classtype:trojan-activity;sid:84534870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671771/; classtype:trojan-activity;sid:84534871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671772/; classtype:trojan-activity;sid:84534872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671751)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671751/; classtype:trojan-activity;sid:84534851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671752/; classtype:trojan-activity;sid:84534852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671753)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671753/; classtype:trojan-activity;sid:84534853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671750/; classtype:trojan-activity;sid:84534850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671745/; classtype:trojan-activity;sid:84534845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671746/; classtype:trojan-activity;sid:84534846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671747/; classtype:trojan-activity;sid:84534847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671748/; classtype:trojan-activity;sid:84534848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671749)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671749/; classtype:trojan-activity;sid:84534849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671732/; classtype:trojan-activity;sid:84534832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671733/; classtype:trojan-activity;sid:84534833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671734)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671734/; classtype:trojan-activity;sid:84534834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671735/; classtype:trojan-activity;sid:84534835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671736/; classtype:trojan-activity;sid:84534836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671737/; classtype:trojan-activity;sid:84534837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671738/; classtype:trojan-activity;sid:84534838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671739/; classtype:trojan-activity;sid:84534839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671740/; classtype:trojan-activity;sid:84534840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671741/; classtype:trojan-activity;sid:84534841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671742/; classtype:trojan-activity;sid:84534842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671743/; classtype:trojan-activity;sid:84534843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671744/; classtype:trojan-activity;sid:84534844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671731)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671731/; classtype:trojan-activity;sid:84534831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671730)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671730/; classtype:trojan-activity;sid:84534830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671723)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671723/; classtype:trojan-activity;sid:84534823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671724)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671724/; classtype:trojan-activity;sid:84534824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671725)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671725/; classtype:trojan-activity;sid:84534825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671726/; classtype:trojan-activity;sid:84534826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671727/; classtype:trojan-activity;sid:84534827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671728/; classtype:trojan-activity;sid:84534828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671729/; classtype:trojan-activity;sid:84534829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671720)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671720/; classtype:trojan-activity;sid:84534820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671721)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671721/; classtype:trojan-activity;sid:84534821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671722)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671722/; classtype:trojan-activity;sid:84534822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671719)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671719/; classtype:trojan-activity;sid:84534819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671714)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671714/; classtype:trojan-activity;sid:84534814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671715/; classtype:trojan-activity;sid:84534815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671716)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671716/; classtype:trojan-activity;sid:84534816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671717)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671717/; classtype:trojan-activity;sid:84534817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671718/; classtype:trojan-activity;sid:84534818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671706/; classtype:trojan-activity;sid:84534806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671707/; classtype:trojan-activity;sid:84534807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671708/; classtype:trojan-activity;sid:84534808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671709/; classtype:trojan-activity;sid:84534809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671710/; classtype:trojan-activity;sid:84534810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671711/; classtype:trojan-activity;sid:84534811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671712)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671712/; classtype:trojan-activity;sid:84534812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671713/; classtype:trojan-activity;sid:84534813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671705/; classtype:trojan-activity;sid:84534805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671695/; classtype:trojan-activity;sid:84534795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671696/; classtype:trojan-activity;sid:84534796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671697/; classtype:trojan-activity;sid:84534797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671698/; classtype:trojan-activity;sid:84534798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671699/; classtype:trojan-activity;sid:84534799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671700/; classtype:trojan-activity;sid:84534800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671701/; classtype:trojan-activity;sid:84534801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671702/; classtype:trojan-activity;sid:84534802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671703/; classtype:trojan-activity;sid:84534803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671704/; classtype:trojan-activity;sid:84534804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671694/; classtype:trojan-activity;sid:84534794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671693/; classtype:trojan-activity;sid:84534793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671692/; classtype:trojan-activity;sid:84534792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671691/; classtype:trojan-activity;sid:84534791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671689/; classtype:trojan-activity;sid:84534789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671690/; classtype:trojan-activity;sid:84534790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671656/; classtype:trojan-activity;sid:84534756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671657/; classtype:trojan-activity;sid:84534757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671658/; classtype:trojan-activity;sid:84534758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671659)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671659/; classtype:trojan-activity;sid:84534759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671660/; classtype:trojan-activity;sid:84534760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671661)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671661/; classtype:trojan-activity;sid:84534761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671662/; classtype:trojan-activity;sid:84534762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671663)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671663/; classtype:trojan-activity;sid:84534763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671664)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671664/; classtype:trojan-activity;sid:84534764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671665)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671665/; classtype:trojan-activity;sid:84534765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671666)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671666/; classtype:trojan-activity;sid:84534766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671667)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671667/; classtype:trojan-activity;sid:84534767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671668)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671668/; classtype:trojan-activity;sid:84534768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671669)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671669/; classtype:trojan-activity;sid:84534769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671670/; classtype:trojan-activity;sid:84534770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671671/; classtype:trojan-activity;sid:84534771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671672/; classtype:trojan-activity;sid:84534772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671673/; classtype:trojan-activity;sid:84534773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671674/; classtype:trojan-activity;sid:84534774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671675/; classtype:trojan-activity;sid:84534775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671676/; classtype:trojan-activity;sid:84534776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671677/; classtype:trojan-activity;sid:84534777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671678/; classtype:trojan-activity;sid:84534778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671679/; classtype:trojan-activity;sid:84534779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671680/; classtype:trojan-activity;sid:84534780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671681/; classtype:trojan-activity;sid:84534781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671682/; classtype:trojan-activity;sid:84534782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671683/; classtype:trojan-activity;sid:84534783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671684/; classtype:trojan-activity;sid:84534784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671685/; classtype:trojan-activity;sid:84534785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671686/; classtype:trojan-activity;sid:84534786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671687/; classtype:trojan-activity;sid:84534787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671688/; classtype:trojan-activity;sid:84534788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671655/; classtype:trojan-activity;sid:84534755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671654/; classtype:trojan-activity;sid:84534754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671651/; classtype:trojan-activity;sid:84534751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671652/; classtype:trojan-activity;sid:84534752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671653/; classtype:trojan-activity;sid:84534753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671650)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671650/; classtype:trojan-activity;sid:84534750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671646/; classtype:trojan-activity;sid:84534746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671647/; classtype:trojan-activity;sid:84534747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671648/; classtype:trojan-activity;sid:84534748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671649/; classtype:trojan-activity;sid:84534749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671644)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671644/; classtype:trojan-activity;sid:84534744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671645)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671645/; classtype:trojan-activity;sid:84534745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671641/; classtype:trojan-activity;sid:84534741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671642/; classtype:trojan-activity;sid:84534742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671643)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671643/; classtype:trojan-activity;sid:84534743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671635)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ameli-actalisation.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671635/; classtype:trojan-activity;sid:84534735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671636)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"exciting-hopper.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671636/; classtype:trojan-activity;sid:84534736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671637)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"luxtrust-secure.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671637/; classtype:trojan-activity;sid:84534737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671638)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"collect-myparcel.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671638/; classtype:trojan-activity;sid:84534738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671639)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialrelay-locker-fr.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671639/; classtype:trojan-activity;sid:84534739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671640)"; flow:established,from_client; content:"GET"; http_method; content:"/dns4up.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.233.164.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671640/; classtype:trojan-activity;sid:84534740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671634)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-fr-livraison.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671634/; classtype:trojan-activity;sid:84534734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671631)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialrelais-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671631/; classtype:trojan-activity;sid:84534731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671632)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"elegant-nightingale.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671632/; classtype:trojan-activity;sid:84534732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671633)"; flow:established,from_client; content:"GET"; http_method; content:"/pulv2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.164.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671633/; classtype:trojan-activity;sid:84534733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671628)"; flow:established,from_client; content:"GET"; http_method; content:"/syspul.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.233.164.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671628/; classtype:trojan-activity;sid:84534728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671629)"; flow:established,from_client; content:"GET"; http_method; content:"/2xvv0a4z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5k.ldef-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671629/; classtype:trojan-activity;sid:84534729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671630)"; flow:established,from_client; content:"GET"; http_method; content:"/9d1pk34g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"86w.ldef-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671630/; classtype:trojan-activity;sid:84534730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671626)"; flow:established,from_client; content:"GET"; http_method; content:"/app.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.233.164.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671626/; classtype:trojan-activity;sid:84534726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.185.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671627/; classtype:trojan-activity;sid:84534727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671621)"; flow:established,from_client; content:"GET"; http_method; content:"/3ta4vh7oor.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"qq.kdit5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671621/; classtype:trojan-activity;sid:84534721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671622)"; flow:established,from_client; content:"GET"; http_method; content:"/f1t7zaek0z.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zq.kdit5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671622/; classtype:trojan-activity;sid:84534722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671623)"; flow:established,from_client; content:"GET"; http_method; content:"/update.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.233.164.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671623/; classtype:trojan-activity;sid:84534723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671624)"; flow:established,from_client; content:"GET"; http_method; content:"/sysv2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.164.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671624/; classtype:trojan-activity;sid:84534724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671625)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"guichet-client.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671625/; classtype:trojan-activity;sid:84534725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671620)"; flow:established,from_client; content:"GET"; http_method; content:"/sys32.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.164.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671620/; classtype:trojan-activity;sid:84534720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671618)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dossier0367.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671618/; classtype:trojan-activity;sid:84534718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671619)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myparcel-tracking.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671619/; classtype:trojan-activity;sid:84534719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671610)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"brave-cori.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671610/; classtype:trojan-activity;sid:84534710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671611)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clever-northcutt.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671611/; classtype:trojan-activity;sid:84534711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671612)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ameli-moncompte.ma-situation.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671612/; classtype:trojan-activity;sid:84534712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671613)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"compassionate-yonath.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671613/; classtype:trojan-activity;sid:84534713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671614)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"funny-heyrovsky.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671614/; classtype:trojan-activity;sid:84534714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671615)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"login-myoffices.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671615/; classtype:trojan-activity;sid:84534715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671616)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bold-ellis.196-251-72-149.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671616/; classtype:trojan-activity;sid:84534716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671617)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialsrelay-supports.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671617/; classtype:trojan-activity;sid:84534717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671599)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myguichet-service.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671599/; classtype:trojan-activity;sid:84534699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671600)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"supportulys.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671600/; classtype:trojan-activity;sid:84534700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671601)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"plsavnetfiixsupport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671601/; classtype:trojan-activity;sid:84534701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671602)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myups-tracking.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671602/; classtype:trojan-activity;sid:84534702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671603)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gifted-yalow.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671603/; classtype:trojan-activity;sid:84534703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671604)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-fra-livraisons.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671604/; classtype:trojan-activity;sid:84534704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671605)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.guichet-amende.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671605/; classtype:trojan-activity;sid:84534705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671606)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"unruffled-banach.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671606/; classtype:trojan-activity;sid:84534706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671607)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicolis-be.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671607/; classtype:trojan-activity;sid:84534707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671608)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"colis-francemetropolitaine.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671608/; classtype:trojan-activity;sid:84534708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671609)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"eligibilite-doctolib.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671609/; classtype:trojan-activity;sid:84534709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671583)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialrelayfr-suivi.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671583/; classtype:trojan-activity;sid:84534683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671584)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mrelay-be-acheminement.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671584/; classtype:trojan-activity;sid:84534684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671585)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondial-relaylivraisonfr.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671585/; classtype:trojan-activity;sid:84534685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671586)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"colis-suivis.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671586/; classtype:trojan-activity;sid:84534686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671587)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivirelaisdepot.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671587/; classtype:trojan-activity;sid:84534687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671588)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hgrynetfiixsav.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671588/; classtype:trojan-activity;sid:84534688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671589)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"yoursavnetfilxes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671589/; classtype:trojan-activity;sid:84534689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671590)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gracious-kepler.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671590/; classtype:trojan-activity;sid:84534690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671591)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"supportsavnetfix.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671591/; classtype:trojan-activity;sid:84534691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671592)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialrelay-connect.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671592/; classtype:trojan-activity;sid:84534692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671593)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ameli-connect.cpam-comptes.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671593/; classtype:trojan-activity;sid:84534693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671594)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trusting-tesla.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671594/; classtype:trojan-activity;sid:84534694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671595)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"focused-noether.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671595/; classtype:trojan-activity;sid:84534695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671596)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"artier-recourser.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671596/; classtype:trojan-activity;sid:84534696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671597)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicolis-lu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671597/; classtype:trojan-activity;sid:84534697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671598)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraisons-france-infos.locker"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671598/; classtype:trojan-activity;sid:84534698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671581)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"services-mondialrelay.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671581/; classtype:trojan-activity;sid:84534681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671582)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"yuzidoky.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671582/; classtype:trojan-activity;sid:84534682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671575)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"colis-suivi-help.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671575/; classtype:trojan-activity;sid:84534675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671576)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relais-packet-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671576/; classtype:trojan-activity;sid:84534676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671577)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"adoring-kalam.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671577/; classtype:trojan-activity;sid:84534677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671578)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dossier-amende-minfin.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671578/; classtype:trojan-activity;sid:84534678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671579)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ntflx-sub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671579/; classtype:trojan-activity;sid:84534679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671580)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kunde-konto-sikre.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671580/; classtype:trojan-activity;sid:84534680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671571)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-livraison.support"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671571/; classtype:trojan-activity;sid:84534671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671572)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671572/; classtype:trojan-activity;sid:84534672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671573)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renewntfxsav.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671573/; classtype:trojan-activity;sid:84534673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671574)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dossier4729.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671574/; classtype:trojan-activity;sid:84534674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671564)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relaymondial-services.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671564/; classtype:trojan-activity;sid:84534664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671565)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relayparcel-help.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671565/; classtype:trojan-activity;sid:84534665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671566)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"practical-swirles.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671566/; classtype:trojan-activity;sid:84534666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671567)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jovial-bartik.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671567/; classtype:trojan-activity;sid:84534667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671568)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gracious-northcutt.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671568/; classtype:trojan-activity;sid:84534668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671569)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tv-abonnement.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671569/; classtype:trojan-activity;sid:84534669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671570)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"laughing-perlman.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671570/; classtype:trojan-activity;sid:84534670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671558)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"optimistic-pike.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671558/; classtype:trojan-activity;sid:84534658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671559)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"netfiixrenewacc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671559/; classtype:trojan-activity;sid:84534659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671560)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"great-leavitt.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671560/; classtype:trojan-activity;sid:84534660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671561)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savulyseclient.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671561/; classtype:trojan-activity;sid:84534661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671562)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackparselhl.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671562/; classtype:trojan-activity;sid:84534662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671563)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraisons-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671563/; classtype:trojan-activity;sid:84534663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671554)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-abonnement-disney.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671554/; classtype:trojan-activity;sid:84534654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671555)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hometrack-be-package.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671555/; classtype:trojan-activity;sid:84534655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671556)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relaydelivery.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671556/; classtype:trojan-activity;sid:84534656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671557)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-relivraison.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671557/; classtype:trojan-activity;sid:84534657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671546)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nifty-golick.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671546/; classtype:trojan-activity;sid:84534646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671547)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-myrelay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671547/; classtype:trojan-activity;sid:84534647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671548)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"securaccntnetfiix.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671548/; classtype:trojan-activity;sid:84534648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671549)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servicenetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671549/; classtype:trojan-activity;sid:84534649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671550)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"guichet-amende.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671550/; classtype:trojan-activity;sid:84534650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671551)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"plsavnetfiix.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671551/; classtype:trojan-activity;sid:84534651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671552)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my-minfin-regularisation.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671552/; classtype:trojan-activity;sid:84534652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671553)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"netfiixmxicosav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671553/; classtype:trojan-activity;sid:84534653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671542)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicolis-be.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671542/; classtype:trojan-activity;sid:84534642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671543)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mrelay.livraison.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671543/; classtype:trojan-activity;sid:84534643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671544)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicommanderelay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671544/; classtype:trojan-activity;sid:84534644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671545)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spf-justitie-belgium.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671545/; classtype:trojan-activity;sid:84534645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671541)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-colis.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671541/; classtype:trojan-activity;sid:84534641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671536)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"elegant-shtern.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671536/; classtype:trojan-activity;sid:84534636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671537)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivis-de-colis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671537/; classtype:trojan-activity;sid:84534637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671538)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"beparcel-collect.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671538/; classtype:trojan-activity;sid:84534638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671539)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"accntmynetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671539/; classtype:trojan-activity;sid:84534639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671540)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"paketdhservice.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671540/; classtype:trojan-activity;sid:84534640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671528)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rediriger-ma-livraison.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671528/; classtype:trojan-activity;sid:84534628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671529)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relay-lu-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671529/; classtype:trojan-activity;sid:84534629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671530)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"takeyour-parcel.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671530/; classtype:trojan-activity;sid:84534630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671531)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renew-subscription.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671531/; classtype:trojan-activity;sid:84534631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671532)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"reactivation-amelie-account.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671532/; classtype:trojan-activity;sid:84534632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671533)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bold-hypatia.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671533/; classtype:trojan-activity;sid:84534633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671534)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pay-subscription.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671534/; classtype:trojan-activity;sid:84534634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671535)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"stoic-poincare.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671535/; classtype:trojan-activity;sid:84534635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671518)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jolly-mendeleev.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671518/; classtype:trojan-activity;sid:84534618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671519)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mysubscription-renewal.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671519/; classtype:trojan-activity;sid:84534619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671520)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"reverent-tereshkova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671520/; classtype:trojan-activity;sid:84534620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671521)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"frosty-wozniak.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671521/; classtype:trojan-activity;sid:84534621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671522)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"condescending-wilson.196-251-72-149.plesk.page"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671522/; classtype:trojan-activity;sid:84534622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671523)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackmy-order.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671523/; classtype:trojan-activity;sid:84534623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671524)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"friendly-cray.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671524/; classtype:trojan-activity;sid:84534624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671525)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nifty-johnson.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671525/; classtype:trojan-activity;sid:84534625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671526)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ameli-situtations.mon-comptes.help"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671526/; classtype:trojan-activity;sid:84534626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671527)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ecstatic-villani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671527/; classtype:trojan-activity;sid:84534627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671512)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sharp-franklin.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671512/; classtype:trojan-activity;sid:84534612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671513)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"frosty-albattani.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671513/; classtype:trojan-activity;sid:84534613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671514)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bpost-frais-dedouanement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671514/; classtype:trojan-activity;sid:84534614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671515)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraisons-colis-france.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671515/; classtype:trojan-activity;sid:84534615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671516)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-upsdelivery.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671516/; classtype:trojan-activity;sid:84534616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671517)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renewaccntsav.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671517/; classtype:trojan-activity;sid:84534617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671511)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"eager-dirac.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671511/; classtype:trojan-activity;sid:84534611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671508)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gallant-ganguly.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671508/; classtype:trojan-activity;sid:84534608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671509)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bold-kowalevski.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671509/; classtype:trojan-activity;sid:84534609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671510)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relay-parcel.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671510/; classtype:trojan-activity;sid:84534610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671504)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dhitrackparcei.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671504/; classtype:trojan-activity;sid:84534604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671505)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"formulaire-locker.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671505/; classtype:trojan-activity;sid:84534605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671506)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spf-amende.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671506/; classtype:trojan-activity;sid:84534606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671507)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ameli-moncompte.situation-administrative.info"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671507/; classtype:trojan-activity;sid:84534607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671496)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relayservice-pay.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671496/; classtype:trojan-activity;sid:84534596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671497)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monrelay-support.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671497/; classtype:trojan-activity;sid:84534597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671498)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"recursing-hawking.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671498/; classtype:trojan-activity;sid:84534598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671499)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savnetfxserv.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671499/; classtype:trojan-activity;sid:84534599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671500)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hometrack-package-tracking.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671500/; classtype:trojan-activity;sid:84534600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671501)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"strange-swartz.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671501/; classtype:trojan-activity;sid:84534601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671502)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackyridpaket.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671502/; classtype:trojan-activity;sid:84534602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671503)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savnetfixaccount.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671503/; classtype:trojan-activity;sid:84534603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671491)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ntfxrenewservice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671491/; classtype:trojan-activity;sid:84534591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671492)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ecstatic-wing.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671492/; classtype:trojan-activity;sid:84534592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671493)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nervous-pasteur.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671493/; classtype:trojan-activity;sid:84534593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671494)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ulys-telepeage-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671494/; classtype:trojan-activity;sid:84534594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671495)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"objective-ramanujan.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671495/; classtype:trojan-activity;sid:84534595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671489)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renew-account-lock.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671489/; classtype:trojan-activity;sid:84534589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671490)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servicedgtes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671490/; classtype:trojan-activity;sid:84534590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671488)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nifty-hypatia.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671488/; classtype:trojan-activity;sid:84534588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671483)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"paymentmy-minfinbe.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671483/; classtype:trojan-activity;sid:84534583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671484)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"reverent-brattain.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671484/; classtype:trojan-activity;sid:84534584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671485)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relaymyparcel.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671485/; classtype:trojan-activity;sid:84534585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671486)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivirelaisdepots.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671486/; classtype:trojan-activity;sid:84534586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671487)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondiai-reiay-reglement.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671487/; classtype:trojan-activity;sid:84534587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671478)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"quizzical-lederberg.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671478/; classtype:trojan-activity;sid:84534578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671479)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-suivi-track.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671479/; classtype:trojan-activity;sid:84534579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671480)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"particulier-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671480/; classtype:trojan-activity;sid:84534580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671481)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gestion-pickup-relay2025.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671481/; classtype:trojan-activity;sid:84534581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671482)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"packet-nouvellelivraisons-fr.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671482/; classtype:trojan-activity;sid:84534582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671470)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialrelay-reply.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671470/; classtype:trojan-activity;sid:84534570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671471)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"telepeage-ulys-france.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671471/; classtype:trojan-activity;sid:84534571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671472)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myguichet-espace.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671472/; classtype:trojan-activity;sid:84534572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671473)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monsuivi-colis.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671473/; classtype:trojan-activity;sid:84534573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671474)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nouvellelivraison-locker-fr.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671474/; classtype:trojan-activity;sid:84534574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671475)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myluxtrust-accountsecurity.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671475/; classtype:trojan-activity;sid:84534575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671476)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rendezsnetfiixhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671476/; classtype:trojan-activity;sid:84534576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671477)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relay-my-parcel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671477/; classtype:trojan-activity;sid:84534577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671461)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.support"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671461/; classtype:trojan-activity;sid:84534561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671462)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"colislivraison-suivi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671462/; classtype:trojan-activity;sid:84534562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671463)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gallant-mcnulty.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671463/; classtype:trojan-activity;sid:84534563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671464)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"strange-spence.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671464/; classtype:trojan-activity;sid:84534564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671465)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mysuprtntfx.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671465/; classtype:trojan-activity;sid:84534565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671466)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"crazy-proskuriakova.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671466/; classtype:trojan-activity;sid:84534566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671467)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sad-mclaren.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671467/; classtype:trojan-activity;sid:84534567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671468)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"brussels-payments.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671468/; classtype:trojan-activity;sid:84534568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671469)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"supportnetfiixsavza.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671469/; classtype:trojan-activity;sid:84534569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671458)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"magical-shirley.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671458/; classtype:trojan-activity;sid:84534558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671459)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"colis-suivi-lu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671459/; classtype:trojan-activity;sid:84534559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671460)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"securplnetfiixsav.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671460/; classtype:trojan-activity;sid:84534560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671457)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pickup-mreiay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671457/; classtype:trojan-activity;sid:84534557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671449)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"funny-villani.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671449/; classtype:trojan-activity;sid:84534549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671450)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackdelivery-customer.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671450/; classtype:trojan-activity;sid:84534550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671451)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monrelayfr-support.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671451/; classtype:trojan-activity;sid:84534551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671452)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivideliveryinfo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671452/; classtype:trojan-activity;sid:84534552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671453)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"brusselspayments.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671453/; classtype:trojan-activity;sid:84534553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671454)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondial-services.informations-colis.help"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671454/; classtype:trojan-activity;sid:84534554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671455)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dreamy-hamilton.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671455/; classtype:trojan-activity;sid:84534555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671456)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savnetfiixmxico.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671456/; classtype:trojan-activity;sid:84534556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671448)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondial-pickup.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671448/; classtype:trojan-activity;sid:84534548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671444)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"affectionate-edison.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671444/; classtype:trojan-activity;sid:84534544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671445)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"thirsty-heisenberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671445/; classtype:trojan-activity;sid:84534545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671446)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savraiffeizen-at.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671446/; classtype:trojan-activity;sid:84534546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671447)"; flow:established,from_client; content:"GET"; http_method; content:"/havoc/payloads/dllldr.x64.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"217.156.25.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671447/; classtype:trojan-activity;sid:84534547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671433)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nouvelletechbandedefou.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671433/; classtype:trojan-activity;sid:84534533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671434)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671434/; classtype:trojan-activity;sid:84534534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671435)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assurancemaladie-actualisation.help"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671435/; classtype:trojan-activity;sid:84534535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671436)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"moncolis-suivi.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671436/; classtype:trojan-activity;sid:84534536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671437)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trusting-raman.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671437/; classtype:trojan-activity;sid:84534537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671438)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"upbeat-noether.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671438/; classtype:trojan-activity;sid:84534538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671439)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"intelligent-mayer.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671439/; classtype:trojan-activity;sid:84534539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671440)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gracious-lamarr.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671440/; classtype:trojan-activity;sid:84534540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671441)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"laughing-herschel.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671441/; classtype:trojan-activity;sid:84534541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671442)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mynetfxsuprt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671442/; classtype:trojan-activity;sid:84534542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671443)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"netflxaccntsav.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671443/; classtype:trojan-activity;sid:84534543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671426)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ma-facture-enovos.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671426/; classtype:trojan-activity;sid:84534526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671427)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relivraison-formulaire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671427/; classtype:trojan-activity;sid:84534527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671428)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"elegant-borg.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671428/; classtype:trojan-activity;sid:84534528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671429)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renvouvellementinformationameli.info"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671429/; classtype:trojan-activity;sid:84534529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671430)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"accountnetfix.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671430/; classtype:trojan-activity;sid:84534530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671431)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"particulierslocker.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671431/; classtype:trojan-activity;sid:84534531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671432)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savpaypaiaccnt.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671432/; classtype:trojan-activity;sid:84534532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671425)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mrelay-colis-fr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671425/; classtype:trojan-activity;sid:84534525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671423)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"info-livraison-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671423/; classtype:trojan-activity;sid:84534523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671424)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondials-suivis-relay.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671424/; classtype:trojan-activity;sid:84534524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671403)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savnfiixsupprt.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671403/; classtype:trojan-activity;sid:84534503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671404)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"esdossier0865.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671404/; classtype:trojan-activity;sid:84534504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671405)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sav-monrelay.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671405/; classtype:trojan-activity;sid:84534505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671406)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ameli-guadeloupe.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671406/; classtype:trojan-activity;sid:84534506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671407)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"redirection-mondialrelais.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671407/; classtype:trojan-activity;sid:84534507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671408)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"antai-aide.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671408/; classtype:trojan-activity;sid:84534508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671409)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"espace-servicefamily.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671409/; classtype:trojan-activity;sid:84534509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671410)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savmxlcnetfiix.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671410/; classtype:trojan-activity;sid:84534510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671411)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671411/; classtype:trojan-activity;sid:84534511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671412)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mrelayy-mon-acheminement.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671412/; classtype:trojan-activity;sid:84534512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671413)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"netlfix-suscripcion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671413/; classtype:trojan-activity;sid:84534513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671414)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wizardly-fermat.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671414/; classtype:trojan-activity;sid:84534514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671415)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ameii-moncompte.ma-situations.info"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671415/; classtype:trojan-activity;sid:84534515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671416)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivimondialrelay-colis.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671416/; classtype:trojan-activity;sid:84534516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671417)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondial-relaylockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671417/; classtype:trojan-activity;sid:84534517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671418)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"connect-avantages.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671418/; classtype:trojan-activity;sid:84534518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671419)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"expedition-mrelayy.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671419/; classtype:trojan-activity;sid:84534519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671420)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ecstatic-kare.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671420/; classtype:trojan-activity;sid:84534520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671421)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraisons-infos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671421/; classtype:trojan-activity;sid:84534521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671422)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"interesting-hofstadter.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671422/; classtype:trojan-activity;sid:84534522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671398)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tracking-parcel-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671398/; classtype:trojan-activity;sid:84534498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671399)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mxicnetfiixservice.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671399/; classtype:trojan-activity;sid:84534499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671400)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hometrack-package-lu.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671400/; classtype:trojan-activity;sid:84534500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671401)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mrelay-relais.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671401/; classtype:trojan-activity;sid:84534501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671402)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"verif-appareil-confiance.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671402/; classtype:trojan-activity;sid:84534502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671392)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mynetllxrenew.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671392/; classtype:trojan-activity;sid:84534492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671393)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hardcore-boyd.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671393/; classtype:trojan-activity;sid:84534493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671394)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servmetfiixsavsa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671394/; classtype:trojan-activity;sid:84534494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671395)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"amazing-lederberg.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671395/; classtype:trojan-activity;sid:84534495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671396)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"billing-renew-subscription.info"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671396/; classtype:trojan-activity;sid:84534496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671397)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sweet-fermi.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671397/; classtype:trojan-activity;sid:84534497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671389)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xyznetfilxhusav.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671389/; classtype:trojan-activity;sid:84534489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671390)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialrelais-creneaux.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671390/; classtype:trojan-activity;sid:84534490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671391)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-suivi.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671391/; classtype:trojan-activity;sid:84534491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671381)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-colis-suivi-bpost.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671381/; classtype:trojan-activity;sid:84534481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671382)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"webmail.rediriger-ma-livraison.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671382/; classtype:trojan-activity;sid:84534482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671383)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"thirsty-ride.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671383/; classtype:trojan-activity;sid:84534483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671384)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dreamy-keller.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671384/; classtype:trojan-activity;sid:84534484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671385)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my-canal.support-moncompte.help"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671385/; classtype:trojan-activity;sid:84534485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671386)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savnetfiix-client.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671386/; classtype:trojan-activity;sid:84534486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671387)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savnetfixrenew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671387/; classtype:trojan-activity;sid:84534487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671388)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialerelay-suivi-info.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671388/; classtype:trojan-activity;sid:84534488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671374)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraison.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671374/; classtype:trojan-activity;sid:84534474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671375)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"colislivraisonsuivi.support"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671375/; classtype:trojan-activity;sid:84534475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671376)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myups-package.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671376/; classtype:trojan-activity;sid:84534476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671377)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"subscription-help.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671377/; classtype:trojan-activity;sid:84534477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671378)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialrelay-colis.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671378/; classtype:trojan-activity;sid:84534478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671379)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"uptrackparsei.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671379/; classtype:trojan-activity;sid:84534479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671380)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialsrelay-redirection.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671380/; classtype:trojan-activity;sid:84534480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671371)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraison-expressfr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671371/; classtype:trojan-activity;sid:84534471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671372)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ntfiixsavclient.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671372/; classtype:trojan-activity;sid:84534472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671373)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"usernetfiixpolskasav.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671373/; classtype:trojan-activity;sid:84534473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671370)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"verification-mobile-cm.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671370/; classtype:trojan-activity;sid:84534470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671363)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"service-parcel-pay.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671363/; classtype:trojan-activity;sid:84534463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671364)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"services-monrelay.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671364/; classtype:trojan-activity;sid:84534464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671365)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"payoursavnetfilx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671365/; classtype:trojan-activity;sid:84534465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671366)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renewntfxsav.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671366/; classtype:trojan-activity;sid:84534466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671367)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hungry-kalam.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671367/; classtype:trojan-activity;sid:84534467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671368)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"peaceful-gates.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671368/; classtype:trojan-activity;sid:84534468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671369)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicommandesrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671369/; classtype:trojan-activity;sid:84534469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671346)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"customer-trackdelivery.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671346/; classtype:trojan-activity;sid:84534446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671347)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"usernetfiixsavhu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671347/; classtype:trojan-activity;sid:84534447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671348)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nikita.support"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671348/; classtype:trojan-activity;sid:84534448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671349)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pedantic-mcclintock.196-251-72-149.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671349/; classtype:trojan-activity;sid:84534449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671350)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"confirmation-appareil-confiance.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671350/; classtype:trojan-activity;sid:84534450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671351)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mynetfxsupprt.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671351/; classtype:trojan-activity;sid:84534451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671352)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"secureamericainexpress.help"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671352/; classtype:trojan-activity;sid:84534452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671353)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relivraison-packet-france.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671353/; classtype:trojan-activity;sid:84534453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671354)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"distracted-nightingale.196-251-72-149.plesk.page"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671354/; classtype:trojan-activity;sid:84534454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671355)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialrelais-livraison.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671355/; classtype:trojan-activity;sid:84534455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671356)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraisons-infos-fr.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671356/; classtype:trojan-activity;sid:84534456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671357)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renouvellement-ameli.support"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671357/; classtype:trojan-activity;sid:84534457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671358)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671358/; classtype:trojan-activity;sid:84534458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671359)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"serene-swartz.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671359/; classtype:trojan-activity;sid:84534459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671360)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"strange-yalow.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671360/; classtype:trojan-activity;sid:84534460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671361)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lux-trust-aide-support.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671361/; classtype:trojan-activity;sid:84534461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671362)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraison-france-infos.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671362/; classtype:trojan-activity;sid:84534462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671340)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relayhome-trackparcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671340/; classtype:trojan-activity;sid:84534440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671341)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"get-yourparcel.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671341/; classtype:trojan-activity;sid:84534441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671342)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"practical-wu.196-251-72-149.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671342/; classtype:trojan-activity;sid:84534442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671343)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ameli-cpam.support-moncompte.help"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671343/; classtype:trojan-activity;sid:84534443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671344)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mon-comptes.help"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671344/; classtype:trojan-activity;sid:84534444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671345)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sweet-neumann.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671345/; classtype:trojan-activity;sid:84534445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671339)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondial-relay-center.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671339/; classtype:trojan-activity;sid:84534439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671338)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hometrack-support-help.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671338/; classtype:trojan-activity;sid:84534438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671309)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"takeyourpackagebe.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671309/; classtype:trojan-activity;sid:84534409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671310)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"optimistic-leakey.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671310/; classtype:trojan-activity;sid:84534410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671311)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"goofy-shirley.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671311/; classtype:trojan-activity;sid:84534411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671312)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"youthful-solomon.196-251-72-149.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671312/; classtype:trojan-activity;sid:84534412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671313)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ups.supporto-pacchi.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671313/; classtype:trojan-activity;sid:84534413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671314)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"serene-dhawan.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671314/; classtype:trojan-activity;sid:84534414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671315)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"reglementminfin-be.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671315/; classtype:trojan-activity;sid:84534415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671316)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"m-relay-suivi-fr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671316/; classtype:trojan-activity;sid:84534416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671317)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myups-package.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671317/; classtype:trojan-activity;sid:84534417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671318)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"objective-goldberg.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671318/; classtype:trojan-activity;sid:84534418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671319)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vigilant-antonelli.196-251-72-149.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671319/; classtype:trojan-activity;sid:84534419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671320)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ulys-autoroutes-fr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671320/; classtype:trojan-activity;sid:84534420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671321)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vibrant-jackson.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671321/; classtype:trojan-activity;sid:84534421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671322)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"monrelay.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671322/; classtype:trojan-activity;sid:84534422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671323)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renewmynetllx.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671323/; classtype:trojan-activity;sid:84534423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671324)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dossiergmuitas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671324/; classtype:trojan-activity;sid:84534424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671325)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraison-relais-info.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671325/; classtype:trojan-activity;sid:84534425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671326)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivirelayy.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671326/; classtype:trojan-activity;sid:84534426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671327)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mrelayy-acheminement.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671327/; classtype:trojan-activity;sid:84534427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671328)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"reglementnetflix-fr.help"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671328/; classtype:trojan-activity;sid:84534428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671329)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mondialservice-relay.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671329/; classtype:trojan-activity;sid:84534429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671330)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myparcel-relay.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671330/; classtype:trojan-activity;sid:84534430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671331)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mxiconetfllxserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671331/; classtype:trojan-activity;sid:84534431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671332)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sarenewnetfiixsav.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671332/; classtype:trojan-activity;sid:84534432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671333)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"packrelay-espace.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671333/; classtype:trojan-activity;sid:84534433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671334)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"interesting-morse.196-251-72-149.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671334/; classtype:trojan-activity;sid:84534434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671335)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jolly-germain.196-251-72-149.plesk.page"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671335/; classtype:trojan-activity;sid:84534435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671336)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mrelay-luxembourg.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671336/; classtype:trojan-activity;sid:84534436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671337)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"upcpackettrack.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671337/; classtype:trojan-activity;sid:84534437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671307)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mymondialrelay-parcel.help"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671307/; classtype:trojan-activity;sid:84534407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671308)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sav-ntfxrenew.help"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671308/; classtype:trojan-activity;sid:84534408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671301)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraison-mondialrelais.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671301/; classtype:trojan-activity;sid:84534401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671302)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackupsid.help"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671302/; classtype:trojan-activity;sid:84534402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671303)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivicommanderelais.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671303/; classtype:trojan-activity;sid:84534403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671304)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"telepeage-ulys-fr.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671304/; classtype:trojan-activity;sid:84534404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671305)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"la-bnpcledigital.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671305/; classtype:trojan-activity;sid:84534405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671306)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"redistribution-locker.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671306/; classtype:trojan-activity;sid:84534406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671295)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aide-suivi-livraison.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671295/; classtype:trojan-activity;sid:84534395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671296)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mise-a-jours-ameli.support"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671296/; classtype:trojan-activity;sid:84534396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671297)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"servntflxmgyrsav.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671297/; classtype:trojan-activity;sid:84534397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671298)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nostalgic-curie.196-251-72-149.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671298/; classtype:trojan-activity;sid:84534398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671299)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"packet-relivraison-fr.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671299/; classtype:trojan-activity;sid:84534399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671300)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myminfin-info-be.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671300/; classtype:trojan-activity;sid:84534400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671282)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renewnow.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671282/; classtype:trojan-activity;sid:84534382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671283)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671283/; classtype:trojan-activity;sid:84534383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671284)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"solazone.help"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671284/; classtype:trojan-activity;sid:84534384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671285)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671285/; classtype:trojan-activity;sid:84534385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671286)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"colis-nouvellelivraison-france.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671286/; classtype:trojan-activity;sid:84534386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671287)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renouvellement.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671287/; classtype:trojan-activity;sid:84534387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671288)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rediriger-ma-relivraison.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671288/; classtype:trojan-activity;sid:84534388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671289)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myparcel-track.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671289/; classtype:trojan-activity;sid:84534389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671290)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savnetflixco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671290/; classtype:trojan-activity;sid:84534390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671291)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"relaisdepot-suivi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671291/; classtype:trojan-activity;sid:84534391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671292)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"parkingbrussels.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671292/; classtype:trojan-activity;sid:84534392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671293)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"subscription-tv.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671293/; classtype:trojan-activity;sid:84534393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671294)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"support-hometrack.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671294/; classtype:trojan-activity;sid:84534394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671281)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"livraison-suivre-moncolis.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671281/; classtype:trojan-activity;sid:84534381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671280)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myguichet-amende.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671280/; classtype:trojan-activity;sid:84534380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671272)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savpaypaiuser.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671272/; classtype:trojan-activity;sid:84534372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671273)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"miseajouritsme.help"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671273/; classtype:trojan-activity;sid:84534373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671274)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"locker-redistribution.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671274/; classtype:trojan-activity;sid:84534374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671275)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jolly-yalow.196-251-72-149.plesk.page"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671275/; classtype:trojan-activity;sid:84534375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671276)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"assurancemaladie.support"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671276/; classtype:trojan-activity;sid:84534376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671277)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"regionaleszeveme.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671277/; classtype:trojan-activity;sid:84534377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671278)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myntfxsupprt.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671278/; classtype:trojan-activity;sid:84534378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671279)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"myespace-relaypack.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671279/; classtype:trojan-activity;sid:84534379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671268)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"suivi-pointrelais.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671268/; classtype:trojan-activity;sid:84534368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671269)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ameli.moncompte-cpam.help"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671269/; classtype:trojan-activity;sid:84534369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671270)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"savnet-fixchili.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671270/; classtype:trojan-activity;sid:84534370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671271)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"objective-saha.196-251-72-149.plesk.page"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671271/; classtype:trojan-activity;sid:84534371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671267)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"actualisationameli.help"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671267/; classtype:trojan-activity;sid:84534367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671266)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671266/; classtype:trojan-activity;sid:84534366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671264)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671264/; classtype:trojan-activity;sid:84534364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671265)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671265/; classtype:trojan-activity;sid:84534365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.193.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671258/; classtype:trojan-activity;sid:84534358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.185.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671259/; classtype:trojan-activity;sid:84534359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.254.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671260/; classtype:trojan-activity;sid:84534360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671261)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671261/; classtype:trojan-activity;sid:84534361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671262)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671262/; classtype:trojan-activity;sid:84534362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.254.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671263/; classtype:trojan-activity;sid:84534363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671254)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671254/; classtype:trojan-activity;sid:84534354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.188.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671255/; classtype:trojan-activity;sid:84534355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671256)"; flow:established,from_client; content:"GET"; http_method; content:"/sigmapotato.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"138.199.222.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671256/; classtype:trojan-activity;sid:84534356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671257)"; flow:established,from_client; content:"GET"; http_method; content:"/e.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"138.199.222.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671257/; classtype:trojan-activity;sid:84534357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.124.133.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671251/; classtype:trojan-activity;sid:84534351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671252)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671252/; classtype:trojan-activity;sid:84534352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671253)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671253/; classtype:trojan-activity;sid:84534353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671248)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671248/; classtype:trojan-activity;sid:84534348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671249)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671249/; classtype:trojan-activity;sid:84534349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671250)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671250/; classtype:trojan-activity;sid:84534350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671247)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671247/; classtype:trojan-activity;sid:84534347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671246)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/537906ad18a512bdf8be61c32918bf6caf590813ad00ce5a2b1f3311bb26335c.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"aadcdn.msonline.at"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671246/; classtype:trojan-activity;sid:84534346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671245)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ancientwarlords.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671245/; classtype:trojan-activity;sid:84534345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671240)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"217.156.25.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671240/; classtype:trojan-activity;sid:84534340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671241)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"217.156.25.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671241/; classtype:trojan-activity;sid:84534341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671242)"; flow:established,from_client; content:"GET"; http_method; content:"/havoc/payloads/shellcode.x64.bin"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"217.156.25.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671242/; classtype:trojan-activity;sid:84534342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671243)"; flow:established,from_client; content:"GET"; http_method; content:"/ezpegy9i9z.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zq.kdit5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671243/; classtype:trojan-activity;sid:84534343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671244)"; flow:established,from_client; content:"GET"; http_method; content:"/8n755dlwsk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t2.mcyz4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671244/; classtype:trojan-activity;sid:84534344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671239)"; flow:established,from_client; content:"GET"; http_method; content:"/havoc/payloads/shellcode.x86.bin"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"217.156.25.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671239/; classtype:trojan-activity;sid:84534339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671237)"; flow:established,from_client; content:"GET"; http_method; content:"/2jdc1fwt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2oy.ldef-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671237/; classtype:trojan-activity;sid:84534337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671238)"; flow:established,from_client; content:"GET"; http_method; content:"/41.check|3f|t=eavxy3hw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"j6b.dzem-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671238/; classtype:trojan-activity;sid:84534338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671236)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/537906ad18a512bdf8be61c32918bf6caf590813ad00ce5a2b1f3311bb26335c.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"20.218.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671236/; classtype:trojan-activity;sid:84534336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.233.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671234/; classtype:trojan-activity;sid:84534334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.32.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671235/; classtype:trojan-activity;sid:84534335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671233)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_debug"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.154.251.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671233/; classtype:trojan-activity;sid:84534333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671232)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/da563d576dc14eb0b64edc2525192ce82eedd539490a0bc5625ccd1c17a110f1.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"20.218.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671232/; classtype:trojan-activity;sid:84534332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671231)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/094115f1318c8b032f2af2013b858950c25eee97ab7e943c6919cab5d892c766.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"aadcdn.msonline.at"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671231/; classtype:trojan-activity;sid:84534331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671219/; classtype:trojan-activity;sid:84534319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671220/; classtype:trojan-activity;sid:84534320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671221)"; flow:established,from_client; content:"GET"; http_method; content:"/cdaq3viuo5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b7ye.mcyz4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671221/; classtype:trojan-activity;sid:84534321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671222)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/1372980663d5fe561ce466c382aaac225b87f82a962ce3f39a20d547aa07e214.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"20.218.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671222/; classtype:trojan-activity;sid:84534322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671223)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/a2bff70f83bfb02e8d9063eba65e3d13021d9c739a8685292c86af450d4b8934.doc"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"aadcdn.msonline.at"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671223/; classtype:trojan-activity;sid:84534323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671224)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/a2bff70f83bfb02e8d9063eba65e3d13021d9c739a8685292c86af450d4b8934.doc"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"20.218.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671224/; classtype:trojan-activity;sid:84534324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671225)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/094115f1318c8b032f2af2013b858950c25eee97ab7e943c6919cab5d892c766.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"20.218.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671225/; classtype:trojan-activity;sid:84534325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671226)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/725ded50e7f517addd12f029aeaf9a23f2b9ce6239b98820c8a12ea5cb79dbfa.doc"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"aadcdn.msonline.at"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671226/; classtype:trojan-activity;sid:84534326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671227)"; flow:established,from_client; content:"GET"; http_method; content:"/126vi3ieme.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wyd.kdit5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671227/; classtype:trojan-activity;sid:84534327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671228)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/725ded50e7f517addd12f029aeaf9a23f2b9ce6239b98820c8a12ea5cb79dbfa.doc"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"20.218.135.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671228/; classtype:trojan-activity;sid:84534328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671229)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/1372980663d5fe561ce466c382aaac225b87f82a962ce3f39a20d547aa07e214.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"aadcdn.msonline.at"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671229/; classtype:trojan-activity;sid:84534329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671230)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/da563d576dc14eb0b64edc2525192ce82eedd539490a0bc5625ccd1c17a110f1.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"aadcdn.msonline.at"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671230/; classtype:trojan-activity;sid:84534330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671215)"; flow:established,from_client; content:"GET"; http_method; content:"/54d0thu1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"je.dzem-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671215/; classtype:trojan-activity;sid:84534315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671216)"; flow:established,from_client; content:"GET"; http_method; content:"/5qr.google|3f|t=i4ikb8bg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y4l.dzem-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671216/; classtype:trojan-activity;sid:84534316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671217)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671217/; classtype:trojan-activity;sid:84534317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671218)"; flow:established,from_client; content:"GET"; http_method; content:"/t9falx01cb.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wyd.kdit5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671218/; classtype:trojan-activity;sid:84534318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671214)"; flow:established,from_client; content:"GET"; http_method; content:"/rz.check|3f|t=780brckq"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"je.dzem-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671214/; classtype:trojan-activity;sid:84534314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671213)"; flow:established,from_client; content:"GET"; http_method; content:"/ml33n8zu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y4l.dzem-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671213/; classtype:trojan-activity;sid:84534313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671211/; classtype:trojan-activity;sid:84534311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671212)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671212/; classtype:trojan-activity;sid:84534312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671209/; classtype:trojan-activity;sid:84534309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671210)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671210/; classtype:trojan-activity;sid:84534310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671194/; classtype:trojan-activity;sid:84534294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671195/; classtype:trojan-activity;sid:84534295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671196/; classtype:trojan-activity;sid:84534296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671197/; classtype:trojan-activity;sid:84534297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671198)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671198/; classtype:trojan-activity;sid:84534298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671199)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671199/; classtype:trojan-activity;sid:84534299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671200/; classtype:trojan-activity;sid:84534300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671201)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671201/; classtype:trojan-activity;sid:84534301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671202/; classtype:trojan-activity;sid:84534302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671203/; classtype:trojan-activity;sid:84534303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671204)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671204/; classtype:trojan-activity;sid:84534304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671205)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671205/; classtype:trojan-activity;sid:84534305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671206)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671206/; classtype:trojan-activity;sid:84534306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671207/; classtype:trojan-activity;sid:84534307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671208)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671208/; classtype:trojan-activity;sid:84534308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671178/; classtype:trojan-activity;sid:84534278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671179/; classtype:trojan-activity;sid:84534279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671180)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671180/; classtype:trojan-activity;sid:84534280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671181)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671181/; classtype:trojan-activity;sid:84534281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671182/; classtype:trojan-activity;sid:84534282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671183/; classtype:trojan-activity;sid:84534283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671184/; classtype:trojan-activity;sid:84534284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671185/; classtype:trojan-activity;sid:84534285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671186/; classtype:trojan-activity;sid:84534286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671187/; classtype:trojan-activity;sid:84534287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671188/; classtype:trojan-activity;sid:84534288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671189)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671189/; classtype:trojan-activity;sid:84534289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671190/; classtype:trojan-activity;sid:84534290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671191/; classtype:trojan-activity;sid:84534291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671192/; classtype:trojan-activity;sid:84534292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671193/; classtype:trojan-activity;sid:84534293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671177/; classtype:trojan-activity;sid:84534277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671171/; classtype:trojan-activity;sid:84534271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671172/; classtype:trojan-activity;sid:84534272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671173/; classtype:trojan-activity;sid:84534273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671174)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671174/; classtype:trojan-activity;sid:84534274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671175/; classtype:trojan-activity;sid:84534275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671176)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671176/; classtype:trojan-activity;sid:84534276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671170)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671170/; classtype:trojan-activity;sid:84534270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671165)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671165/; classtype:trojan-activity;sid:84534265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671166)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671166/; classtype:trojan-activity;sid:84534266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671167/; classtype:trojan-activity;sid:84534267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671168/; classtype:trojan-activity;sid:84534268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671169)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671169/; classtype:trojan-activity;sid:84534269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671156/; classtype:trojan-activity;sid:84534256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671157/; classtype:trojan-activity;sid:84534257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671158)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671158/; classtype:trojan-activity;sid:84534258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671159)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671159/; classtype:trojan-activity;sid:84534259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671160/; classtype:trojan-activity;sid:84534260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671161)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671161/; classtype:trojan-activity;sid:84534261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671162)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671162/; classtype:trojan-activity;sid:84534262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671163)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671163/; classtype:trojan-activity;sid:84534263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671164)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671164/; classtype:trojan-activity;sid:84534264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671143/; classtype:trojan-activity;sid:84534243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671144/; classtype:trojan-activity;sid:84534244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671145/; classtype:trojan-activity;sid:84534245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671146/; classtype:trojan-activity;sid:84534246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671147/; classtype:trojan-activity;sid:84534247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671148/; classtype:trojan-activity;sid:84534248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671149/; classtype:trojan-activity;sid:84534249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671150/; classtype:trojan-activity;sid:84534250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671151/; classtype:trojan-activity;sid:84534251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671152/; classtype:trojan-activity;sid:84534252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671153/; classtype:trojan-activity;sid:84534253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671154/; classtype:trojan-activity;sid:84534254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671155/; classtype:trojan-activity;sid:84534255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671142/; classtype:trojan-activity;sid:84534242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671141)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671141/; classtype:trojan-activity;sid:84534241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671139)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671139/; classtype:trojan-activity;sid:84534239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671140)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671140/; classtype:trojan-activity;sid:84534240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671138)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671138/; classtype:trojan-activity;sid:84534238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671132/; classtype:trojan-activity;sid:84534232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671133)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671133/; classtype:trojan-activity;sid:84534233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671134)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671134/; classtype:trojan-activity;sid:84534234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671135)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671135/; classtype:trojan-activity;sid:84534235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671136)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"acheminements-livraisons.info"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671136/; classtype:trojan-activity;sid:84534236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671137)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671137/; classtype:trojan-activity;sid:84534237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671128)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671128/; classtype:trojan-activity;sid:84534228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"trackpacketinfo.help"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671129/; classtype:trojan-activity;sid:84534229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671130)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671130/; classtype:trojan-activity;sid:84534230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671131)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671131/; classtype:trojan-activity;sid:84534231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671119/; classtype:trojan-activity;sid:84534219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671120)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671120/; classtype:trojan-activity;sid:84534220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671121)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671121/; classtype:trojan-activity;sid:84534221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671122)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671122/; classtype:trojan-activity;sid:84534222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671123)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671123/; classtype:trojan-activity;sid:84534223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671124)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671124/; classtype:trojan-activity;sid:84534224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671125)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671125/; classtype:trojan-activity;sid:84534225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671126)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www-mondiai-particuliers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671126/; classtype:trojan-activity;sid:84534226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671127)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671127/; classtype:trojan-activity;sid:84534227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671116/; classtype:trojan-activity;sid:84534216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671117/; classtype:trojan-activity;sid:84534217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671118)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"livraison-colis-france.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671118/; classtype:trojan-activity;sid:84534218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671112/; classtype:trojan-activity;sid:84534212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"mytrackingdelivery.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671113/; classtype:trojan-activity;sid:84534213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671114/; classtype:trojan-activity;sid:84534214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ntfxrenewsupport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671115/; classtype:trojan-activity;sid:84534215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"myrelay-tracking.help"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671111/; classtype:trojan-activity;sid:84534211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671110)"; flow:established,from_client; content:"GET"; http_method; content:"/pentest.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.214.156.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671110/; classtype:trojan-activity;sid:84534210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.127.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671109/; classtype:trojan-activity;sid:84534209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.127.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671108/; classtype:trojan-activity;sid:84534208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671107)"; flow:established,from_client; content:"GET"; http_method; content:"/3d8.google|3f|t=f3i87ndi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"jz.dzem-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671107/; classtype:trojan-activity;sid:84534207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671106)"; flow:established,from_client; content:"GET"; http_method; content:"/jpcejsc0ou.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x32l.mcyz4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671106/; classtype:trojan-activity;sid:84534206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671105/; classtype:trojan-activity;sid:84534205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.233.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671104/; classtype:trojan-activity;sid:84534204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671102)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671102/; classtype:trojan-activity;sid:84534202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671103/; classtype:trojan-activity;sid:84534203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671101)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671101/; classtype:trojan-activity;sid:84534201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.145.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671100/; classtype:trojan-activity;sid:84534200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.2.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671099/; classtype:trojan-activity;sid:84534199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671098)"; flow:established,from_client; content:"GET"; http_method; content:"/m3l58fr57r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k6o.mcyz4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671098/; classtype:trojan-activity;sid:84534198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671097)"; flow:established,from_client; content:"GET"; http_method; content:"/u1g.google|3f|t=4f1cg2u4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"f1.dzem-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671097/; classtype:trojan-activity;sid:84534197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671096)"; flow:established,from_client; content:"GET"; http_method; content:"/hkk2ssaasd.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"n9o.kdit5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671096/; classtype:trojan-activity;sid:84534196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671095)"; flow:established,from_client; content:"GET"; http_method; content:"/0dmjr1sf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f1.dzem-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671095/; classtype:trojan-activity;sid:84534195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.193.219.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671094/; classtype:trojan-activity;sid:84534194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.193.219.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671093/; classtype:trojan-activity;sid:84534193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671092)"; flow:established,from_client; content:"GET"; http_method; content:"/u3bngmij4n.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"n9o.kdit5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671092/; classtype:trojan-activity;sid:84534192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671090)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.238.26.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671090/; classtype:trojan-activity;sid:84534190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671091)"; flow:established,from_client; content:"GET"; http_method; content:"/cwnubsbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tgx.dzem-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671091/; classtype:trojan-activity;sid:84534191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671088)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.238.26.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671088/; classtype:trojan-activity;sid:84534188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671089)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.238.26.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671089/; classtype:trojan-activity;sid:84534189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671081)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.238.26.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671081/; classtype:trojan-activity;sid:84534181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671082)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.238.26.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671082/; classtype:trojan-activity;sid:84534182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671083)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.238.26.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671083/; classtype:trojan-activity;sid:84534183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671084)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.238.26.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671084/; classtype:trojan-activity;sid:84534184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671085)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.238.26.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671085/; classtype:trojan-activity;sid:84534185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671086)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.238.26.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671086/; classtype:trojan-activity;sid:84534186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671087)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"194.238.26.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671087/; classtype:trojan-activity;sid:84534187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.145.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671080/; classtype:trojan-activity;sid:84534180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671079)"; flow:established,from_client; content:"GET"; http_method; content:"/tssai2xbyw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sv.mcyz4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671079/; classtype:trojan-activity;sid:84534179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671078)"; flow:established,from_client; content:"GET"; http_method; content:"/w1.check|3f|t=mdel1c3l"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tgx.dzem-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671078/; classtype:trojan-activity;sid:84534178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.54.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671077/; classtype:trojan-activity;sid:84534177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671076)"; flow:established,from_client; content:"GET"; http_method; content:"/stan.mp4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hubcityradio.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671076/; classtype:trojan-activity;sid:84534176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671075)"; flow:established,from_client; content:"GET"; http_method; content:"/5vr1ql4lfx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sv.mcyz4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671075/; classtype:trojan-activity;sid:84534175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671074)"; flow:established,from_client; content:"GET"; http_method; content:"/jc.check|3f|t=vdc9t8bz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"0c.dzem-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671074/; classtype:trojan-activity;sid:84534174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.29.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671072/; classtype:trojan-activity;sid:84534172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671073)"; flow:established,from_client; content:"GET"; http_method; content:"/ljuragks"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0c.dzem-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671073/; classtype:trojan-activity;sid:84534173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671071)"; flow:established,from_client; content:"GET"; http_method; content:"/eh5oop3v4z.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2l.kdit5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671071/; classtype:trojan-activity;sid:84534171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671070)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"68.64.176.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671070/; classtype:trojan-activity;sid:84534170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671068)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.228.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671068/; classtype:trojan-activity;sid:84534168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671069)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.211.174.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671069/; classtype:trojan-activity;sid:84534169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671061)"; flow:established,from_client; content:"GET"; http_method; content:"/garm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671061/; classtype:trojan-activity;sid:84534161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671062)"; flow:established,from_client; content:"GET"; http_method; content:"/kz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671062/; classtype:trojan-activity;sid:84534162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671063)"; flow:established,from_client; content:"GET"; http_method; content:"/kmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671063/; classtype:trojan-activity;sid:84534163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671064)"; flow:established,from_client; content:"GET"; http_method; content:"/karm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671064/; classtype:trojan-activity;sid:84534164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671065)"; flow:established,from_client; content:"GET"; http_method; content:"/karm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671065/; classtype:trojan-activity;sid:84534165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671066)"; flow:established,from_client; content:"GET"; http_method; content:"/kmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671066/; classtype:trojan-activity;sid:84534166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671067)"; flow:established,from_client; content:"GET"; http_method; content:"/kb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671067/; classtype:trojan-activity;sid:84534167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.82.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671060/; classtype:trojan-activity;sid:84534160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.210.84.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671059/; classtype:trojan-activity;sid:84534159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.102.92.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671058/; classtype:trojan-activity;sid:84534158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.248.185.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671057/; classtype:trojan-activity;sid:84534157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.93.34.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671056/; classtype:trojan-activity;sid:84534156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.69.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671054/; classtype:trojan-activity;sid:84534154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.131.227.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671055/; classtype:trojan-activity;sid:84534155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.254.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671053/; classtype:trojan-activity;sid:84534153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.39.98.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671052/; classtype:trojan-activity;sid:84534152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671051)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/chase_bank_statement_10_13_2025.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"81.90.31.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671051/; classtype:trojan-activity;sid:84534151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671050)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.215.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671050/; classtype:trojan-activity;sid:84534150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671048)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.109.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671048/; classtype:trojan-activity;sid:84534148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671049)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.163.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671049/; classtype:trojan-activity;sid:84534149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671047)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.243.71.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671047/; classtype:trojan-activity;sid:84534147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671046)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.154.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671046/; classtype:trojan-activity;sid:84534146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671045)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.243.254.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671045/; classtype:trojan-activity;sid:84534145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671043)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.144.133.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671043/; classtype:trojan-activity;sid:84534143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671044)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.81.81.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671044/; classtype:trojan-activity;sid:84534144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671042)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.148.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671042/; classtype:trojan-activity;sid:84534142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671041)"; flow:established,from_client; content:"GET"; http_method; content:"/gc.google|3f|t=lft1sf26"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q5.wsit-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671041/; classtype:trojan-activity;sid:84534141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671040)"; flow:established,from_client; content:"GET"; http_method; content:"/7smk5n7by4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f.mcyz4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671040/; classtype:trojan-activity;sid:84534140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671039)"; flow:established,from_client; content:"GET"; http_method; content:"/toc3nkif37.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dgl.blyp9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671039/; classtype:trojan-activity;sid:84534139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671038)"; flow:established,from_client; content:"GET"; http_method; content:"/32gjzvpz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q5.wsit-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671038/; classtype:trojan-activity;sid:84534138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671037)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671037/; classtype:trojan-activity;sid:84534137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671033)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671033/; classtype:trojan-activity;sid:84534133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671034)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671034/; classtype:trojan-activity;sid:84534134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671035)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671035/; classtype:trojan-activity;sid:84534135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671036)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671036/; classtype:trojan-activity;sid:84534136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671032)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671032/; classtype:trojan-activity;sid:84534132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671025)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671025/; classtype:trojan-activity;sid:84534125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671026)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671026/; classtype:trojan-activity;sid:84534126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671027)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671027/; classtype:trojan-activity;sid:84534127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671028)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671028/; classtype:trojan-activity;sid:84534128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671029)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671029/; classtype:trojan-activity;sid:84534129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671030)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671030/; classtype:trojan-activity;sid:84534130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671031/; classtype:trojan-activity;sid:84534131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671024)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ngocronggohan.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671024/; classtype:trojan-activity;sid:84534124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671016)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671016/; classtype:trojan-activity;sid:84534116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671017)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671017/; classtype:trojan-activity;sid:84534117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671018)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671018/; classtype:trojan-activity;sid:84534118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671019)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671019/; classtype:trojan-activity;sid:84534119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671020)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671020/; classtype:trojan-activity;sid:84534120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671021)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671021/; classtype:trojan-activity;sid:84534121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671022)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671022/; classtype:trojan-activity;sid:84534122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671023)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671023/; classtype:trojan-activity;sid:84534123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671012)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671012/; classtype:trojan-activity;sid:84534112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671013)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671013/; classtype:trojan-activity;sid:84534113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671014)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671014/; classtype:trojan-activity;sid:84534114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671015)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671015/; classtype:trojan-activity;sid:84534115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671011)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671011/; classtype:trojan-activity;sid:84534111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671009)"; flow:established,from_client; content:"GET"; http_method; content:"/37igyh3s0u.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"uk.blyp9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671009/; classtype:trojan-activity;sid:84534109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671010)"; flow:established,from_client; content:"GET"; http_method; content:"/g74o2htxob.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6hg.bvum6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671010/; classtype:trojan-activity;sid:84534110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671007)"; flow:established,from_client; content:"GET"; http_method; content:"/334axlt0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iha.wsit-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671007/; classtype:trojan-activity;sid:84534107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671008)"; flow:established,from_client; content:"GET"; http_method; content:"/wi.check|3f|t=5tf0ez43"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"iha.wsit-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671008/; classtype:trojan-activity;sid:84534108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671004/; classtype:trojan-activity;sid:84534104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671005)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671005/; classtype:trojan-activity;sid:84534105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671006/; classtype:trojan-activity;sid:84534106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670993)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670993/; classtype:trojan-activity;sid:84534093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670994/; classtype:trojan-activity;sid:84534094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670995)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670995/; classtype:trojan-activity;sid:84534095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670996/; classtype:trojan-activity;sid:84534096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670997)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670997/; classtype:trojan-activity;sid:84534097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670998/; classtype:trojan-activity;sid:84534098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670999/; classtype:trojan-activity;sid:84534099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671000/; classtype:trojan-activity;sid:84534100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671001/; classtype:trojan-activity;sid:84534101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671002/; classtype:trojan-activity;sid:84534102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671003/; classtype:trojan-activity;sid:84534103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670992)"; flow:established,from_client; content:"GET"; http_method; content:"/lso2t0av"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"emc.wsit-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670992/; classtype:trojan-activity;sid:84534092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.223.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670990/; classtype:trojan-activity;sid:84534090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670991)"; flow:established,from_client; content:"GET"; http_method; content:"/qp4.google|3f|t=wzknnfoe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"yi.wsit-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670991/; classtype:trojan-activity;sid:84534091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"googleplugin.pupaproj.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670989/; classtype:trojan-activity;sid:84534089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670986)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670986/; classtype:trojan-activity;sid:84534086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670987)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670987/; classtype:trojan-activity;sid:84534087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670988)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670988/; classtype:trojan-activity;sid:84534088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670983)"; flow:established,from_client; content:"GET"; http_method; content:"/r078baqhbi.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"iz.blyp9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670983/; classtype:trojan-activity;sid:84534083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670984)"; flow:established,from_client; content:"GET"; http_method; content:"/mcfds6zy21.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"iz.blyp9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670984/; classtype:trojan-activity;sid:84534084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670985)"; flow:established,from_client; content:"GET"; http_method; content:"/hgjwq9ko2h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j9pc.bvum6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670985/; classtype:trojan-activity;sid:84534085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670982)"; flow:established,from_client; content:"GET"; http_method; content:"/2tlyoo0h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yi.wsit-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670982/; classtype:trojan-activity;sid:84534082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670974)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670974/; classtype:trojan-activity;sid:84534074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670975)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670975/; classtype:trojan-activity;sid:84534075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670976)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670976/; classtype:trojan-activity;sid:84534076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670977)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670977/; classtype:trojan-activity;sid:84534077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670978)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670978/; classtype:trojan-activity;sid:84534078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670979)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670979/; classtype:trojan-activity;sid:84534079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670980)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670980/; classtype:trojan-activity;sid:84534080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670981)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670981/; classtype:trojan-activity;sid:84534081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670973)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"alphac2.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670973/; classtype:trojan-activity;sid:84534073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670972)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670972/; classtype:trojan-activity;sid:84534072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.244.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670971/; classtype:trojan-activity;sid:84534071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670970)"; flow:established,from_client; content:"GET"; http_method; content:"/fk064if8zx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0we.bvum6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670970/; classtype:trojan-activity;sid:84534070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670969)"; flow:established,from_client; content:"GET"; http_method; content:"/myx.check|3f|t=idhpcvbk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"emc.wsit-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670969/; classtype:trojan-activity;sid:84534069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.10.89.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670968/; classtype:trojan-activity;sid:84534068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670967)"; flow:established,from_client; content:"GET"; http_method; content:"/vhbrm7uj3x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0we.bvum6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670967/; classtype:trojan-activity;sid:84534067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670966)"; flow:established,from_client; content:"GET"; http_method; content:"/047.check|3f|t=ekvpzr9c"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n9.wsit-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670966/; classtype:trojan-activity;sid:84534066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670965)"; flow:established,from_client; content:"GET"; http_method; content:"/x614kzjpn6.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"g5.blyp9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670965/; classtype:trojan-activity;sid:84534065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670964)"; flow:established,from_client; content:"GET"; http_method; content:"/8i63is6f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"n9.wsit-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670964/; classtype:trojan-activity;sid:84534064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670963)"; flow:established,from_client; content:"GET"; http_method; content:"/t8pn0yu3mi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z5k.bvum6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670963/; classtype:trojan-activity;sid:84534063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670962)"; flow:established,from_client; content:"GET"; http_method; content:"/zl.google|3f|t=s7bnyn7h"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9t.wsit-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670962/; classtype:trojan-activity;sid:84534062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670958)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670958/; classtype:trojan-activity;sid:84534058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670959)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670959/; classtype:trojan-activity;sid:84534059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670960)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670960/; classtype:trojan-activity;sid:84534060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670961)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670961/; classtype:trojan-activity;sid:84534061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670947)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670947/; classtype:trojan-activity;sid:84534047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670948)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670948/; classtype:trojan-activity;sid:84534048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670949)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670949/; classtype:trojan-activity;sid:84534049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670950)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670950/; classtype:trojan-activity;sid:84534050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670951)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670951/; classtype:trojan-activity;sid:84534051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670952)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670952/; classtype:trojan-activity;sid:84534052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670953)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670953/; classtype:trojan-activity;sid:84534053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670954)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670954/; classtype:trojan-activity;sid:84534054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670955)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670955/; classtype:trojan-activity;sid:84534055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670956)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670956/; classtype:trojan-activity;sid:84534056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670957)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.148.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670957/; classtype:trojan-activity;sid:84534057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670946)"; flow:established,from_client; content:"GET"; http_method; content:"/zl.google|3f|t=ntpciven"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9t.wsit-4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670946/; classtype:trojan-activity;sid:84534046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670945)"; flow:established,from_client; content:"GET"; http_method; content:"/iav5mo0hsz.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"g5.blyp9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670945/; classtype:trojan-activity;sid:84534045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.64.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670944/; classtype:trojan-activity;sid:84534044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670943)"; flow:established,from_client; content:"GET"; http_method; content:"/1ittmu3hei.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z5k.bvum6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670943/; classtype:trojan-activity;sid:84534043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670942)"; flow:established,from_client; content:"GET"; http_method; content:"/l1n.google|3f|t=kvk5kmm2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hv3.wsit-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670942/; classtype:trojan-activity;sid:84534042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670940)"; flow:established,from_client; content:"GET"; http_method; content:"/l1n.google|3f|t=ab8ddmhd"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hv3.wsit-4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670940/; classtype:trojan-activity;sid:84534040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670941)"; flow:established,from_client; content:"GET"; http_method; content:"/nzpid9ueb5.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"aw.blyp9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670941/; classtype:trojan-activity;sid:84534041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.29.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670939/; classtype:trojan-activity;sid:84534039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.196.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670938/; classtype:trojan-activity;sid:84534038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.89.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670937/; classtype:trojan-activity;sid:84534037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670936)"; flow:established,from_client; content:"GET"; http_method; content:"/xyl5accpok.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"rmi.blyp9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670936/; classtype:trojan-activity;sid:84534036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670935)"; flow:established,from_client; content:"GET"; http_method; content:"/pt.google|3f|t=k0zqb4nv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1mk.vqod-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670935/; classtype:trojan-activity;sid:84534035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670934)"; flow:established,from_client; content:"GET"; http_method; content:"/pt.google|3f|t=iok9hymc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1mk.vqod-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670934/; classtype:trojan-activity;sid:84534034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670933)"; flow:established,from_client; content:"GET"; http_method; content:"/xbh9chroj3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c.bvum6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670933/; classtype:trojan-activity;sid:84534033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.234.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670932/; classtype:trojan-activity;sid:84534032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670931)"; flow:established,from_client; content:"GET"; http_method; content:"/7nuu3s01yj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c.bvum6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670931/; classtype:trojan-activity;sid:84534031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670930)"; flow:established,from_client; content:"GET"; http_method; content:"/ql.google|3f|t=gm8q20xy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vnv.vqod-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670930/; classtype:trojan-activity;sid:84534030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670929/; classtype:trojan-activity;sid:84534029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670928)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6316676254/3pgk8zn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670928/; classtype:trojan-activity;sid:84534028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670927)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6542402214/qtc2mjx.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670927/; classtype:trojan-activity;sid:84534027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670926)"; flow:established,from_client; content:"GET"; http_method; content:"/o2um9ezz3d.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"43.tvil0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670926/; classtype:trojan-activity;sid:84534026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670925)"; flow:established,from_client; content:"GET"; http_method; content:"/90p.google|3f|t=ajvngm9j"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"81s.vqod-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670925/; classtype:trojan-activity;sid:84534025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670924)"; flow:established,from_client; content:"GET"; http_method; content:"/s27mzu9ucn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"7b.bvum6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670924/; classtype:trojan-activity;sid:84534024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670923)"; flow:established,from_client; content:"GET"; http_method; content:"/90p.google|3f|t=wt3g2h7k"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"81s.vqod-2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670923/; classtype:trojan-activity;sid:84534023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.196.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670922/; classtype:trojan-activity;sid:84534022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670921/; classtype:trojan-activity;sid:84534021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670920)"; flow:established,from_client; content:"GET"; http_method; content:"/m24xcko4k5.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"43.tvil0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670920/; classtype:trojan-activity;sid:84534020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670919)"; flow:established,from_client; content:"GET"; http_method; content:"/ruy.check|3f|t=i8ngtw3c"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7e.vqod-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670919/; classtype:trojan-activity;sid:84534019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.178.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670918/; classtype:trojan-activity;sid:84534018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.179.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670917/; classtype:trojan-activity;sid:84534017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.154.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670916/; classtype:trojan-activity;sid:84534016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.245.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670912/; classtype:trojan-activity;sid:84534012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.21.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670913/; classtype:trojan-activity;sid:84534013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.54.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670914/; classtype:trojan-activity;sid:84534014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.166.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670915/; classtype:trojan-activity;sid:84534015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.38.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670908/; classtype:trojan-activity;sid:84534008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.225.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670909/; classtype:trojan-activity;sid:84534009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.212.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670910/; classtype:trojan-activity;sid:84534010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.124.133.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670911/; classtype:trojan-activity;sid:84534011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.33.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670907/; classtype:trojan-activity;sid:84534007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.189.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670906/; classtype:trojan-activity;sid:84534006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670905)"; flow:established,from_client; content:"GET"; http_method; content:"/evhrr079dn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.fkur8.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670905/; classtype:trojan-activity;sid:84534005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670904)"; flow:established,from_client; content:"GET"; http_method; content:"/ruy.check|3f|t=90q4p3gc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7e.vqod-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670904/; classtype:trojan-activity;sid:84534004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.92.223.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670903/; classtype:trojan-activity;sid:84534003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.234.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670902/; classtype:trojan-activity;sid:84534002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670901)"; flow:established,from_client; content:"GET"; http_method; content:"/zzq8cc7dmc.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"im8.tvil0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670901/; classtype:trojan-activity;sid:84534001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670900)"; flow:established,from_client; content:"GET"; http_method; content:"/8qo.google|3f|t=zs2rw8qe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"14.vqod-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670900/; classtype:trojan-activity;sid:84534000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670899)"; flow:established,from_client; content:"GET"; http_method; content:"/8qo.google|3f|t=0ipx1km8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"14.vqod-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670899/; classtype:trojan-activity;sid:84533999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670898)"; flow:established,from_client; content:"GET"; http_method; content:"/6hbqi7p3su.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n.fkur8.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670898/; classtype:trojan-activity;sid:84533998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670897)"; flow:established,from_client; content:"GET"; http_method; content:"/9phe6slk6n.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"im8.tvil0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670897/; classtype:trojan-activity;sid:84533997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670896)"; flow:established,from_client; content:"GET"; http_method; content:"/juy.check|3f|t=rwf1226d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ib.vqod-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670896/; classtype:trojan-activity;sid:84533996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.112.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670895/; classtype:trojan-activity;sid:84533995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670893)"; flow:established,from_client; content:"GET"; http_method; content:"/juy.check|3f|t=giobg6ep"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ib.vqod-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670893/; classtype:trojan-activity;sid:84533993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670894)"; flow:established,from_client; content:"GET"; http_method; content:"/hdkz86pdot.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1mx.fkur8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670894/; classtype:trojan-activity;sid:84533994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.105.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670892/; classtype:trojan-activity;sid:84533992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670891)"; flow:established,from_client; content:"GET"; http_method; content:"/rb.google|3f|t=istm2etz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uz.vqod-2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670891/; classtype:trojan-activity;sid:84533991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670890)"; flow:established,from_client; content:"GET"; http_method; content:"/1hlfe83vh9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1mx.fkur8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670890/; classtype:trojan-activity;sid:84533990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.238.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670889/; classtype:trojan-activity;sid:84533989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670888)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=cq6scqym"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.2mq4r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670888/; classtype:trojan-activity;sid:84533988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670887)"; flow:established,from_client; content:"GET"; http_method; content:"/8phdz2rouq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"oj.tvil0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670887/; classtype:trojan-activity;sid:84533987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670886)"; flow:established,from_client; content:"GET"; http_method; content:"/mox1j79ud4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1mx.fkur8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670886/; classtype:trojan-activity;sid:84533986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670885)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=cziwolfz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.2mq4r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670885/; classtype:trojan-activity;sid:84533985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.112.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670884/; classtype:trojan-activity;sid:84533984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670883)"; flow:established,from_client; content:"GET"; http_method; content:"/dth0gw4geq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"57.tvil0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670883/; classtype:trojan-activity;sid:84533983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670882)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=vt95s8e2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.2mq4r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670882/; classtype:trojan-activity;sid:84533982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670881)"; flow:established,from_client; content:"GET"; http_method; content:"/6ohdferj1r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l8qf.fkur8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670881/; classtype:trojan-activity;sid:84533981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670880)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=ow7idhhi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.2mq4r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670880/; classtype:trojan-activity;sid:84533980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670879)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=wx1hrshp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0.2mq4r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670879/; classtype:trojan-activity;sid:84533979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670878)"; flow:established,from_client; content:"GET"; http_method; content:"/m1qxgqpyiq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l8qf.fkur8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670878/; classtype:trojan-activity;sid:84533978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670876)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=i1qmsmfu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0.2mq4r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670876/; classtype:trojan-activity;sid:84533976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670877)"; flow:established,from_client; content:"GET"; http_method; content:"/ezv963dhcu.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"57.tvil0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670877/; classtype:trojan-activity;sid:84533977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.115.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670875/; classtype:trojan-activity;sid:84533975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670874)"; flow:established,from_client; content:"GET"; http_method; content:"/htsp151mmp.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"f4l.tvil0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670874/; classtype:trojan-activity;sid:84533974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670871)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=ik6wl8eq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0zq.2mq4r.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670871/; classtype:trojan-activity;sid:84533971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670872)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=0lhauhus"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0zq.2mq4r.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670872/; classtype:trojan-activity;sid:84533972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670873)"; flow:established,from_client; content:"GET"; http_method; content:"/ke93h3axap.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t3wo.fkur8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670873/; classtype:trojan-activity;sid:84533973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670870)"; flow:established,from_client; content:"GET"; http_method; content:"/6vw1i0qxvk.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"je.tvil0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670870/; classtype:trojan-activity;sid:84533970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670869)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=azzcfcf1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.2mq4r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670869/; classtype:trojan-activity;sid:84533969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.151.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670868/; classtype:trojan-activity;sid:84533968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670867)"; flow:established,from_client; content:"GET"; http_method; content:"/ean1c1nxir.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p9as.fkur8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670867/; classtype:trojan-activity;sid:84533967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670866)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=skavgbkm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.2mq4r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670866/; classtype:trojan-activity;sid:84533966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.25.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670865/; classtype:trojan-activity;sid:84533965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.211.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670864/; classtype:trojan-activity;sid:84533964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670860)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=ujq55g2c"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.2mq4r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670860/; classtype:trojan-activity;sid:84533960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670861)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=jnpd5z6l"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.2mq4r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670861/; classtype:trojan-activity;sid:84533961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670862)"; flow:established,from_client; content:"GET"; http_method; content:"/4hdn0fedub.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v6yt.fkur8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670862/; classtype:trojan-activity;sid:84533962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670863)"; flow:established,from_client; content:"GET"; http_method; content:"/mgokd4bprf.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pm.stix2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670863/; classtype:trojan-activity;sid:84533963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670859)"; flow:established,from_client; content:"GET"; http_method; content:"/rd7w5f8imm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v6yt.fkur8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670859/; classtype:trojan-activity;sid:84533959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670858)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=1ef1d1dy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.2mq4r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670858/; classtype:trojan-activity;sid:84533958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670856)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=wvwxnwep"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.2mq4r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670856/; classtype:trojan-activity;sid:84533956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670857)"; flow:established,from_client; content:"GET"; http_method; content:"/m2owdpulkz.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pm.stix2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670857/; classtype:trojan-activity;sid:84533957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670855)"; flow:established,from_client; content:"GET"; http_method; content:"/pzwlk0oqhu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q0rb.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670855/; classtype:trojan-activity;sid:84533955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670854)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=z90q3t7c"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1n.4fg2n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670854/; classtype:trojan-activity;sid:84533954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670853)"; flow:established,from_client; content:"GET"; http_method; content:"/bo1m5k711o.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fmg.stix2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670853/; classtype:trojan-activity;sid:84533953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670852)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=kj6kykvo"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1n.4fg2n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670852/; classtype:trojan-activity;sid:84533952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.165.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670851/; classtype:trojan-activity;sid:84533951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.25.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670850/; classtype:trojan-activity;sid:84533950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670849)"; flow:established,from_client; content:"GET"; http_method; content:"/m51jmxaocg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fmg.stix2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670849/; classtype:trojan-activity;sid:84533949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670848)"; flow:established,from_client; content:"GET"; http_method; content:"/zm.check|3f|t=pvnge7zg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r9.4fg2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670848/; classtype:trojan-activity;sid:84533948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670847/; classtype:trojan-activity;sid:84533947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670846)"; flow:established,from_client; content:"GET"; http_method; content:"/jjzffgzk2i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sx87.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670846/; classtype:trojan-activity;sid:84533946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670845)"; flow:established,from_client; content:"GET"; http_method; content:"/zm.check|3f|t=6w64egfr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"r9.4fg2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670845/; classtype:trojan-activity;sid:84533945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670844)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=o61p6sdv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bq.4fg2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670844/; classtype:trojan-activity;sid:84533944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670843)"; flow:established,from_client; content:"GET"; http_method; content:"/6iepnovxvu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sx87.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670843/; classtype:trojan-activity;sid:84533943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670842)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=w0h4qo22"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bq.4fg2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670842/; classtype:trojan-activity;sid:84533942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670841)"; flow:established,from_client; content:"GET"; http_method; content:"/9ohwbo58vt.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tng.stix2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670841/; classtype:trojan-activity;sid:84533941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670839)"; flow:established,from_client; content:"GET"; http_method; content:"/53vxjf9a5c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f4zh.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670839/; classtype:trojan-activity;sid:84533939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670840)"; flow:established,from_client; content:"GET"; http_method; content:"/u3iv9iczmm.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tng.stix2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670840/; classtype:trojan-activity;sid:84533940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670838)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=08jdv77p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2j.4fg2n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670838/; classtype:trojan-activity;sid:84533938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670837)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=jjw616vg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2j.4fg2n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670837/; classtype:trojan-activity;sid:84533937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.255.104.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670836/; classtype:trojan-activity;sid:84533936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.77.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670835/; classtype:trojan-activity;sid:84533935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670834)"; flow:established,from_client; content:"GET"; http_method; content:"/wsiswa0jtm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f4zh.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670834/; classtype:trojan-activity;sid:84533934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670833)"; flow:established,from_client; content:"GET"; http_method; content:"/0w4n.google|3f|t=zztxbdcz"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pc.4fg2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670833/; classtype:trojan-activity;sid:84533933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670832/; classtype:trojan-activity;sid:84533932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670831)"; flow:established,from_client; content:"GET"; http_method; content:"/3l67upg42o.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"o34.stix2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670831/; classtype:trojan-activity;sid:84533931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670830)"; flow:established,from_client; content:"GET"; http_method; content:"/0w4n.google|3f|t=qc5ocbry"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pc.4fg2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670830/; classtype:trojan-activity;sid:84533930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.194.227.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670829/; classtype:trojan-activity;sid:84533929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670828/; classtype:trojan-activity;sid:84533928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670827)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/a5ebkxa.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670827/; classtype:trojan-activity;sid:84533927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670826)"; flow:established,from_client; content:"GET"; http_method; content:"/42m343qexn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w12p.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670826/; classtype:trojan-activity;sid:84533926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670823)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=nu6x2c0t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.4fg2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670823/; classtype:trojan-activity;sid:84533923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670824)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=1zkmh3to"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.4fg2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670824/; classtype:trojan-activity;sid:84533924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670825)"; flow:established,from_client; content:"GET"; http_method; content:"/ydexrzdiho.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"o34.stix2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670825/; classtype:trojan-activity;sid:84533925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670822)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.google|3f|t=szs0uhbu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.4fg2n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670822/; classtype:trojan-activity;sid:84533922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670821)"; flow:established,from_client; content:"GET"; http_method; content:"/mj4o977x6a.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"o34.stix2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670821/; classtype:trojan-activity;sid:84533921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670820)"; flow:established,from_client; content:"GET"; http_method; content:"/3ynx8bqpyd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w12p.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670820/; classtype:trojan-activity;sid:84533920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670819)"; flow:established,from_client; content:"GET"; http_method; content:"/pq14.google|3f|t=0rnn2c5m"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"k0n.7wh2n.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670819/; classtype:trojan-activity;sid:84533919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.44.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670818/; classtype:trojan-activity;sid:84533918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670817)"; flow:established,from_client; content:"GET"; http_method; content:"/yvjtj51kyh.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bcm.stix2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670817/; classtype:trojan-activity;sid:84533917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670816)"; flow:established,from_client; content:"GET"; http_method; content:"/6iffuba7dq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9uv.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670816/; classtype:trojan-activity;sid:84533916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670814)"; flow:established,from_client; content:"GET"; http_method; content:"/3r.check|3f|t=r2jnksxo"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wz.7wh2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670814/; classtype:trojan-activity;sid:84533914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670815)"; flow:established,from_client; content:"GET"; http_method; content:"/3r.check|3f|t=9z5l9oy5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wz.7wh2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670815/; classtype:trojan-activity;sid:84533915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670813)"; flow:established,from_client; content:"GET"; http_method; content:"/blxq8dgpy1.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bcm.stix2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670813/; classtype:trojan-activity;sid:84533913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670812)"; flow:established,from_client; content:"GET"; http_method; content:"/zz7.google|3f|t=7bq7dxtg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.7wh2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670812/; classtype:trojan-activity;sid:84533912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.54.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670811/; classtype:trojan-activity;sid:84533911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.54.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670810/; classtype:trojan-activity;sid:84533910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670809)"; flow:established,from_client; content:"GET"; http_method; content:"/k3j3nle6cz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9uv.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670809/; classtype:trojan-activity;sid:84533909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670808)"; flow:established,from_client; content:"GET"; http_method; content:"/zz7.google|3f|t=5l1gppj6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h2.7wh2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670808/; classtype:trojan-activity;sid:84533908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670806)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=euzlb6m8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.7wh2n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670806/; classtype:trojan-activity;sid:84533906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670807)"; flow:established,from_client; content:"GET"; http_method; content:"/4l8f603hjj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m3qe.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670807/; classtype:trojan-activity;sid:84533907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670804)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=56phbs2n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q.7wh2n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670804/; classtype:trojan-activity;sid:84533904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670805)"; flow:established,from_client; content:"GET"; http_method; content:"/fazutyfmq9.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bcm.stix2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670805/; classtype:trojan-activity;sid:84533905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670803)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7309295924/cgjlijq.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670803/; classtype:trojan-activity;sid:84533903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670802)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7559408112/s3otvax.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670802/; classtype:trojan-activity;sid:84533902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670801)"; flow:established,from_client; content:"GET"; http_method; content:"/yna2kg9p31.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m3qe.zzax4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670801/; classtype:trojan-activity;sid:84533901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670800)"; flow:established,from_client; content:"GET"; http_method; content:"/v8.google|3f|t=q68w52f1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xt.7wh2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670800/; classtype:trojan-activity;sid:84533900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.128.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670799/; classtype:trojan-activity;sid:84533899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.217.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670798/; classtype:trojan-activity;sid:84533898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670797)"; flow:established,from_client; content:"GET"; http_method; content:"/6vppn9s1xp.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"z9.stix2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670797/; classtype:trojan-activity;sid:84533897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670796)"; flow:established,from_client; content:"GET"; http_method; content:"/0am.check|3f|t=hcu271fp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n5.7wh2n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670796/; classtype:trojan-activity;sid:84533896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670795/; classtype:trojan-activity;sid:84533895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670794)"; flow:established,from_client; content:"GET"; http_method; content:"/122909u375.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9j.dlun7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670794/; classtype:trojan-activity;sid:84533894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670793)"; flow:established,from_client; content:"GET"; http_method; content:"/2vjh7oe15k.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t5vo.kqag6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670793/; classtype:trojan-activity;sid:84533893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670791)"; flow:established,from_client; content:"GET"; http_method; content:"/q6.google|3f|t=fzuj0okf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.7wh2n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670791/; classtype:trojan-activity;sid:84533891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670792)"; flow:established,from_client; content:"GET"; http_method; content:"/q6.google|3f|t=cj8vdnbl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.7wh2n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670792/; classtype:trojan-activity;sid:84533892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.207.128.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670790/; classtype:trojan-activity;sid:84533890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.100.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670789/; classtype:trojan-activity;sid:84533889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670788)"; flow:established,from_client; content:"GET"; http_method; content:"/qgb0pb1xdl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d7qx.kqag6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670788/; classtype:trojan-activity;sid:84533888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670787)"; flow:established,from_client; content:"GET"; http_method; content:"/w2n.google|3f|t=kj8ibi6p"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.9zk8r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670787/; classtype:trojan-activity;sid:84533887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.157.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670786/; classtype:trojan-activity;sid:84533886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670785)"; flow:established,from_client; content:"GET"; http_method; content:"/5ytbee8vot.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"jpv.dlun7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670785/; classtype:trojan-activity;sid:84533885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670784)"; flow:established,from_client; content:"GET"; http_method; content:"/w2n.google|3f|t=739xyc3e"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.9zk8r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670784/; classtype:trojan-activity;sid:84533884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670783/; classtype:trojan-activity;sid:84533883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670782)"; flow:established,from_client; content:"GET"; http_method; content:"/bq366mm423.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y1mc.kqag6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670782/; classtype:trojan-activity;sid:84533882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670781)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.check|3f|t=631y3c9f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9m.9zk8r.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670781/; classtype:trojan-activity;sid:84533881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.186.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670780/; classtype:trojan-activity;sid:84533880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670779)"; flow:established,from_client; content:"GET"; http_method; content:"/9bou9fa0tz.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"jpv.dlun7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670779/; classtype:trojan-activity;sid:84533879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670778)"; flow:established,from_client; content:"GET"; http_method; content:"/ra0.check|3f|t=31yo9oe4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9m.9zk8r.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670778/; classtype:trojan-activity;sid:84533878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670774)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=lverel8j"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.9zk8r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670774/; classtype:trojan-activity;sid:84533874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670775)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=anjlmfvs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.9zk8r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670775/; classtype:trojan-activity;sid:84533875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670776)"; flow:established,from_client; content:"GET"; http_method; content:"/pyaymxgv3d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rb54.kqag6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670776/; classtype:trojan-activity;sid:84533876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670777)"; flow:established,from_client; content:"GET"; http_method; content:"/b33q90346u.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bj.dlun7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670777/; classtype:trojan-activity;sid:84533877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.92.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670773/; classtype:trojan-activity;sid:84533873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670772)"; flow:established,from_client; content:"GET"; http_method; content:"/uibuue4skz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g6ta.kqag6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670772/; classtype:trojan-activity;sid:84533872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670771)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.check|3f|t=v8k2dmpn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z1.9zk8r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670771/; classtype:trojan-activity;sid:84533871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.157.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670770/; classtype:trojan-activity;sid:84533870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.88.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670769/; classtype:trojan-activity;sid:84533869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670768)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=y9tl8o8w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd.9zk8r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670768/; classtype:trojan-activity;sid:84533868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670767)"; flow:established,from_client; content:"GET"; http_method; content:"/4s8omn8436.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"i7.dlun7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670767/; classtype:trojan-activity;sid:84533867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670766)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=hkir0sgl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd.9zk8r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670766/; classtype:trojan-activity;sid:84533866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670765)"; flow:established,from_client; content:"GET"; http_method; content:"/7pgno8y6fm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n8yr.kqag6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670765/; classtype:trojan-activity;sid:84533865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.239.91.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670763/; classtype:trojan-activity;sid:84533863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.186.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670764/; classtype:trojan-activity;sid:84533864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670761/; classtype:trojan-activity;sid:84533861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.219.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670762/; classtype:trojan-activity;sid:84533862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670760)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=1i32bhed"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7.9zk8r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670760/; classtype:trojan-activity;sid:84533860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670759)"; flow:established,from_client; content:"GET"; http_method; content:"/lo0mofj0hw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c3fn.kpyw8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670759/; classtype:trojan-activity;sid:84533859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670758)"; flow:established,from_client; content:"GET"; http_method; content:"/n1vldu8ufj.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9v.dlun7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670758/; classtype:trojan-activity;sid:84533858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670757)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=19vxxrjr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7.9zk8r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670757/; classtype:trojan-activity;sid:84533857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.84.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670756/; classtype:trojan-activity;sid:84533856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670755)"; flow:established,from_client; content:"GET"; http_method; content:"/pfmmlcbl8y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c3fn.kpyw8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670755/; classtype:trojan-activity;sid:84533855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670754)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=w0uwtbil"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.9zk8r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670754/; classtype:trojan-activity;sid:84533854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670753)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=vchb39h1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.9zk8r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670753/; classtype:trojan-activity;sid:84533853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670752)"; flow:established,from_client; content:"GET"; http_method; content:"/4fn2mqvc1x.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9v.dlun7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670752/; classtype:trojan-activity;sid:84533852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.18.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670751/; classtype:trojan-activity;sid:84533851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670750)"; flow:established,from_client; content:"GET"; http_method; content:"/0pdgp9sm0v.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9v.dlun7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670750/; classtype:trojan-activity;sid:84533850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670749)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m3.google|3f|t=ufcgplmv"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"xq9.5sv1g.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670749/; classtype:trojan-activity;sid:84533849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.247.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670748/; classtype:trojan-activity;sid:84533848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670747)"; flow:established,from_client; content:"GET"; http_method; content:"/oxzxtryh96.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zz19.kpyw8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670747/; classtype:trojan-activity;sid:84533847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670746)"; flow:established,from_client; content:"GET"; http_method; content:"/w1m3.google|3f|t=c4qtqp6t"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"xq9.5sv1g.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670746/; classtype:trojan-activity;sid:84533846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.238.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670745/; classtype:trojan-activity;sid:84533845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670744)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670744/; classtype:trojan-activity;sid:84533844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670725)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670725/; classtype:trojan-activity;sid:84533825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670726/; classtype:trojan-activity;sid:84533826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670727)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670727/; classtype:trojan-activity;sid:84533827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670728)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670728/; classtype:trojan-activity;sid:84533828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670729)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670729/; classtype:trojan-activity;sid:84533829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670730)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670730/; classtype:trojan-activity;sid:84533830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670731)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670731/; classtype:trojan-activity;sid:84533831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670732)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.132.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670732/; classtype:trojan-activity;sid:84533832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670733)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.132.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670733/; classtype:trojan-activity;sid:84533833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670734)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86-debug"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670734/; classtype:trojan-activity;sid:84533834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670735/; classtype:trojan-activity;sid:84533835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670736)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670736/; classtype:trojan-activity;sid:84533836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670737)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670737/; classtype:trojan-activity;sid:84533837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670738/; classtype:trojan-activity;sid:84533838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670739)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670739/; classtype:trojan-activity;sid:84533839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670740/; classtype:trojan-activity;sid:84533840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670741)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670741/; classtype:trojan-activity;sid:84533841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670742)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670742/; classtype:trojan-activity;sid:84533842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670743)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670743/; classtype:trojan-activity;sid:84533843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670707)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670707/; classtype:trojan-activity;sid:84533807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670708)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670708/; classtype:trojan-activity;sid:84533808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670709)"; flow:established,from_client; content:"GET"; http_method; content:"/garm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.132.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670709/; classtype:trojan-activity;sid:84533809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670710)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670710/; classtype:trojan-activity;sid:84533810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670711/; classtype:trojan-activity;sid:84533811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670712)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670712/; classtype:trojan-activity;sid:84533812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670713/; classtype:trojan-activity;sid:84533813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670714)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670714/; classtype:trojan-activity;sid:84533814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670715/; classtype:trojan-activity;sid:84533815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670716)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670716/; classtype:trojan-activity;sid:84533816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670717)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670717/; classtype:trojan-activity;sid:84533817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670718)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.132.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670718/; classtype:trojan-activity;sid:84533818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670719)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.132.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670719/; classtype:trojan-activity;sid:84533819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670720)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670720/; classtype:trojan-activity;sid:84533820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670721)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670721/; classtype:trojan-activity;sid:84533821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670722)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670722/; classtype:trojan-activity;sid:84533822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670723)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670723/; classtype:trojan-activity;sid:84533823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670724)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670724/; classtype:trojan-activity;sid:84533824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670706)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.132.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670706/; classtype:trojan-activity;sid:84533806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670700)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.132.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670700/; classtype:trojan-activity;sid:84533800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670701)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.132.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670701/; classtype:trojan-activity;sid:84533801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670702)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.132.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670702/; classtype:trojan-activity;sid:84533802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670703)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670703/; classtype:trojan-activity;sid:84533803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670704)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670704/; classtype:trojan-activity;sid:84533804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670705/; classtype:trojan-activity;sid:84533805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670691)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.132.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670691/; classtype:trojan-activity;sid:84533791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670692/; classtype:trojan-activity;sid:84533792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670693/; classtype:trojan-activity;sid:84533793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670694)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.132.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670694/; classtype:trojan-activity;sid:84533794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670695/; classtype:trojan-activity;sid:84533795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670696)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670696/; classtype:trojan-activity;sid:84533796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670697/; classtype:trojan-activity;sid:84533797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670698/; classtype:trojan-activity;sid:84533798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670699)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670699/; classtype:trojan-activity;sid:84533799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670685)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670685/; classtype:trojan-activity;sid:84533785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670686)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670686/; classtype:trojan-activity;sid:84533786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670687)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670687/; classtype:trojan-activity;sid:84533787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670688)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.132.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670688/; classtype:trojan-activity;sid:84533788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670689)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670689/; classtype:trojan-activity;sid:84533789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670690)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.132.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670690/; classtype:trojan-activity;sid:84533790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670665)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670665/; classtype:trojan-activity;sid:84533765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670666)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670666/; classtype:trojan-activity;sid:84533766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670667)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.132.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670667/; classtype:trojan-activity;sid:84533767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670668)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670668/; classtype:trojan-activity;sid:84533768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670669)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670669/; classtype:trojan-activity;sid:84533769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670670)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670670/; classtype:trojan-activity;sid:84533770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670671/; classtype:trojan-activity;sid:84533771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670672/; classtype:trojan-activity;sid:84533772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670673/; classtype:trojan-activity;sid:84533773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670674)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670674/; classtype:trojan-activity;sid:84533774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670675/; classtype:trojan-activity;sid:84533775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670676)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670676/; classtype:trojan-activity;sid:84533776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670677)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670677/; classtype:trojan-activity;sid:84533777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670678)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670678/; classtype:trojan-activity;sid:84533778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670679)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670679/; classtype:trojan-activity;sid:84533779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670680)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670680/; classtype:trojan-activity;sid:84533780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670681/; classtype:trojan-activity;sid:84533781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670682)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.244.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670682/; classtype:trojan-activity;sid:84533782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.192.41.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670683/; classtype:trojan-activity;sid:84533783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670684)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.244.72.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670684/; classtype:trojan-activity;sid:84533784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670664)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.132.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670664/; classtype:trojan-activity;sid:84533764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.91.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670663/; classtype:trojan-activity;sid:84533763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670662)"; flow:established,from_client; content:"GET"; http_method; content:"/k4r59ns79c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ax73.kpyw8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670662/; classtype:trojan-activity;sid:84533762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670661)"; flow:established,from_client; content:"GET"; http_method; content:"/vbr367lyi0.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8cf.ldef4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670661/; classtype:trojan-activity;sid:84533761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670659)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=gjohs896"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.5sv1g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670659/; classtype:trojan-activity;sid:84533759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670660)"; flow:established,from_client; content:"GET"; http_method; content:"/t39.check|3f|t=9liymcue"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.5sv1g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670660/; classtype:trojan-activity;sid:84533760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670658)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5876317150/6kcg4qo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670658/; classtype:trojan-activity;sid:84533758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670657)"; flow:established,from_client; content:"GET"; http_method; content:"/wna4z1jld0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ax73.kpyw8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670657/; classtype:trojan-activity;sid:84533757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670656)"; flow:established,from_client; content:"GET"; http_method; content:"/0xq.google|3f|t=bymuumez"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pv.5sv1g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670656/; classtype:trojan-activity;sid:84533756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670655)"; flow:established,from_client; content:"GET"; http_method; content:"/55ej6ecwnl.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8cf.ldef4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670655/; classtype:trojan-activity;sid:84533755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670654)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=4v9nb4uc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.5sv1g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670654/; classtype:trojan-activity;sid:84533754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670653)"; flow:established,from_client; content:"GET"; http_method; content:"/m4d.check|3f|t=i6fom5rt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.5sv1g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670653/; classtype:trojan-activity;sid:84533753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670652)"; flow:established,from_client; content:"GET"; http_method; content:"/fomw1ix4qq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p0qe.kpyw8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670652/; classtype:trojan-activity;sid:84533752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.233.57.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670651/; classtype:trojan-activity;sid:84533751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.154.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670650/; classtype:trojan-activity;sid:84533750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670649)"; flow:established,from_client; content:"GET"; http_method; content:"/jpbikqbay7.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"0bd.ldef4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670649/; classtype:trojan-activity;sid:84533749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670648)"; flow:established,from_client; content:"GET"; http_method; content:"/mljlpytn5s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u4xz.kpyw8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670648/; classtype:trojan-activity;sid:84533748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670646)"; flow:established,from_client; content:"GET"; http_method; content:"/1r.google|3f|t=6l36v3d4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zt.5sv1g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670646/; classtype:trojan-activity;sid:84533746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670647)"; flow:established,from_client; content:"GET"; http_method; content:"/1r.google|3f|t=pgfmo0ya"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zt.5sv1g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670647/; classtype:trojan-activity;sid:84533747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670645)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670645/; classtype:trojan-activity;sid:84533745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670643)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670643/; classtype:trojan-activity;sid:84533743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670644)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670644/; classtype:trojan-activity;sid:84533744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670642)"; flow:established,from_client; content:"GET"; http_method; content:"/4g3ng4eql4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u4xz.kpyw8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670642/; classtype:trojan-activity;sid:84533742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670641)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=yn0vp2vj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.5sv1g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670641/; classtype:trojan-activity;sid:84533741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670640)"; flow:established,from_client; content:"GET"; http_method; content:"/isk8nzj1xq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"g8.ldef4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670640/; classtype:trojan-activity;sid:84533740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670639)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=6j8i2ztd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.5sv1g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670639/; classtype:trojan-activity;sid:84533739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.139.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670638/; classtype:trojan-activity;sid:84533738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.134.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670637/; classtype:trojan-activity;sid:84533737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670636/; classtype:trojan-activity;sid:84533736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670633)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670633/; classtype:trojan-activity;sid:84533733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670634)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.84.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670634/; classtype:trojan-activity;sid:84533734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670635)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.84.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670635/; classtype:trojan-activity;sid:84533735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670632)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.84.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670632/; classtype:trojan-activity;sid:84533732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.165.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670631/; classtype:trojan-activity;sid:84533731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.60.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670628/; classtype:trojan-activity;sid:84533728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670629/; classtype:trojan-activity;sid:84533729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.100.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670630/; classtype:trojan-activity;sid:84533730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670623)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.84.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670623/; classtype:trojan-activity;sid:84533723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.39.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670624/; classtype:trojan-activity;sid:84533724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.79.166.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670625/; classtype:trojan-activity;sid:84533725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670626)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670626/; classtype:trojan-activity;sid:84533726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.234.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670627/; classtype:trojan-activity;sid:84533727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670619/; classtype:trojan-activity;sid:84533719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670620)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670620/; classtype:trojan-activity;sid:84533720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670621)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.84.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670621/; classtype:trojan-activity;sid:84533721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670622)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670622/; classtype:trojan-activity;sid:84533722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670618)"; flow:established,from_client; content:"GET"; http_method; content:"/ijob7b2cql.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9g.ldef4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670618/; classtype:trojan-activity;sid:84533718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670617)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=ryp8w2d1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.5sv1g.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670617/; classtype:trojan-activity;sid:84533717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670616)"; flow:established,from_client; content:"GET"; http_method; content:"/7knvs7ftyh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h7lm.kpyw8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670616/; classtype:trojan-activity;sid:84533716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670615)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=k4o8k7e0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.5sv1g.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670615/; classtype:trojan-activity;sid:84533715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.154.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670614/; classtype:trojan-activity;sid:84533714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670612)"; flow:established,from_client; content:"GET"; http_method; content:"/ya03.google|3f|t=1x3uouq1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"z9m.4cv6c.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670612/; classtype:trojan-activity;sid:84533712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670613)"; flow:established,from_client; content:"GET"; http_method; content:"/d5eyop84n0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h7lm.kpyw8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670613/; classtype:trojan-activity;sid:84533713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670610)"; flow:established,from_client; content:"GET"; http_method; content:"/1n7.check|3f|t=wmntdsvp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qb.4cv6c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670610/; classtype:trojan-activity;sid:84533710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670611)"; flow:established,from_client; content:"GET"; http_method; content:"/gdx68gitx2.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"up.ldef4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670611/; classtype:trojan-activity;sid:84533711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.182.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670609/; classtype:trojan-activity;sid:84533709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.215.211.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670608/; classtype:trojan-activity;sid:84533708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670607)"; flow:established,from_client; content:"GET"; http_method; content:"/ejsnnzrccp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vd3h.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670607/; classtype:trojan-activity;sid:84533707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670606)"; flow:established,from_client; content:"GET"; http_method; content:"/1n7.check|3f|t=od82k78m"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qb.4cv6c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670606/; classtype:trojan-activity;sid:84533706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.139.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670605/; classtype:trojan-activity;sid:84533705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670604)"; flow:established,from_client; content:"GET"; http_method; content:"/336pymk1dv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mt05.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670604/; classtype:trojan-activity;sid:84533704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670603)"; flow:established,from_client; content:"GET"; http_method; content:"/2a9hg07g48.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"up.ldef4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670603/; classtype:trojan-activity;sid:84533703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670601)"; flow:established,from_client; content:"GET"; http_method; content:"/4q.google|3f|t=m7vvapa3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.4cv6c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670601/; classtype:trojan-activity;sid:84533701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670602)"; flow:established,from_client; content:"GET"; http_method; content:"/4q.google|3f|t=3ib0v5nm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.4cv6c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670602/; classtype:trojan-activity;sid:84533702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670600)"; flow:established,from_client; content:"GET"; http_method; content:"/tm2.check|3f|t=g479fv83"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.4cv6c.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670600/; classtype:trojan-activity;sid:84533700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670599)"; flow:established,from_client; content:"GET"; http_method; content:"/kst07o6fy9.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mj.ldef4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670599/; classtype:trojan-activity;sid:84533699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670598)"; flow:established,from_client; content:"GET"; http_method; content:"/vn7hkji7c2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mt05.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670598/; classtype:trojan-activity;sid:84533698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670597)"; flow:established,from_client; content:"GET"; http_method; content:"/tm2.check|3f|t=oepn1so1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.4cv6c.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670597/; classtype:trojan-activity;sid:84533697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.233.57.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670596/; classtype:trojan-activity;sid:84533696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670595)"; flow:established,from_client; content:"GET"; http_method; content:"/832i6cza1x.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mj.ldef4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670595/; classtype:trojan-activity;sid:84533695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670594)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=boajeb8p"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pl.4cv6c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670594/; classtype:trojan-activity;sid:84533694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.182.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670593/; classtype:trojan-activity;sid:84533693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.2.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670592/; classtype:trojan-activity;sid:84533692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.193.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670591/; classtype:trojan-activity;sid:84533691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670590/; classtype:trojan-activity;sid:84533690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670589)"; flow:established,from_client; content:"GET"; http_method; content:"/mfi0maaqw9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q9pw.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670589/; classtype:trojan-activity;sid:84533689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670588)"; flow:established,from_client; content:"GET"; http_method; content:"/0a7.google|3f|t=ij3seexv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pl.4cv6c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670588/; classtype:trojan-activity;sid:84533688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670587/; classtype:trojan-activity;sid:84533687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.147.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670586/; classtype:trojan-activity;sid:84533686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.75.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670585/; classtype:trojan-activity;sid:84533685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670584)"; flow:established,from_client; content:"GET"; http_method; content:"/g0optxwl6y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q9pw.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670584/; classtype:trojan-activity;sid:84533684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670583)"; flow:established,from_client; content:"GET"; http_method; content:"/9rz.check|3f|t=4sqq6ybg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.4cv6c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670583/; classtype:trojan-activity;sid:84533683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670581)"; flow:established,from_client; content:"GET"; http_method; content:"/9rz.check|3f|t=rai0ue7d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3.4cv6c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670581/; classtype:trojan-activity;sid:84533681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670582)"; flow:established,from_client; content:"GET"; http_method; content:"/5i4nmrnck1.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"h38.sxuj7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670582/; classtype:trojan-activity;sid:84533682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.101.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670580/; classtype:trojan-activity;sid:84533680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.2.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670579/; classtype:trojan-activity;sid:84533679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.235.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670578/; classtype:trojan-activity;sid:84533678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670576)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=1j4xkzu3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.4cv6c.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670576/; classtype:trojan-activity;sid:84533676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670577)"; flow:established,from_client; content:"GET"; http_method; content:"/37zxp5s0a8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e2rv.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670577/; classtype:trojan-activity;sid:84533677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670574)"; flow:established,from_client; content:"GET"; http_method; content:"/ne1aoo5236.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ks.sxuj7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670574/; classtype:trojan-activity;sid:84533674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670575)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=r40xla0v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.4cv6c.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670575/; classtype:trojan-activity;sid:84533675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.215.211.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670573/; classtype:trojan-activity;sid:84533673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670572)"; flow:established,from_client; content:"GET"; http_method; content:"/9xuciirieg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ks.sxuj7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670572/; classtype:trojan-activity;sid:84533672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670571)"; flow:established,from_client; content:"GET"; http_method; content:"/2a09.google|3f|t=t02xvmo1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x8n.1jd3t.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670571/; classtype:trojan-activity;sid:84533671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670570)"; flow:established,from_client; content:"GET"; http_method; content:"/8ol36vntqf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e2rv.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670570/; classtype:trojan-activity;sid:84533670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670569)"; flow:established,from_client; content:"GET"; http_method; content:"/2a09.google|3f|t=sd0loa63"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x8n.1jd3t.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670569/; classtype:trojan-activity;sid:84533669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670567/; classtype:trojan-activity;sid:84533667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670568/; classtype:trojan-activity;sid:84533668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.164.72.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670566/; classtype:trojan-activity;sid:84533666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670565)"; flow:established,from_client; content:"GET"; http_method; content:"/dsybw85a72.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e2rv.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670565/; classtype:trojan-activity;sid:84533665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670564)"; flow:established,from_client; content:"GET"; http_method; content:"/7vb.check|3f|t=3xcy95sq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9.1jd3t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670564/; classtype:trojan-activity;sid:84533664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.75.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670563/; classtype:trojan-activity;sid:84533663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.101.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670561/; classtype:trojan-activity;sid:84533661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.179.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670562/; classtype:trojan-activity;sid:84533662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670560)"; flow:established,from_client; content:"GET"; http_method; content:"/soulr122yq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ka84.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670560/; classtype:trojan-activity;sid:84533660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670559)"; flow:established,from_client; content:"GET"; http_method; content:"/m0q.google|3f|t=eiw4fmzi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.1jd3t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670559/; classtype:trojan-activity;sid:84533659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.68.204.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670558/; classtype:trojan-activity;sid:84533658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670557)"; flow:established,from_client; content:"GET"; http_method; content:"/xz567hfgki.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9zc.sxuj7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670557/; classtype:trojan-activity;sid:84533657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670556)"; flow:established,from_client; content:"GET"; http_method; content:"/m0q.google|3f|t=rg70nhkh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.1jd3t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670556/; classtype:trojan-activity;sid:84533656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670555)"; flow:established,from_client; content:"GET"; http_method; content:"/ks.check|3f|t=v7gn5sai"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z1.1jd3t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670555/; classtype:trojan-activity;sid:84533655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670554)"; flow:established,from_client; content:"GET"; http_method; content:"/gsaixumhws.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ka84.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670554/; classtype:trojan-activity;sid:84533654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.164.72.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670553/; classtype:trojan-activity;sid:84533653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.235.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670552/; classtype:trojan-activity;sid:84533652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670551)"; flow:established,from_client; content:"GET"; http_method; content:"/9101pam6v0.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"qq.sxuj7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670551/; classtype:trojan-activity;sid:84533651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670550)"; flow:established,from_client; content:"GET"; http_method; content:"/ks.check|3f|t=hdf43yea"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z1.1jd3t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670550/; classtype:trojan-activity;sid:84533650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.188.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670549/; classtype:trojan-activity;sid:84533649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.134.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670548/; classtype:trojan-activity;sid:84533648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670546)"; flow:established,from_client; content:"GET"; http_method; content:"/mftsolijke.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s1ob.llim8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670546/; classtype:trojan-activity;sid:84533646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670547)"; flow:established,from_client; content:"GET"; http_method; content:"/0dkbm5azjx.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kgv.sxuj7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670547/; classtype:trojan-activity;sid:84533647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670545)"; flow:established,from_client; content:"GET"; http_method; content:"/0l4.google|3f|t=7hamdab7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bd.1jd3t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670545/; classtype:trojan-activity;sid:84533645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670544)"; flow:established,from_client; content:"GET"; http_method; content:"/0l4.google|3f|t=06x9i8hv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bd.1jd3t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670544/; classtype:trojan-activity;sid:84533644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.11.75.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670542/; classtype:trojan-activity;sid:84533642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.68.204.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670543/; classtype:trojan-activity;sid:84533643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670541/; classtype:trojan-activity;sid:84533641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.127.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670540/; classtype:trojan-activity;sid:84533640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670539)"; flow:established,from_client; content:"GET"; http_method; content:"/cu3egdmawr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jm58.nmys4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670539/; classtype:trojan-activity;sid:84533639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670538)"; flow:established,from_client; content:"GET"; http_method; content:"/1va.check|3f|t=dtfeosj3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q4.1jd3t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670538/; classtype:trojan-activity;sid:84533638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670537)"; flow:established,from_client; content:"GET"; http_method; content:"/hpen2y6o50.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vr6.sxuj7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670537/; classtype:trojan-activity;sid:84533637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670536)"; flow:established,from_client; content:"GET"; http_method; content:"/1va.check|3f|t=zyofupgu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q4.1jd3t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670536/; classtype:trojan-activity;sid:84533636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670535)"; flow:established,from_client; content:"GET"; http_method; content:"/dxndc1hc5f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g0ny.nmys4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670535/; classtype:trojan-activity;sid:84533635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670534)"; flow:established,from_client; content:"GET"; http_method; content:"/ep.google|3f|t=eqi1w18u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.1jd3t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670534/; classtype:trojan-activity;sid:84533634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.24.82.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670533/; classtype:trojan-activity;sid:84533633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670532)"; flow:established,from_client; content:"GET"; http_method; content:"/uvozqlhyet.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"zyk.dzem4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670532/; classtype:trojan-activity;sid:84533632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670531)"; flow:established,from_client; content:"GET"; http_method; content:"/7w2.google|3f|t=ebgwreet"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p9.1wd2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670531/; classtype:trojan-activity;sid:84533631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670529)"; flow:established,from_client; content:"GET"; http_method; content:"/7w2.google|3f|t=09hfzvas"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p9.1wd2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670529/; classtype:trojan-activity;sid:84533629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670530)"; flow:established,from_client; content:"GET"; http_method; content:"/uaz8x0jh4c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2cz.nmys4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670530/; classtype:trojan-activity;sid:84533630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.129.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670528/; classtype:trojan-activity;sid:84533628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670527)"; flow:established,from_client; content:"GET"; http_method; content:"/gq74ujc9d4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2cz.nmys4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670527/; classtype:trojan-activity;sid:84533627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670526)"; flow:established,from_client; content:"GET"; http_method; content:"/kd.check|3f|t=kwwzspmt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"h7.1wd2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670526/; classtype:trojan-activity;sid:84533626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670525)"; flow:established,from_client; content:"GET"; http_method; content:"/kd.check|3f|t=6jbvu353"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"h7.1wd2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670525/; classtype:trojan-activity;sid:84533625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670524)"; flow:established,from_client; content:"GET"; http_method; content:"/c81fhaq38r.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hui.dzem4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670524/; classtype:trojan-activity;sid:84533624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.249.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670523/; classtype:trojan-activity;sid:84533623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670522)"; flow:established,from_client; content:"GET"; http_method; content:"/auhom9gt7x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lt3b.nmys4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670522/; classtype:trojan-activity;sid:84533622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670521)"; flow:established,from_client; content:"GET"; http_method; content:"/ab03.google|3f|t=zicwzrf2"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x.1wd2k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670521/; classtype:trojan-activity;sid:84533621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.74.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670520/; classtype:trojan-activity;sid:84533620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670519)"; flow:established,from_client; content:"GET"; http_method; content:"/ab03.google|3f|t=2h5uufaz"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x.1wd2k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670519/; classtype:trojan-activity;sid:84533619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670518)"; flow:established,from_client; content:"GET"; http_method; content:"/tx6d0dj1d5.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"et1.dzem4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670518/; classtype:trojan-activity;sid:84533618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.24.82.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670517/; classtype:trojan-activity;sid:84533617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670514)"; flow:established,from_client; content:"GET"; http_method; content:"/93vkzcbznp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w9qk.nmys4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670514/; classtype:trojan-activity;sid:84533614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670515)"; flow:established,from_client; content:"GET"; http_method; content:"/9xm06ljma2.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"l8.dzem4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670515/; classtype:trojan-activity;sid:84533615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670516)"; flow:established,from_client; content:"GET"; http_method; content:"/rv9.check|3f|t=abalenqi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1.1wd2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670516/; classtype:trojan-activity;sid:84533616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670513)"; flow:established,from_client; content:"GET"; http_method; content:"/rv9.check|3f|t=w09g07ox"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1.1wd2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670513/; classtype:trojan-activity;sid:84533613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670512)"; flow:established,from_client; content:"GET"; http_method; content:"/garm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670512/; classtype:trojan-activity;sid:84533612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.249.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670511/; classtype:trojan-activity;sid:84533611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670510)"; flow:established,from_client; content:"GET"; http_method; content:"/2z3i0zwgqx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f6ud.nmys4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670510/; classtype:trojan-activity;sid:84533610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670509)"; flow:established,from_client; content:"GET"; http_method; content:"/0q.google|3f|t=c1ge2t2h"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zc.1wd2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670509/; classtype:trojan-activity;sid:84533609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670508)"; flow:established,from_client; content:"GET"; http_method; content:"/0q.google|3f|t=suwo1t4u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zc.1wd2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670508/; classtype:trojan-activity;sid:84533608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670507)"; flow:established,from_client; content:"GET"; http_method; content:"/lwpz79yinq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"brp.dzem4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670507/; classtype:trojan-activity;sid:84533607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.173.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670506/; classtype:trojan-activity;sid:84533606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670505)"; flow:established,from_client; content:"GET"; http_method; content:"/2m1.check|3f|t=5mx30oht"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.1wd2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670505/; classtype:trojan-activity;sid:84533605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670504)"; flow:established,from_client; content:"GET"; http_method; content:"/04ulxq9724.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y3aj.plig5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670504/; classtype:trojan-activity;sid:84533604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670502)"; flow:established,from_client; content:"GET"; http_method; content:"/2m1.check|3f|t=fz7nyewm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n3.1wd2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670502/; classtype:trojan-activity;sid:84533602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670503)"; flow:established,from_client; content:"GET"; http_method; content:"/0kd8fkfd6e.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"69c.dzem4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670503/; classtype:trojan-activity;sid:84533603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670501)"; flow:established,from_client; content:"GET"; http_method; content:"/dakmak98vke/scaling-octo-computing-machine/releases/download/tew/launcherp9z.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670501/; classtype:trojan-activity;sid:84533601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.157.140.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670500/; classtype:trojan-activity;sid:84533600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670498)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670498/; classtype:trojan-activity;sid:84533598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670499)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670499/; classtype:trojan-activity;sid:84533599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670497)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670497/; classtype:trojan-activity;sid:84533597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670496)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670496/; classtype:trojan-activity;sid:84533596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670493)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670493/; classtype:trojan-activity;sid:84533593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670494/; classtype:trojan-activity;sid:84533594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670495)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670495/; classtype:trojan-activity;sid:84533595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.129.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670492/; classtype:trojan-activity;sid:84533592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670485)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670485/; classtype:trojan-activity;sid:84533585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670486/; classtype:trojan-activity;sid:84533586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670487/; classtype:trojan-activity;sid:84533587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670488)"; flow:established,from_client; content:"GET"; http_method; content:"/garm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670488/; classtype:trojan-activity;sid:84533588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670489)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670489/; classtype:trojan-activity;sid:84533589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670490)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670490/; classtype:trojan-activity;sid:84533590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670491)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xxx55707"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670491/; classtype:trojan-activity;sid:84533591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670479)"; flow:established,from_client; content:"GET"; http_method; content:"/garm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670479/; classtype:trojan-activity;sid:84533579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670480)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670480/; classtype:trojan-activity;sid:84533580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670481)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670481/; classtype:trojan-activity;sid:84533581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670482)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670482/; classtype:trojan-activity;sid:84533582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670483)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670483/; classtype:trojan-activity;sid:84533583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670484)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670484/; classtype:trojan-activity;sid:84533584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670474)"; flow:established,from_client; content:"GET"; http_method; content:"/penis/jizz64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"172.105.18.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670474/; classtype:trojan-activity;sid:84533574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670475)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.i686"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670475/; classtype:trojan-activity;sid:84533575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670476/; classtype:trojan-activity;sid:84533576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670477)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670477/; classtype:trojan-activity;sid:84533577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670478/; classtype:trojan-activity;sid:84533578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670469)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/uwu.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"main.novatrade.bot"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670469/; classtype:trojan-activity;sid:84533569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670470/; classtype:trojan-activity;sid:84533570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670471)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670471/; classtype:trojan-activity;sid:84533571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670472)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670472/; classtype:trojan-activity;sid:84533572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670473/; classtype:trojan-activity;sid:84533573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670466/; classtype:trojan-activity;sid:84533566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670467)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.x86_64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670467/; classtype:trojan-activity;sid:84533567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670468)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr."; http_uri; depth:14; isdataat:!1,relative; nocase; content:"63.250.60.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670468/; classtype:trojan-activity;sid:84533568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670463)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670463/; classtype:trojan-activity;sid:84533563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670464)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670464/; classtype:trojan-activity;sid:84533564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670465/; classtype:trojan-activity;sid:84533565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670450)"; flow:established,from_client; content:"GET"; http_method; content:"/2r8udispb0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zn4e.plig5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670450/; classtype:trojan-activity;sid:84533550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670451)"; flow:established,from_client; content:"GET"; http_method; content:"/6j3ell97fp.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"69c.dzem4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670451/; classtype:trojan-activity;sid:84533551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670452)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670452/; classtype:trojan-activity;sid:84533552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670453)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670453/; classtype:trojan-activity;sid:84533553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670454)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670454/; classtype:trojan-activity;sid:84533554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670455)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670455/; classtype:trojan-activity;sid:84533555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.186.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670456/; classtype:trojan-activity;sid:84533556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.33.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670457/; classtype:trojan-activity;sid:84533557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670458/; classtype:trojan-activity;sid:84533558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670459/; classtype:trojan-activity;sid:84533559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.173.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670460/; classtype:trojan-activity;sid:84533560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670461)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670461/; classtype:trojan-activity;sid:84533561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670462)"; flow:established,from_client; content:"GET"; http_method; content:"/dod76wl5tk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"zn4e.plig5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670462/; classtype:trojan-activity;sid:84533562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670449)"; flow:established,from_client; content:"GET"; http_method; content:"/mass"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670449/; classtype:trojan-activity;sid:84533549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670446)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670446/; classtype:trojan-activity;sid:84533546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670447)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670447/; classtype:trojan-activity;sid:84533547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670448)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670448/; classtype:trojan-activity;sid:84533548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670445)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.i468"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670445/; classtype:trojan-activity;sid:84533545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670444)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/rqqk3lw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670444/; classtype:trojan-activity;sid:84533544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670442)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8031475696/gzubkii.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670442/; classtype:trojan-activity;sid:84533542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670443)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670443/; classtype:trojan-activity;sid:84533543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670436)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670436/; classtype:trojan-activity;sid:84533536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670437)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670437/; classtype:trojan-activity;sid:84533537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670438/; classtype:trojan-activity;sid:84533538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670439/; classtype:trojan-activity;sid:84533539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670440/; classtype:trojan-activity;sid:84533540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670441)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670441/; classtype:trojan-activity;sid:84533541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670422)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670422/; classtype:trojan-activity;sid:84533522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670423)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670423/; classtype:trojan-activity;sid:84533523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670424)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670424/; classtype:trojan-activity;sid:84533524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670425)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670425/; classtype:trojan-activity;sid:84533525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670426)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670426/; classtype:trojan-activity;sid:84533526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670427)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670427/; classtype:trojan-activity;sid:84533527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670428)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670428/; classtype:trojan-activity;sid:84533528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670429)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670429/; classtype:trojan-activity;sid:84533529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670430)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670430/; classtype:trojan-activity;sid:84533530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670431)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670431/; classtype:trojan-activity;sid:84533531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670432)"; flow:established,from_client; content:"GET"; http_method; content:"/garm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670432/; classtype:trojan-activity;sid:84533532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.mips64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670433/; classtype:trojan-activity;sid:84533533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670434)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670434/; classtype:trojan-activity;sid:84533534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.90.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670435/; classtype:trojan-activity;sid:84533535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670420)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670420/; classtype:trojan-activity;sid:84533520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670421/; classtype:trojan-activity;sid:84533521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670419)"; flow:established,from_client; content:"GET"; http_method; content:"/w3a.google|3f|t=5js5ro00"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q1n.4xq2k.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670419/; classtype:trojan-activity;sid:84533519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670418)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670418/; classtype:trojan-activity;sid:84533518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670416)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=9g2ewsd1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.1wd2k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670416/; classtype:trojan-activity;sid:84533516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670417)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=jaiqh4km"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.1wd2k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670417/; classtype:trojan-activity;sid:84533517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670415)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5424274452/dpsaxsg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670415/; classtype:trojan-activity;sid:84533515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670410)"; flow:established,from_client; content:"GET"; http_method; content:"/mass"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670410/; classtype:trojan-activity;sid:84533510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670411)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670411/; classtype:trojan-activity;sid:84533511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670412)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670412/; classtype:trojan-activity;sid:84533512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670413)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670413/; classtype:trojan-activity;sid:84533513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670414)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670414/; classtype:trojan-activity;sid:84533514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670409)"; flow:established,from_client; content:"GET"; http_method; content:"/nzzj2ubwnr.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ln.qzad3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670409/; classtype:trojan-activity;sid:84533509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670408)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670408/; classtype:trojan-activity;sid:84533508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670407)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670407/; classtype:trojan-activity;sid:84533507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670392)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670392/; classtype:trojan-activity;sid:84533492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670393/; classtype:trojan-activity;sid:84533493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670394/; classtype:trojan-activity;sid:84533494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670395)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670395/; classtype:trojan-activity;sid:84533495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/debug"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670396/; classtype:trojan-activity;sid:84533496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670397)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670397/; classtype:trojan-activity;sid:84533497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670398/; classtype:trojan-activity;sid:84533498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670399)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670399/; classtype:trojan-activity;sid:84533499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670400)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670400/; classtype:trojan-activity;sid:84533500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670401/; classtype:trojan-activity;sid:84533501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670402/; classtype:trojan-activity;sid:84533502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670403/; classtype:trojan-activity;sid:84533503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670404)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670404/; classtype:trojan-activity;sid:84533504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670405)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670405/; classtype:trojan-activity;sid:84533505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670406/; classtype:trojan-activity;sid:84533506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670387)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670387/; classtype:trojan-activity;sid:84533487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670388)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670388/; classtype:trojan-activity;sid:84533488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670389)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670389/; classtype:trojan-activity;sid:84533489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670390)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vmi2852148.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670390/; classtype:trojan-activity;sid:84533490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670391/; classtype:trojan-activity;sid:84533491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670386)"; flow:established,from_client; content:"GET"; http_method; content:"/w3a.google|3f|t=8jw9jfyj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q1n.4xq2k.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670386/; classtype:trojan-activity;sid:84533486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"196.251.72.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670385/; classtype:trojan-activity;sid:84533485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670381)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8042875554/tmpdwmy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670381/; classtype:trojan-activity;sid:84533481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670382)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6493278841/dcatae0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670382/; classtype:trojan-activity;sid:84533482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670383)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1001296822/6asfesc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670383/; classtype:trojan-activity;sid:84533483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670384)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8061402479/3865yof.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670384/; classtype:trojan-activity;sid:84533484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670379)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1001296822/bmsgetv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670379/; classtype:trojan-activity;sid:84533479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670380)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8462225521/evyuohe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670380/; classtype:trojan-activity;sid:84533480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.74.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670378/; classtype:trojan-activity;sid:84533478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670377/; classtype:trojan-activity;sid:84533477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670376)"; flow:established,from_client; content:"GET"; http_method; content:"/zp14.check|3f|t=e875pqvv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"b.4xq2k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670376/; classtype:trojan-activity;sid:84533476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670375)"; flow:established,from_client; content:"GET"; http_method; content:"/t070zmd0xy.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u.qzad3.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670375/; classtype:trojan-activity;sid:84533475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670374)"; flow:established,from_client; content:"GET"; http_method; content:"/zp14.check|3f|t=2px4rc09"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"b.4xq2k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670374/; classtype:trojan-activity;sid:84533474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.90.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670373/; classtype:trojan-activity;sid:84533473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670372)"; flow:established,from_client; content:"GET"; http_method; content:"/sxdnp166ne.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p7km.plig5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670372/; classtype:trojan-activity;sid:84533472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670371)"; flow:established,from_client; content:"GET"; http_method; content:"/m0.google|3f|t=lnaoo3ho"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r7.4xq2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670371/; classtype:trojan-activity;sid:84533471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670370/; classtype:trojan-activity;sid:84533470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670369)"; flow:established,from_client; content:"GET"; http_method; content:"/m26dixl7in.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u.qzad3.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670369/; classtype:trojan-activity;sid:84533469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670368)"; flow:established,from_client; content:"GET"; http_method; content:"/m0.google|3f|t=yg7umcv3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"r7.4xq2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670368/; classtype:trojan-activity;sid:84533468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.46.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670367/; classtype:trojan-activity;sid:84533467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670366)"; flow:established,from_client; content:"GET"; http_method; content:"/h4dxrf0lur.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2vt.plig5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670366/; classtype:trojan-activity;sid:84533466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670365)"; flow:established,from_client; content:"GET"; http_method; content:"/ta9.check|3f|t=myvqmvfh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.4xq2k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670365/; classtype:trojan-activity;sid:84533465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.11.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670364/; classtype:trojan-activity;sid:84533464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670363)"; flow:established,from_client; content:"GET"; http_method; content:"/qf0t1rag76.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1h.qzad3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670363/; classtype:trojan-activity;sid:84533463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670362)"; flow:established,from_client; content:"GET"; http_method; content:"/ta9.check|3f|t=w7mteeu4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.4xq2k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670362/; classtype:trojan-activity;sid:84533462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670361)"; flow:established,from_client; content:"GET"; http_method; content:"/gwvhxf1rb7.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1h.qzad3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670361/; classtype:trojan-activity;sid:84533461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670360)"; flow:established,from_client; content:"GET"; http_method; content:"/1d2.google|3f|t=ho4zei3h"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"vk.4xq2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670360/; classtype:trojan-activity;sid:84533460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670359)"; flow:established,from_client; content:"GET"; http_method; content:"/wf398e1797.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xq91.plig5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670359/; classtype:trojan-activity;sid:84533459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670358)"; flow:established,from_client; content:"GET"; http_method; content:"/1d2.google|3f|t=em4jubon"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"vk.4xq2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670358/; classtype:trojan-activity;sid:84533458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.216.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670357/; classtype:trojan-activity;sid:84533457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670356)"; flow:established,from_client; content:"GET"; http_method; content:"/0zr.check|3f|t=6u6tb5e0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.4xq2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670356/; classtype:trojan-activity;sid:84533456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670355)"; flow:established,from_client; content:"GET"; http_method; content:"/b7wi083j4l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hd5r.plig5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670355/; classtype:trojan-activity;sid:84533455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670354)"; flow:established,from_client; content:"GET"; http_method; content:"/uo9ehd7nbf.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1uy.qzad3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670354/; classtype:trojan-activity;sid:84533454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670353)"; flow:established,from_client; content:"GET"; http_method; content:"/0zr.check|3f|t=4h610vrv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8.4xq2k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670353/; classtype:trojan-activity;sid:84533453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.11.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670352/; classtype:trojan-activity;sid:84533452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670351)"; flow:established,from_client; content:"GET"; http_method; content:"/ye.google|3f|t=bak9hnde"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.4xq2k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670351/; classtype:trojan-activity;sid:84533451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670350)"; flow:established,from_client; content:"GET"; http_method; content:"/uh4tw68py3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hd5r.plig5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670350/; classtype:trojan-activity;sid:84533450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670348)"; flow:established,from_client; content:"GET"; http_method; content:"/ye.google|3f|t=mguqi4gd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.4xq2k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670348/; classtype:trojan-activity;sid:84533448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670349)"; flow:established,from_client; content:"GET"; http_method; content:"/rme8zf0zja.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sx.qzad3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670349/; classtype:trojan-activity;sid:84533449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.125.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670347/; classtype:trojan-activity;sid:84533447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670346)"; flow:established,from_client; content:"GET"; http_method; content:"/vfxl0hw3gm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q4ws.hpap6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670346/; classtype:trojan-activity;sid:84533446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670345)"; flow:established,from_client; content:"GET"; http_method; content:"/tobdpzlap4.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sx.qzad3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670345/; classtype:trojan-activity;sid:84533445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670343)"; flow:established,from_client; content:"GET"; http_method; content:"/xa04.google|3f|t=tbz20rjz"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"w1n.5lr1v.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670343/; classtype:trojan-activity;sid:84533443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670344)"; flow:established,from_client; content:"GET"; http_method; content:"/xa04.google|3f|t=7tigupwm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"w1n.5lr1v.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670344/; classtype:trojan-activity;sid:84533444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670342)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/xnvc2ef.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670342/; classtype:trojan-activity;sid:84533442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670341)"; flow:established,from_client; content:"GET"; http_method; content:"/mc1bj56nvs.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sx.qzad3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670341/; classtype:trojan-activity;sid:84533441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670340)"; flow:established,from_client; content:"GET"; http_method; content:"/rj7.check|3f|t=1gtsa89v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.5lr1v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670340/; classtype:trojan-activity;sid:84533440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.181.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670339/; classtype:trojan-activity;sid:84533439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670338)"; flow:established,from_client; content:"GET"; http_method; content:"/4lbf416g0j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7pa.hpap6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670338/; classtype:trojan-activity;sid:84533438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670337)"; flow:established,from_client; content:"GET"; http_method; content:"/rj7.check|3f|t=piiakxaj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h7.5lr1v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670337/; classtype:trojan-activity;sid:84533437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.125.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670336/; classtype:trojan-activity;sid:84533436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.35.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670335/; classtype:trojan-activity;sid:84533435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.137.30.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670334/; classtype:trojan-activity;sid:84533434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670333)"; flow:established,from_client; content:"GET"; http_method; content:"/m2.google|3f|t=uqddy6zk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q9.5lr1v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670333/; classtype:trojan-activity;sid:84533433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670332)"; flow:established,from_client; content:"GET"; http_method; content:"/rvg2ds83sm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m1yl.hpap6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670332/; classtype:trojan-activity;sid:84533432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670331)"; flow:established,from_client; content:"GET"; http_method; content:"/96ki0ro1d1.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"7k5.qzad3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670331/; classtype:trojan-activity;sid:84533431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670330)"; flow:established,from_client; content:"GET"; http_method; content:"/m2.google|3f|t=1bho4sgr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q9.5lr1v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670330/; classtype:trojan-activity;sid:84533430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670329)"; flow:established,from_client; content:"GET"; http_method; content:"/5jfk5zfkzx.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"7k5.qzad3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670329/; classtype:trojan-activity;sid:84533429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670328)"; flow:established,from_client; content:"GET"; http_method; content:"/tb9.check|3f|t=0z97xfo7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.5lr1v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670328/; classtype:trojan-activity;sid:84533428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670327)"; flow:established,from_client; content:"GET"; http_method; content:"/tb9.check|3f|t=7643rbft"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.5lr1v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670327/; classtype:trojan-activity;sid:84533427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670326)"; flow:established,from_client; content:"GET"; http_method; content:"/b066zw0tnk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m1yl.hpap6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670326/; classtype:trojan-activity;sid:84533426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.181.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670325/; classtype:trojan-activity;sid:84533425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.198.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670324/; classtype:trojan-activity;sid:84533424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670323)"; flow:established,from_client; content:"GET"; http_method; content:"/0bhgk6woei.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vr2x.hpap6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670323/; classtype:trojan-activity;sid:84533423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670320)"; flow:established,from_client; content:"GET"; http_method; content:"/0a1.google|3f|t=mq6hn1di"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pt.5lr1v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670320/; classtype:trojan-activity;sid:84533420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670321)"; flow:established,from_client; content:"GET"; http_method; content:"/0a1.google|3f|t=fc32tdsw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pt.5lr1v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670321/; classtype:trojan-activity;sid:84533421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670322)"; flow:established,from_client; content:"GET"; http_method; content:"/v5muom46j4.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"f.wsit4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670322/; classtype:trojan-activity;sid:84533422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670319)"; flow:established,from_client; content:"GET"; http_method; content:"/qk.google|3f|t=npqc9ppy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k.5lr1v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670319/; classtype:trojan-activity;sid:84533419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670318)"; flow:established,from_client; content:"GET"; http_method; content:"/mbeua2yl7y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vr2x.hpap6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670318/; classtype:trojan-activity;sid:84533418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.164.229.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670317/; classtype:trojan-activity;sid:84533417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670316)"; flow:established,from_client; content:"GET"; http_method; content:"/k0xayamok7.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"f.wsit4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670316/; classtype:trojan-activity;sid:84533416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670315)"; flow:established,from_client; content:"GET"; http_method; content:"/ce.check|3f|t=efc3yg7y"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"70.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670315/; classtype:trojan-activity;sid:84533415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670314)"; flow:established,from_client; content:"GET"; http_method; content:"/ujrckivfun.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vr2x.hpap6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670314/; classtype:trojan-activity;sid:84533414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670313)"; flow:established,from_client; content:"GET"; http_method; content:"/ce.check|3f|t=dkjbd1bs"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"70.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670313/; classtype:trojan-activity;sid:84533413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670312)"; flow:established,from_client; content:"GET"; http_method; content:"/d5.check|3f|t=i38hhn4r"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"u0.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670312/; classtype:trojan-activity;sid:84533412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670311)"; flow:established,from_client; content:"GET"; http_method; content:"/hg6cm7akdx.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"n6u.wsit4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670311/; classtype:trojan-activity;sid:84533411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.198.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670310/; classtype:trojan-activity;sid:84533410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.56.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670309/; classtype:trojan-activity;sid:84533409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670308/; classtype:trojan-activity;sid:84533408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.82.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670307/; classtype:trojan-activity;sid:84533407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.35.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670306/; classtype:trojan-activity;sid:84533406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670305/; classtype:trojan-activity;sid:84533405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670304)"; flow:established,from_client; content:"GET"; http_method; content:"/d5.check|3f|t=wmc0c8cv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"u0.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670304/; classtype:trojan-activity;sid:84533404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670303)"; flow:established,from_client; content:"GET"; http_method; content:"/5k044wywkn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t8qn.hpap6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670303/; classtype:trojan-activity;sid:84533403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.227.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670302/; classtype:trojan-activity;sid:84533402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.102.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670301/; classtype:trojan-activity;sid:84533401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.164.229.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670300/; classtype:trojan-activity;sid:84533400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670298)"; flow:established,from_client; content:"GET"; http_method; content:"/dsjcb2ambo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t8qn.hpap6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670298/; classtype:trojan-activity;sid:84533398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670299)"; flow:established,from_client; content:"GET"; http_method; content:"/mok0jslso0.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"rb.wsit4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670299/; classtype:trojan-activity;sid:84533399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670296)"; flow:established,from_client; content:"GET"; http_method; content:"/de2.google|3f|t=3scdiutu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pw.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670296/; classtype:trojan-activity;sid:84533396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670297)"; flow:established,from_client; content:"GET"; http_method; content:"/de2.google|3f|t=kcxetyxz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pw.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670297/; classtype:trojan-activity;sid:84533397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670295)"; flow:established,from_client; content:"GET"; http_method; content:"/4z6okm1bpp.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1.wsit4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670295/; classtype:trojan-activity;sid:84533395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670294)"; flow:established,from_client; content:"GET"; http_method; content:"/vjb.check|3f|t=fzf0y803"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3c.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670294/; classtype:trojan-activity;sid:84533394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670293)"; flow:established,from_client; content:"GET"; http_method; content:"/vjb.check|3f|t=7kx9ap5v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3c.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670293/; classtype:trojan-activity;sid:84533393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670292)"; flow:established,from_client; content:"GET"; http_method; content:"/1p0mpj20t1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kz3m.hpap6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670292/; classtype:trojan-activity;sid:84533392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670291)"; flow:established,from_client; content:"GET"; http_method; content:"/kj.google|3f|t=6i7lm4x1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"et.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670291/; classtype:trojan-activity;sid:84533391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670290)"; flow:established,from_client; content:"GET"; http_method; content:"/naqeslfp0l.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ae.wsit4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670290/; classtype:trojan-activity;sid:84533390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.227.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670289/; classtype:trojan-activity;sid:84533389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670288)"; flow:established,from_client; content:"GET"; http_method; content:"/x3wzkb9x31.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k8.wsit4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670288/; classtype:trojan-activity;sid:84533388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670287)"; flow:established,from_client; content:"GET"; http_method; content:"/0bq.google|3f|t=2wcnrme4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hm.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670287/; classtype:trojan-activity;sid:84533387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.234.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670286/; classtype:trojan-activity;sid:84533386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670285)"; flow:established,from_client; content:"GET"; http_method; content:"/gzkbjz2dwk.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"33f.gtus4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670285/; classtype:trojan-activity;sid:84533385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670284)"; flow:established,from_client; content:"GET"; http_method; content:"/796.check|3f|t=0n1l1dvy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nq.xbiq2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670284/; classtype:trojan-activity;sid:84533384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.198.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670283/; classtype:trojan-activity;sid:84533383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.137.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670281/; classtype:trojan-activity;sid:84533381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.102.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670282/; classtype:trojan-activity;sid:84533382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670280)"; flow:established,from_client; content:"GET"; http_method; content:"/sqtvszb467.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ydw.gtus4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670280/; classtype:trojan-activity;sid:84533380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670279)"; flow:established,from_client; content:"GET"; http_method; content:"/ez5.check|3f|t=dlk1fcxc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sgy.wdax1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670279/; classtype:trojan-activity;sid:84533379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.228.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670277/; classtype:trojan-activity;sid:84533377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670278/; classtype:trojan-activity;sid:84533378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.228.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670276/; classtype:trojan-activity;sid:84533376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.220.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670275/; classtype:trojan-activity;sid:84533375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670274)"; flow:established,from_client; content:"GET"; http_method; content:"/sce4284hs5.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"rwh.gtus4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670274/; classtype:trojan-activity;sid:84533374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670273)"; flow:established,from_client; content:"GET"; http_method; content:"/qr.check|3f|t=57o9shzx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wso.wdax1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670273/; classtype:trojan-activity;sid:84533373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.110.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670272/; classtype:trojan-activity;sid:84533372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.239.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670271/; classtype:trojan-activity;sid:84533371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.145.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670270/; classtype:trojan-activity;sid:84533370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.56.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670269/; classtype:trojan-activity;sid:84533369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.97.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670268/; classtype:trojan-activity;sid:84533368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.220.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670266/; classtype:trojan-activity;sid:84533366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.156.247.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670267/; classtype:trojan-activity;sid:84533367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.220.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670265/; classtype:trojan-activity;sid:84533365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670264)"; flow:established,from_client; content:"GET"; http_method; content:"/2rhveq85gj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.pf6o2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670264/; classtype:trojan-activity;sid:84533364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670263)"; flow:established,from_client; content:"GET"; http_method; content:"/z2v.check|3f|t=etcwoi9b"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iyw.wdax1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670263/; classtype:trojan-activity;sid:84533363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.110.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670262/; classtype:trojan-activity;sid:84533362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670261)"; flow:established,from_client; content:"GET"; http_method; content:"/3e3vl8j8kc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.pf6o2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670261/; classtype:trojan-activity;sid:84533361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670260)"; flow:established,from_client; content:"GET"; http_method; content:"/pj7.check|3f|t=eyz0rsae"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z0h.wdax1.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670260/; classtype:trojan-activity;sid:84533360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.220.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670259/; classtype:trojan-activity;sid:84533359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.239.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670258/; classtype:trojan-activity;sid:84533358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.145.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670257/; classtype:trojan-activity;sid:84533357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670256)"; flow:established,from_client; content:"GET"; http_method; content:"/wk2hrm0r56.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.pf6o2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670256/; classtype:trojan-activity;sid:84533356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670255)"; flow:established,from_client; content:"GET"; http_method; content:"/7v.check|3f|t=lwthg4at"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"fq.wdax1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670255/; classtype:trojan-activity;sid:84533355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670254)"; flow:established,from_client; content:"GET"; http_method; content:"/1hs5bjvlzm.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tr.gtus4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670254/; classtype:trojan-activity;sid:84533354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670253)"; flow:established,from_client; content:"GET"; http_method; content:"/7v.check|3f|t=9br1suvl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"fq.wdax1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670253/; classtype:trojan-activity;sid:84533353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.137.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670252/; classtype:trojan-activity;sid:84533352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.151.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670251/; classtype:trojan-activity;sid:84533351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.156.247.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670250/; classtype:trojan-activity;sid:84533350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670249/; classtype:trojan-activity;sid:84533349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670248)"; flow:established,from_client; content:"GET"; http_method; content:"/dr.check|3f|t=re157r4c"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"va3.jcof9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670248/; classtype:trojan-activity;sid:84533348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670246)"; flow:established,from_client; content:"GET"; http_method; content:"/inw13l7we2.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9r.gtus4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670246/; classtype:trojan-activity;sid:84533346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670247)"; flow:established,from_client; content:"GET"; http_method; content:"/gjsuta9plp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.pf6o2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670247/; classtype:trojan-activity;sid:84533347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670245)"; flow:established,from_client; content:"GET"; http_method; content:"/dr.check|3f|t=ytpo0owm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"va3.jcof9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670245/; classtype:trojan-activity;sid:84533345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670243)"; flow:established,from_client; content:"GET"; http_method; content:"/ne.google|3f|t=iz2ejbj5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a27.jcof9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670243/; classtype:trojan-activity;sid:84533343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670244)"; flow:established,from_client; content:"GET"; http_method; content:"/lh2sikcb2i.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fj.gtus4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670244/; classtype:trojan-activity;sid:84533344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670241)"; flow:established,from_client; content:"GET"; http_method; content:"/yqvtanyyyn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.pf6o2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670241/; classtype:trojan-activity;sid:84533341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670242)"; flow:established,from_client; content:"GET"; http_method; content:"/ne.google|3f|t=3m2518r6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a27.jcof9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670242/; classtype:trojan-activity;sid:84533342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670240)"; flow:established,from_client; content:"GET"; http_method; content:"/kuz6h8imb4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.pf6o2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670240/; classtype:trojan-activity;sid:84533340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670239)"; flow:established,from_client; content:"GET"; http_method; content:"/77.check|3f|t=j12jlv0z"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lo.jcof9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670239/; classtype:trojan-activity;sid:84533339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670238)"; flow:established,from_client; content:"GET"; http_method; content:"/1n0kj6zhr3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.pf6o2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670238/; classtype:trojan-activity;sid:84533338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670237)"; flow:established,from_client; content:"GET"; http_method; content:"/x1.google|3f|t=ll05rshb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mom.jcof9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670237/; classtype:trojan-activity;sid:84533337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.16.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670236/; classtype:trojan-activity;sid:84533336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.16.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670235/; classtype:trojan-activity;sid:84533335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670233)"; flow:established,from_client; content:"GET"; http_method; content:"/ja4kikopse.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"7zt.vqod2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670233/; classtype:trojan-activity;sid:84533333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670234)"; flow:established,from_client; content:"GET"; http_method; content:"/sg3loy7m5e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.rk8y6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670234/; classtype:trojan-activity;sid:84533334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670231)"; flow:established,from_client; content:"GET"; http_method; content:"/30.google|3f|t=x3c73gpa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ajf.jcof9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670231/; classtype:trojan-activity;sid:84533331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670232)"; flow:established,from_client; content:"GET"; http_method; content:"/30.google|3f|t=0tls1j97"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ajf.jcof9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670232/; classtype:trojan-activity;sid:84533332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670230)"; flow:established,from_client; content:"GET"; http_method; content:"/oc.google|3f|t=jwyacb2y"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n8x.jcof9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670230/; classtype:trojan-activity;sid:84533330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670229)"; flow:established,from_client; content:"GET"; http_method; content:"/m6iq9mcsuv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.rk8y6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670229/; classtype:trojan-activity;sid:84533329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670228)"; flow:established,from_client; content:"GET"; http_method; content:"/zkcpn6el2r.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fe.vqod2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670228/; classtype:trojan-activity;sid:84533328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670227)"; flow:established,from_client; content:"GET"; http_method; content:"/oc.google|3f|t=2lqhz625"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n8x.jcof9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670227/; classtype:trojan-activity;sid:84533327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670226/; classtype:trojan-activity;sid:84533326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.160.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670225/; classtype:trojan-activity;sid:84533325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.5.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670224/; classtype:trojan-activity;sid:84533324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.61.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670223/; classtype:trojan-activity;sid:84533323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670222)"; flow:established,from_client; content:"GET"; http_method; content:"/n3i5yec6tu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.rk8y6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670222/; classtype:trojan-activity;sid:84533322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670221)"; flow:established,from_client; content:"GET"; http_method; content:"/i2k.check|3f|t=hdh0qtwb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zi.jcof9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670221/; classtype:trojan-activity;sid:84533321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670219)"; flow:established,from_client; content:"GET"; http_method; content:"/i2k.check|3f|t=nxj8t63a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zi.jcof9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670219/; classtype:trojan-activity;sid:84533319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670220)"; flow:established,from_client; content:"GET"; http_method; content:"/7s6ejs2dbx.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ni.vqod2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670220/; classtype:trojan-activity;sid:84533320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.61.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670218/; classtype:trojan-activity;sid:84533318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.91.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670217/; classtype:trojan-activity;sid:84533317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.54.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670216/; classtype:trojan-activity;sid:84533316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670215)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.check|3f|t=xp7p34d5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"7r.qrow6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670215/; classtype:trojan-activity;sid:84533315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670213)"; flow:established,from_client; content:"GET"; http_method; content:"/l2me008cmi.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2.vqod2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670213/; classtype:trojan-activity;sid:84533313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670214)"; flow:established,from_client; content:"GET"; http_method; content:"/z2wllr2dob.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.rk8y6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670214/; classtype:trojan-activity;sid:84533314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670212)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.check|3f|t=q4ewb2n0"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"7r.qrow6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670212/; classtype:trojan-activity;sid:84533312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670211)"; flow:established,from_client; content:"GET"; http_method; content:"/5vb.check|3f|t=d2ur6ld3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yp.qrow6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670211/; classtype:trojan-activity;sid:84533311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670210)"; flow:established,from_client; content:"GET"; http_method; content:"/wjmmq62lbc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.rk8y6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670210/; classtype:trojan-activity;sid:84533310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670209)"; flow:established,from_client; content:"GET"; http_method; content:"/h6pn1ic5wa.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"je.vqod2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670209/; classtype:trojan-activity;sid:84533309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670208)"; flow:established,from_client; content:"GET"; http_method; content:"/5vb.check|3f|t=7pevewtj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yp.qrow6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670208/; classtype:trojan-activity;sid:84533308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.160.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670207/; classtype:trojan-activity;sid:84533307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670206)"; flow:established,from_client; content:"GET"; http_method; content:"/9jopsujxbf.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"h.vqod2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670206/; classtype:trojan-activity;sid:84533306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670205)"; flow:established,from_client; content:"GET"; http_method; content:"/6f3.check|3f|t=3gyhqj8p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6lv.qrow6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670205/; classtype:trojan-activity;sid:84533305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670204)"; flow:established,from_client; content:"GET"; http_method; content:"/6f3.check|3f|t=t0snn2br"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6lv.qrow6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670204/; classtype:trojan-activity;sid:84533304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670203)"; flow:established,from_client; content:"GET"; http_method; content:"/stmjqt6xa1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.rk8y6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670203/; classtype:trojan-activity;sid:84533303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.54.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670202/; classtype:trojan-activity;sid:84533302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.91.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670201/; classtype:trojan-activity;sid:84533301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.102.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670199/; classtype:trojan-activity;sid:84533299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.225.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670200/; classtype:trojan-activity;sid:84533300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670198)"; flow:established,from_client; content:"GET"; http_method; content:"/8kt3vrw950.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.ls2a9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670198/; classtype:trojan-activity;sid:84533298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670197)"; flow:established,from_client; content:"GET"; http_method; content:"/5f.google|3f|t=ahy2mmcc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cwp.qrow6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670197/; classtype:trojan-activity;sid:84533297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670196)"; flow:established,from_client; content:"GET"; http_method; content:"/91wmlnag03.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"s4.mg1u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670196/; classtype:trojan-activity;sid:84533296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670195)"; flow:established,from_client; content:"GET"; http_method; content:"/5f.google|3f|t=m6brhjn3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cwp.qrow6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670195/; classtype:trojan-activity;sid:84533295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670194)"; flow:established,from_client; content:"GET"; http_method; content:"/xlqhe4veop.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.ls2a9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670194/; classtype:trojan-activity;sid:84533294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670191)"; flow:established,from_client; content:"GET"; http_method; content:"/2j.google|3f|t=77h492g9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v5.qrow6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670191/; classtype:trojan-activity;sid:84533291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670192)"; flow:established,from_client; content:"GET"; http_method; content:"/2j.google|3f|t=us3hfbu3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v5.qrow6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670192/; classtype:trojan-activity;sid:84533292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670193)"; flow:established,from_client; content:"GET"; http_method; content:"/9pskhzkw9k.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hm.mg1u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670193/; classtype:trojan-activity;sid:84533293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.233.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670190/; classtype:trojan-activity;sid:84533290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.176.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670189/; classtype:trojan-activity;sid:84533289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670188)"; flow:established,from_client; content:"GET"; http_method; content:"/d9l66269kp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.ls2a9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670188/; classtype:trojan-activity;sid:84533288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670187)"; flow:established,from_client; content:"GET"; http_method; content:"/76.check|3f|t=dd7bmq09"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xj.qrow6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670187/; classtype:trojan-activity;sid:84533287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670186/; classtype:trojan-activity;sid:84533286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.221.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670185/; classtype:trojan-activity;sid:84533285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.216.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670184/; classtype:trojan-activity;sid:84533284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670183)"; flow:established,from_client; content:"GET"; http_method; content:"/1p5dqxzoxx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.ls2a9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670183/; classtype:trojan-activity;sid:84533283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670182)"; flow:established,from_client; content:"GET"; http_method; content:"/oa.check|3f|t=96jqo5b7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"o9n.sheh0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670182/; classtype:trojan-activity;sid:84533282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670181)"; flow:established,from_client; content:"GET"; http_method; content:"/tnywrsiylq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"t1.mg1u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670181/; classtype:trojan-activity;sid:84533281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670180)"; flow:established,from_client; content:"GET"; http_method; content:"/oa.check|3f|t=eydbjztt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"o9n.sheh0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670180/; classtype:trojan-activity;sid:84533280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670179)"; flow:established,from_client; content:"GET"; http_method; content:"/vywbv574d7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.ls2a9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670179/; classtype:trojan-activity;sid:84533279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670178)"; flow:established,from_client; content:"GET"; http_method; content:"/qa.check|3f|t=bpovmq64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ge.sheh0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670178/; classtype:trojan-activity;sid:84533278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670177)"; flow:established,from_client; content:"GET"; http_method; content:"/yohvb5g4mg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"qz9.mg1u5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670177/; classtype:trojan-activity;sid:84533277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670176)"; flow:established,from_client; content:"GET"; http_method; content:"/qa.check|3f|t=1p2whrnu"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ge.sheh0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670176/; classtype:trojan-activity;sid:84533276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.176.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670175/; classtype:trojan-activity;sid:84533275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670174)"; flow:established,from_client; content:"GET"; http_method; content:"/17.check|3f|t=vrknzbgv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dh.sheh0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670174/; classtype:trojan-activity;sid:84533274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670173)"; flow:established,from_client; content:"GET"; http_method; content:"/fplpnycrin.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.ls2a9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670173/; classtype:trojan-activity;sid:84533273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670172/; classtype:trojan-activity;sid:84533272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670171)"; flow:established,from_client; content:"GET"; http_method; content:"/4ejrv6yzih.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"v2.mg1u5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670171/; classtype:trojan-activity;sid:84533271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670170)"; flow:established,from_client; content:"GET"; http_method; content:"/97.check|3f|t=0n10pe0b"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2k.sheh0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670170/; classtype:trojan-activity;sid:84533270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.233.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670169/; classtype:trojan-activity;sid:84533269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670168)"; flow:established,from_client; content:"GET"; http_method; content:"/97.check|3f|t=n85hl1jk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2k.sheh0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670168/; classtype:trojan-activity;sid:84533268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670167)"; flow:established,from_client; content:"GET"; http_method; content:"/1ziopz98c0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.ls2a9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670167/; classtype:trojan-activity;sid:84533267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.216.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670166/; classtype:trojan-activity;sid:84533266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670165)"; flow:established,from_client; content:"GET"; http_method; content:"/pg83ko7atb.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k.mg1u5.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670165/; classtype:trojan-activity;sid:84533265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670164)"; flow:established,from_client; content:"GET"; http_method; content:"/2k.check|3f|t=xe4x50vh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"q3.sheh0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670164/; classtype:trojan-activity;sid:84533264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.148.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670163/; classtype:trojan-activity;sid:84533263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670162)"; flow:established,from_client; content:"GET"; http_method; content:"/c5ubyi7tas.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.fp0y9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670162/; classtype:trojan-activity;sid:84533262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670161)"; flow:established,from_client; content:"GET"; http_method; content:"/2k.check|3f|t=ql4tf30r"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"q3.sheh0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670161/; classtype:trojan-activity;sid:84533261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670160)"; flow:established,from_client; content:"GET"; http_method; content:"/ddv8qo5eva.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"s4.ll7y5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670160/; classtype:trojan-activity;sid:84533260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670159)"; flow:established,from_client; content:"GET"; http_method; content:"/i8.google|3f|t=898p8big"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ei3.sheh0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670159/; classtype:trojan-activity;sid:84533259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670158)"; flow:established,from_client; content:"GET"; http_method; content:"/787imnv2d2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.fp0y9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670158/; classtype:trojan-activity;sid:84533258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670157)"; flow:established,from_client; content:"GET"; http_method; content:"/i8.google|3f|t=bmxlcz7r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ei3.sheh0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670157/; classtype:trojan-activity;sid:84533257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.158.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670156/; classtype:trojan-activity;sid:84533256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670154)"; flow:established,from_client; content:"GET"; http_method; content:"/x0.check|3f|t=je0h7wsk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m21.sheh0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670154/; classtype:trojan-activity;sid:84533254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670155)"; flow:established,from_client; content:"GET"; http_method; content:"/2wzo8ojjng.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.fp0y9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670155/; classtype:trojan-activity;sid:84533255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670152)"; flow:established,from_client; content:"GET"; http_method; content:"/x0.check|3f|t=osjsrs2c"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m21.sheh0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670152/; classtype:trojan-activity;sid:84533252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670153)"; flow:established,from_client; content:"GET"; http_method; content:"/1e4mpxggh4.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hm.ll7y5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670153/; classtype:trojan-activity;sid:84533253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.44.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670151/; classtype:trojan-activity;sid:84533251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670150)"; flow:established,from_client; content:"GET"; http_method; content:"/p0.check|3f|t=fhsy5dg0"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"9a.zqof0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670150/; classtype:trojan-activity;sid:84533250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670148)"; flow:established,from_client; content:"GET"; http_method; content:"/4hnxkf9quu.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"t1.ll7y5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670148/; classtype:trojan-activity;sid:84533248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670149)"; flow:established,from_client; content:"GET"; http_method; content:"/rkp3e5lobs.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.fp0y9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670149/; classtype:trojan-activity;sid:84533249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670147)"; flow:established,from_client; content:"GET"; http_method; content:"/p0.check|3f|t=wzun7s4i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"9a.zqof0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670147/; classtype:trojan-activity;sid:84533247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670146)"; flow:established,from_client; content:"GET"; http_method; content:"/lv69h05w8f.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"qz9.ll7y5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670146/; classtype:trojan-activity;sid:84533246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670145)"; flow:established,from_client; content:"GET"; http_method; content:"/7g.check|3f|t=zhvap3qq"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"l9.zqof0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670145/; classtype:trojan-activity;sid:84533245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.51.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670144/; classtype:trojan-activity;sid:84533244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670143)"; flow:established,from_client; content:"GET"; http_method; content:"/7fpzjd0vsn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.fp0y9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670143/; classtype:trojan-activity;sid:84533243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670142)"; flow:established,from_client; content:"GET"; http_method; content:"/7g.check|3f|t=e1ni2rk8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"l9.zqof0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670142/; classtype:trojan-activity;sid:84533242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670141)"; flow:established,from_client; content:"GET"; http_method; content:"/41.google|3f|t=exsw6cqx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g0.zqof0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670141/; classtype:trojan-activity;sid:84533241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670140)"; flow:established,from_client; content:"GET"; http_method; content:"/mlxo6md6f8.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"v2.ll7y5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670140/; classtype:trojan-activity;sid:84533240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670139)"; flow:established,from_client; content:"GET"; http_method; content:"/i6he1sqijr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.fp0y9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670139/; classtype:trojan-activity;sid:84533239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670138)"; flow:established,from_client; content:"GET"; http_method; content:"/41.google|3f|t=4fqol4fe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g0.zqof0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670138/; classtype:trojan-activity;sid:84533238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670137)"; flow:established,from_client; content:"GET"; http_method; content:"/d6wwemttdk.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"v2.ll7y5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670137/; classtype:trojan-activity;sid:84533237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670136)"; flow:established,from_client; content:"GET"; http_method; content:"/r8a.check|3f|t=yve77rpm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mmd.zqof0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670136/; classtype:trojan-activity;sid:84533236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670135)"; flow:established,from_client; content:"GET"; http_method; content:"/zqigvv2x6w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.fp0y9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670135/; classtype:trojan-activity;sid:84533235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670134)"; flow:established,from_client; content:"GET"; http_method; content:"/r8a.check|3f|t=ju1ily5d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mmd.zqof0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670134/; classtype:trojan-activity;sid:84533234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.90.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670133/; classtype:trojan-activity;sid:84533233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.51.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670132/; classtype:trojan-activity;sid:84533232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.77.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670131/; classtype:trojan-activity;sid:84533231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670129)"; flow:established,from_client; content:"GET"; http_method; content:"/ov8.google|3f|t=xnj5i4uc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nis.zqof0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670129/; classtype:trojan-activity;sid:84533229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670130)"; flow:established,from_client; content:"GET"; http_method; content:"/oajrsifquv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.bh3i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670130/; classtype:trojan-activity;sid:84533230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670128)"; flow:established,from_client; content:"GET"; http_method; content:"/thp11bgnxg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k.ll7y5.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670128/; classtype:trojan-activity;sid:84533228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670127)"; flow:established,from_client; content:"GET"; http_method; content:"/ov8.google|3f|t=t6jmg6zu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nis.zqof0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670127/; classtype:trojan-activity;sid:84533227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.210.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670125/; classtype:trojan-activity;sid:84533225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.84.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670126/; classtype:trojan-activity;sid:84533226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670123)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670123/; classtype:trojan-activity;sid:84533223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.81.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670124/; classtype:trojan-activity;sid:84533224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670122)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670122/; classtype:trojan-activity;sid:84533222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.67.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670110/; classtype:trojan-activity;sid:84533210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.48.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670111/; classtype:trojan-activity;sid:84533211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670112)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670112/; classtype:trojan-activity;sid:84533212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670113)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670113/; classtype:trojan-activity;sid:84533213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670114)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670114/; classtype:trojan-activity;sid:84533214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670115)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670115/; classtype:trojan-activity;sid:84533215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670116)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670116/; classtype:trojan-activity;sid:84533216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670117)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670117/; classtype:trojan-activity;sid:84533217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670118)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670118/; classtype:trojan-activity;sid:84533218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670119)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670119/; classtype:trojan-activity;sid:84533219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.198.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670120/; classtype:trojan-activity;sid:84533220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670121)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.151.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670121/; classtype:trojan-activity;sid:84533221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670108)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670108/; classtype:trojan-activity;sid:84533208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670109)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670109/; classtype:trojan-activity;sid:84533209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670107)"; flow:established,from_client; content:"GET"; http_method; content:"/ujl8d82k0y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.bh3i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670107/; classtype:trojan-activity;sid:84533207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670106)"; flow:established,from_client; content:"GET"; http_method; content:"/09.google|3f|t=5ekoeo7o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"olf.zqof0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670106/; classtype:trojan-activity;sid:84533206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670104)"; flow:established,from_client; content:"GET"; http_method; content:"/09.google|3f|t=p7nojbku"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"olf.zqof0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670104/; classtype:trojan-activity;sid:84533204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670105)"; flow:established,from_client; content:"GET"; http_method; content:"/5znj3g7a2h.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"s4.ss9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670105/; classtype:trojan-activity;sid:84533205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.171.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670102/; classtype:trojan-activity;sid:84533202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.244.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670103/; classtype:trojan-activity;sid:84533203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670100)"; flow:established,from_client; content:"GET"; http_method; content:"/gv.google|3f|t=sx2vficg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kib.zqof0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670100/; classtype:trojan-activity;sid:84533200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670101)"; flow:established,from_client; content:"GET"; http_method; content:"/1cbh3lrdhb.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hm.ss9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670101/; classtype:trojan-activity;sid:84533201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.144.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670099/; classtype:trojan-activity;sid:84533199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670098)"; flow:established,from_client; content:"GET"; http_method; content:"/igwmooa8py.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.bh3i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670098/; classtype:trojan-activity;sid:84533198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670097)"; flow:established,from_client; content:"GET"; http_method; content:"/gv.google|3f|t=9q8hjgwo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kib.zqof0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670097/; classtype:trojan-activity;sid:84533197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.77.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670096/; classtype:trojan-activity;sid:84533196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.84.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670095/; classtype:trojan-activity;sid:84533195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670094)"; flow:established,from_client; content:"GET"; http_method; content:"/qlx5clazad.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hm.ss9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670094/; classtype:trojan-activity;sid:84533194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670093)"; flow:established,from_client; content:"GET"; http_method; content:"/31m.google|3f|t=phuzzgrz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y3a.dnek6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670093/; classtype:trojan-activity;sid:84533193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670092)"; flow:established,from_client; content:"GET"; http_method; content:"/31m.google|3f|t=9dlp0b7p"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y3a.dnek6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670092/; classtype:trojan-activity;sid:84533192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670091)"; flow:established,from_client; content:"GET"; http_method; content:"/88s6xb4haj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.bh3i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670091/; classtype:trojan-activity;sid:84533191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.90.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670090/; classtype:trojan-activity;sid:84533190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670089)"; flow:established,from_client; content:"GET"; http_method; content:"/31m.google|3f|t=krwtjwe5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y3a.dnek6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670089/; classtype:trojan-activity;sid:84533189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670088)"; flow:established,from_client; content:"GET"; http_method; content:"/37p6xki141.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"t1.ss9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670088/; classtype:trojan-activity;sid:84533188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.57.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670087/; classtype:trojan-activity;sid:84533187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670086/; classtype:trojan-activity;sid:84533186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670084)"; flow:established,from_client; content:"GET"; http_method; content:"/r7hpwdhrqg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.bh3i6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670084/; classtype:trojan-activity;sid:84533184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670085)"; flow:established,from_client; content:"GET"; http_method; content:"/uf.check|3f|t=s7cg4w6o"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gk.dnek6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670085/; classtype:trojan-activity;sid:84533185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670083)"; flow:established,from_client; content:"GET"; http_method; content:"/wf3wxhlxgw.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"t1.ss9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670083/; classtype:trojan-activity;sid:84533183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670082)"; flow:established,from_client; content:"GET"; http_method; content:"/uf.check|3f|t=mtegwbrw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gk.dnek6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670082/; classtype:trojan-activity;sid:84533182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.253.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670081/; classtype:trojan-activity;sid:84533181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670080)"; flow:established,from_client; content:"GET"; http_method; content:"/z0czk1a1nc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.bh3i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670080/; classtype:trojan-activity;sid:84533180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670079)"; flow:established,from_client; content:"GET"; http_method; content:"/lg.google|3f|t=4m9x8yfl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zue.dnek6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670079/; classtype:trojan-activity;sid:84533179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.118.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670078/; classtype:trojan-activity;sid:84533178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670077)"; flow:established,from_client; content:"GET"; http_method; content:"/lg.google|3f|t=rjttrq8s"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zue.dnek6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670077/; classtype:trojan-activity;sid:84533177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670076)"; flow:established,from_client; content:"GET"; http_method; content:"/sp10uioju1.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"qz9.ss9y4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670076/; classtype:trojan-activity;sid:84533176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.198.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670075/; classtype:trojan-activity;sid:84533175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670074)"; flow:established,from_client; content:"GET"; http_method; content:"/n9hkns7w3l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.bh3i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670074/; classtype:trojan-activity;sid:84533174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670073)"; flow:established,from_client; content:"GET"; http_method; content:"/ixg.google|3f|t=1eri1r2v"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5k.dnek6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670073/; classtype:trojan-activity;sid:84533173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.143.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670072/; classtype:trojan-activity;sid:84533172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670071)"; flow:established,from_client; content:"GET"; http_method; content:"/ixg.google|3f|t=3n4yliuz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5k.dnek6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670071/; classtype:trojan-activity;sid:84533171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670070)"; flow:established,from_client; content:"GET"; http_method; content:"/qlzeuhgpde.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"v2.ss9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670070/; classtype:trojan-activity;sid:84533170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.131.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670069/; classtype:trojan-activity;sid:84533169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.159.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670068/; classtype:trojan-activity;sid:84533168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.253.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670067/; classtype:trojan-activity;sid:84533167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.250.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670066/; classtype:trojan-activity;sid:84533166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670065)"; flow:established,from_client; content:"GET"; http_method; content:"/35uolozxhw.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k.ss9y4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670065/; classtype:trojan-activity;sid:84533165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670064)"; flow:established,from_client; content:"GET"; http_method; content:"/qd8.google|3f|t=50yb3nhf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"onz.dnek6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670064/; classtype:trojan-activity;sid:84533164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.118.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670063/; classtype:trojan-activity;sid:84533163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.253.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670062/; classtype:trojan-activity;sid:84533162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.253.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670061/; classtype:trojan-activity;sid:84533161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.230.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670060/; classtype:trojan-activity;sid:84533160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670059)"; flow:established,from_client; content:"GET"; http_method; content:"/qw0jzzu6zj.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k.ss9y4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670059/; classtype:trojan-activity;sid:84533159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670058)"; flow:established,from_client; content:"GET"; http_method; content:"/8ey.google|3f|t=jzfy1suo"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"6p.dnek6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670058/; classtype:trojan-activity;sid:84533158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.48.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670057/; classtype:trojan-activity;sid:84533157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.143.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670055/; classtype:trojan-activity;sid:84533155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.170.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670056/; classtype:trojan-activity;sid:84533156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.94.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670054/; classtype:trojan-activity;sid:84533154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670053)"; flow:established,from_client; content:"GET"; http_method; content:"/8nzdb8kj5o.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"s4.fj2e0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670053/; classtype:trojan-activity;sid:84533153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670052)"; flow:established,from_client; content:"GET"; http_method; content:"/ux.google|3f|t=0pe9d9e2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bz.ktox5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670052/; classtype:trojan-activity;sid:84533152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670050)"; flow:established,from_client; content:"GET"; http_method; content:"/ux.google|3f|t=tn5ta3di"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bz.ktox5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670050/; classtype:trojan-activity;sid:84533150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670051)"; flow:established,from_client; content:"GET"; http_method; content:"/ylvuunbyc2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.kj4o0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670051/; classtype:trojan-activity;sid:84533151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.230.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670049/; classtype:trojan-activity;sid:84533149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670047)"; flow:established,from_client; content:"GET"; http_method; content:"/ehswwr5xb6.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hm.fj2e0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670047/; classtype:trojan-activity;sid:84533147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670048)"; flow:established,from_client; content:"GET"; http_method; content:"/m2jjtz6r6n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.kj4o0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670048/; classtype:trojan-activity;sid:84533148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670045)"; flow:established,from_client; content:"GET"; http_method; content:"/4tm.check|3f|t=cfe2m08v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wm.ktox5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670045/; classtype:trojan-activity;sid:84533145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670046)"; flow:established,from_client; content:"GET"; http_method; content:"/4tm.check|3f|t=mk7i8twk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wm.ktox5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670046/; classtype:trojan-activity;sid:84533146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.48.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670044/; classtype:trojan-activity;sid:84533144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670043)"; flow:established,from_client; content:"GET"; http_method; content:"/50nyivjzg3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.kj4o0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670043/; classtype:trojan-activity;sid:84533143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670042)"; flow:established,from_client; content:"GET"; http_method; content:"/ee.google|3f|t=n61707bi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1s.ktox5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670042/; classtype:trojan-activity;sid:84533142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670041)"; flow:established,from_client; content:"GET"; http_method; content:"/ee.google|3f|t=aac80kjs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1s.ktox5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670041/; classtype:trojan-activity;sid:84533141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670040)"; flow:established,from_client; content:"GET"; http_method; content:"/9ldevxvi11.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"t1.fj2e0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670040/; classtype:trojan-activity;sid:84533140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.94.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670039/; classtype:trojan-activity;sid:84533139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670038)"; flow:established,from_client; content:"GET"; http_method; content:"/217zsbs34m.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.kj4o0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670038/; classtype:trojan-activity;sid:84533138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670037)"; flow:established,from_client; content:"GET"; http_method; content:"/a1.google|3f|t=djjlys0m"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vy.ktox5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670037/; classtype:trojan-activity;sid:84533137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.68.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670036/; classtype:trojan-activity;sid:84533136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670035)"; flow:established,from_client; content:"GET"; http_method; content:"/nv5gem16kj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.kj4o0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670035/; classtype:trojan-activity;sid:84533135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670034)"; flow:established,from_client; content:"GET"; http_method; content:"/tev.check|3f|t=uvkns43t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jw.ktox5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670034/; classtype:trojan-activity;sid:84533134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.56.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670033/; classtype:trojan-activity;sid:84533133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670032)"; flow:established,from_client; content:"GET"; http_method; content:"/kgbteiymqy.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"qz9.fj2e0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670032/; classtype:trojan-activity;sid:84533132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670031)"; flow:established,from_client; content:"GET"; http_method; content:"/tev.check|3f|t=wv30czfl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jw.ktox5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670031/; classtype:trojan-activity;sid:84533131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670030)"; flow:established,from_client; content:"GET"; http_method; content:"/510g5lkxyj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.kj4o0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670030/; classtype:trojan-activity;sid:84533130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670029)"; flow:established,from_client; content:"GET"; http_method; content:"/8of.check|3f|t=sgq18vjv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e4e.ktox5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670029/; classtype:trojan-activity;sid:84533129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670028)"; flow:established,from_client; content:"GET"; http_method; content:"/6a4f8ephxn.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"qz9.fj2e0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670028/; classtype:trojan-activity;sid:84533128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670027)"; flow:established,from_client; content:"GET"; http_method; content:"/8of.check|3f|t=0glnuab7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e4e.ktox5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670027/; classtype:trojan-activity;sid:84533127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.190.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670026/; classtype:trojan-activity;sid:84533126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670025)"; flow:established,from_client; content:"GET"; http_method; content:"/v6yh3o2myg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"v2.fj2e0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670025/; classtype:trojan-activity;sid:84533125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670024)"; flow:established,from_client; content:"GET"; http_method; content:"/39.google|3f|t=1u7hcpg3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yay.ktox5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670024/; classtype:trojan-activity;sid:84533124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670023)"; flow:established,from_client; content:"GET"; http_method; content:"/cwljhd17ni.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.kj4o0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670023/; classtype:trojan-activity;sid:84533123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670022)"; flow:established,from_client; content:"GET"; http_method; content:"/39.google|3f|t=awur7xna"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yay.ktox5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670022/; classtype:trojan-activity;sid:84533122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670020)"; flow:established,from_client; content:"GET"; http_method; content:"/39.google|3f|t=7p2gsmbr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yay.ktox5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670020/; classtype:trojan-activity;sid:84533120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670021)"; flow:established,from_client; content:"GET"; http_method; content:"/i1vplnk45n.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"v2.fj2e0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670021/; classtype:trojan-activity;sid:84533121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.68.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670019/; classtype:trojan-activity;sid:84533119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670018)"; flow:established,from_client; content:"GET"; http_method; content:"/xkid1zt4fd.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"v2.fj2e0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670018/; classtype:trojan-activity;sid:84533118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670017)"; flow:established,from_client; content:"GET"; http_method; content:"/s8.check|3f|t=139rmgmj"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"98.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670017/; classtype:trojan-activity;sid:84533117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670016)"; flow:established,from_client; content:"GET"; http_method; content:"/og9qsv6ec2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.kj4o0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670016/; classtype:trojan-activity;sid:84533116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670015)"; flow:established,from_client; content:"GET"; http_method; content:"/s8.check|3f|t=unfend0a"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"98.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670015/; classtype:trojan-activity;sid:84533115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.221.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670014/; classtype:trojan-activity;sid:84533114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670013)"; flow:established,from_client; content:"GET"; http_method; content:"/oy.google|3f|t=uuub9jg7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"au.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670013/; classtype:trojan-activity;sid:84533113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670012)"; flow:established,from_client; content:"GET"; http_method; content:"/4in664i1f3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.kj4o0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670012/; classtype:trojan-activity;sid:84533112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670011)"; flow:established,from_client; content:"GET"; http_method; content:"/1bcn0hoj3j.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k.fj2e0.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670011/; classtype:trojan-activity;sid:84533111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670010)"; flow:established,from_client; content:"GET"; http_method; content:"/oy.google|3f|t=l0c5vmu1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"au.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670010/; classtype:trojan-activity;sid:84533110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.4.153.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670009/; classtype:trojan-activity;sid:84533109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.19.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670008/; classtype:trojan-activity;sid:84533108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.39.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670007/; classtype:trojan-activity;sid:84533107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670006)"; flow:established,from_client; content:"GET"; http_method; content:"/23toxiqv56.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.kj4o0.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670006/; classtype:trojan-activity;sid:84533106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670005)"; flow:established,from_client; content:"GET"; http_method; content:"/o5.check|3f|t=wtvnl1no"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"0tl.hnaq6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670005/; classtype:trojan-activity;sid:84533105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670004)"; flow:established,from_client; content:"GET"; http_method; content:"/o5.check|3f|t=55njdzxf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"0tl.hnaq6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670004/; classtype:trojan-activity;sid:84533104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670003)"; flow:established,from_client; content:"GET"; http_method; content:"/gpljt287cl.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"3l.kj-4-o-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670003/; classtype:trojan-activity;sid:84533103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670002)"; flow:established,from_client; content:"GET"; http_method; content:"/vz.check|3f|t=ziuni5on"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"d4.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670002/; classtype:trojan-activity;sid:84533102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670001)"; flow:established,from_client; content:"GET"; http_method; content:"/rvcgfs4y91.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.kj4o0.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670001/; classtype:trojan-activity;sid:84533101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.3.54"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3670000/; classtype:trojan-activity;sid:84533100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.95.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669999/; classtype:trojan-activity;sid:84533099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.18.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669997/; classtype:trojan-activity;sid:84533097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.56.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669998/; classtype:trojan-activity;sid:84533098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.35.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669996/; classtype:trojan-activity;sid:84533096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.4.153.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669995/; classtype:trojan-activity;sid:84533095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669994)"; flow:established,from_client; content:"GET"; http_method; content:"/wy65von38o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.mw9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669994/; classtype:trojan-activity;sid:84533094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669993)"; flow:established,from_client; content:"GET"; http_method; content:"/ypb.google|3f|t=c8rvxj8m"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y5.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669993/; classtype:trojan-activity;sid:84533093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669991)"; flow:established,from_client; content:"GET"; http_method; content:"/ypb.google|3f|t=14vapzvq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y5.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669991/; classtype:trojan-activity;sid:84533091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669992)"; flow:established,from_client; content:"GET"; http_method; content:"/zwycuko42q.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2tx.kj-4-o-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669992/; classtype:trojan-activity;sid:84533092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.116.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669990/; classtype:trojan-activity;sid:84533090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669989)"; flow:established,from_client; content:"GET"; http_method; content:"/tajbgbwpbg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.mw9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669989/; classtype:trojan-activity;sid:84533089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669988)"; flow:established,from_client; content:"GET"; http_method; content:"/4ew.check|3f|t=3wtrlzvs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nw.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669988/; classtype:trojan-activity;sid:84533088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669986)"; flow:established,from_client; content:"GET"; http_method; content:"/4ew.check|3f|t=0kwy87jo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nw.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669986/; classtype:trojan-activity;sid:84533086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669987)"; flow:established,from_client; content:"GET"; http_method; content:"/m82es8zeh1.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2tx.kj-4-o-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669987/; classtype:trojan-activity;sid:84533087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.19.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669985/; classtype:trojan-activity;sid:84533085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669984)"; flow:established,from_client; content:"GET"; http_method; content:"/46ll07gikz.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"rc.kj-4-o-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669984/; classtype:trojan-activity;sid:84533084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669983)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.google|3f|t=ye06p9wu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0e.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669983/; classtype:trojan-activity;sid:84533083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669982)"; flow:established,from_client; content:"GET"; http_method; content:"/zqp9zy1gkx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.mw9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669982/; classtype:trojan-activity;sid:84533082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669981)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.google|3f|t=oi6dmnbz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0e.hnaq6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669981/; classtype:trojan-activity;sid:84533081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669979)"; flow:established,from_client; content:"GET"; http_method; content:"/eab.check|3f|t=0u7tz4x9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3n.ndoq0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669979/; classtype:trojan-activity;sid:84533079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669980)"; flow:established,from_client; content:"GET"; http_method; content:"/dt2eptnrqy.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8s.kj-4-o-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669980/; classtype:trojan-activity;sid:84533080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.233.165.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669978/; classtype:trojan-activity;sid:84533078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.201.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669977/; classtype:trojan-activity;sid:84533077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669976)"; flow:established,from_client; content:"GET"; http_method; content:"/mivqboays5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.mw9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669976/; classtype:trojan-activity;sid:84533076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669975)"; flow:established,from_client; content:"GET"; http_method; content:"/eab.check|3f|t=2xdfxm5k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3n.ndoq0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669975/; classtype:trojan-activity;sid:84533075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669973)"; flow:established,from_client; content:"GET"; http_method; content:"/sx47offz79.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.mw9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669973/; classtype:trojan-activity;sid:84533073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669974)"; flow:established,from_client; content:"GET"; http_method; content:"/xgwp8suvqv.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8s.kj-4-o-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669974/; classtype:trojan-activity;sid:84533074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669971)"; flow:established,from_client; content:"GET"; http_method; content:"/pu2.google|3f|t=c0whkr1u"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2yf.ndoq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669971/; classtype:trojan-activity;sid:84533071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669972)"; flow:established,from_client; content:"GET"; http_method; content:"/pu2.google|3f|t=fx8dra6j"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2yf.ndoq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669972/; classtype:trojan-activity;sid:84533072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.201.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669970/; classtype:trojan-activity;sid:84533070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669969/; classtype:trojan-activity;sid:84533069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.233.165.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669968/; classtype:trojan-activity;sid:84533068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669966)"; flow:established,from_client; content:"GET"; http_method; content:"/wjxi3jkuif.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"c8l.kj-4-o-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669966/; classtype:trojan-activity;sid:84533066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669967)"; flow:established,from_client; content:"GET"; http_method; content:"/xkuwikugca.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.mw9y4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669967/; classtype:trojan-activity;sid:84533067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669965)"; flow:established,from_client; content:"GET"; http_method; content:"/ce7.check|3f|t=7fe2kq0i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ewm.ndoq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669965/; classtype:trojan-activity;sid:84533065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669964)"; flow:established,from_client; content:"GET"; http_method; content:"/ce7.check|3f|t=wtqtvvae"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ewm.ndoq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669964/; classtype:trojan-activity;sid:84533064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669963)"; flow:established,from_client; content:"GET"; http_method; content:"/7rk7htzw8d.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"c8l.kj-4-o-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669963/; classtype:trojan-activity;sid:84533063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669962)"; flow:established,from_client; content:"GET"; http_method; content:"/hpa.check|3f|t=4fdqhmug"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ut.ndoq0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669962/; classtype:trojan-activity;sid:84533062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669960)"; flow:established,from_client; content:"GET"; http_method; content:"/hpa.check|3f|t=b1fawqzi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ut.ndoq0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669960/; classtype:trojan-activity;sid:84533060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669961)"; flow:established,from_client; content:"GET"; http_method; content:"/02k2ev8gsu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.mw9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669961/; classtype:trojan-activity;sid:84533061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.8.87.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669959/; classtype:trojan-activity;sid:84533059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669958/; classtype:trojan-activity;sid:84533058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.224.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669957/; classtype:trojan-activity;sid:84533057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669956)"; flow:established,from_client; content:"GET"; http_method; content:"/vn6.google|3f|t=1m8ko5x8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.ndoq0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669956/; classtype:trojan-activity;sid:84533056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669955)"; flow:established,from_client; content:"GET"; http_method; content:"/avoadtbmi7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.mw9y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669955/; classtype:trojan-activity;sid:84533055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.193.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669954/; classtype:trojan-activity;sid:84533054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669953)"; flow:established,from_client; content:"GET"; http_method; content:"/3swv78qmhm.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"csz.kj-4-o-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669953/; classtype:trojan-activity;sid:84533053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669952)"; flow:established,from_client; content:"GET"; http_method; content:"/vn6.google|3f|t=eh4v1b4w"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"85.ndoq0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669952/; classtype:trojan-activity;sid:84533052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.48.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669951/; classtype:trojan-activity;sid:84533051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669950)"; flow:established,from_client; content:"GET"; http_method; content:"/8phkj39mz6.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"q3b.mg-1-u-5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669950/; classtype:trojan-activity;sid:84533050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669949)"; flow:established,from_client; content:"GET"; http_method; content:"/xa.google|3f|t=3tdfpbub"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4ol.ndoq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669949/; classtype:trojan-activity;sid:84533049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669948)"; flow:established,from_client; content:"GET"; http_method; content:"/xa.google|3f|t=0cg08d18"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4ol.ndoq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669948/; classtype:trojan-activity;sid:84533048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669947)"; flow:established,from_client; content:"GET"; http_method; content:"/ojjd0nnh5r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.mw9y4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669947/; classtype:trojan-activity;sid:84533047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.8.87.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669946/; classtype:trojan-activity;sid:84533046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669945)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.27.207.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669945/; classtype:trojan-activity;sid:84533045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669943)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.60.203.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669943/; classtype:trojan-activity;sid:84533043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669944)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.44.76.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669944/; classtype:trojan-activity;sid:84533044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.50.222.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669942/; classtype:trojan-activity;sid:84533042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.183.56.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669940/; classtype:trojan-activity;sid:84533040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.227.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669941/; classtype:trojan-activity;sid:84533041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.248.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669939/; classtype:trojan-activity;sid:84533039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669938)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"189.222.51.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669938/; classtype:trojan-activity;sid:84533038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.109.43.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669937/; classtype:trojan-activity;sid:84533037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669935/; classtype:trojan-activity;sid:84533035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669936)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669936/; classtype:trojan-activity;sid:84533036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.144.132.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669929/; classtype:trojan-activity;sid:84533029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.129.14.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669930/; classtype:trojan-activity;sid:84533030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669931)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.245.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669931/; classtype:trojan-activity;sid:84533031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669932)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.28.162.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669932/; classtype:trojan-activity;sid:84533032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669933)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.28.162.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669933/; classtype:trojan-activity;sid:84533033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.162.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669934/; classtype:trojan-activity;sid:84533034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.144.132.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669927/; classtype:trojan-activity;sid:84533027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669928)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.34.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669928/; classtype:trojan-activity;sid:84533028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669926)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.129.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669926/; classtype:trojan-activity;sid:84533026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669925)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.189.187.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669925/; classtype:trojan-activity;sid:84533025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669923)"; flow:established,from_client; content:"GET"; http_method; content:"/xe.google|3f|t=aw4se1jf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vgg.ndoq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669923/; classtype:trojan-activity;sid:84533023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669924)"; flow:established,from_client; content:"GET"; http_method; content:"/xe.google|3f|t=dl7meq6e"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vgg.ndoq0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669924/; classtype:trojan-activity;sid:84533024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669921)"; flow:established,from_client; content:"GET"; http_method; content:"/pz6i2g7asv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.zk5e7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669921/; classtype:trojan-activity;sid:84533021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669922)"; flow:established,from_client; content:"GET"; http_method; content:"/va70uinun4.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"q2g.mg-1-u-5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669922/; classtype:trojan-activity;sid:84533022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669920/; classtype:trojan-activity;sid:84533020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.143.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669919/; classtype:trojan-activity;sid:84533019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669918)"; flow:established,from_client; content:"GET"; http_method; content:"/lyc41qn67e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.zk5e7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669918/; classtype:trojan-activity;sid:84533018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669917)"; flow:established,from_client; content:"GET"; http_method; content:"/se.check|3f|t=7du8fsp7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wyp.vbep3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669917/; classtype:trojan-activity;sid:84533017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669916)"; flow:established,from_client; content:"GET"; http_method; content:"/se.check|3f|t=ujn7bz5h"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wyp.vbep3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669916/; classtype:trojan-activity;sid:84533016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669915)"; flow:established,from_client; content:"GET"; http_method; content:"/niswr7liqz.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"q2g.mg-1-u-5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669915/; classtype:trojan-activity;sid:84533015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.238.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669914/; classtype:trojan-activity;sid:84533014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669913)"; flow:established,from_client; content:"GET"; http_method; content:"/pq1br65xxb.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"q2g.mg-1-u-5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669913/; classtype:trojan-activity;sid:84533013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669912)"; flow:established,from_client; content:"GET"; http_method; content:"/4x.google|3f|t=krytq7gq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cg.vbep3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669912/; classtype:trojan-activity;sid:84533012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669911)"; flow:established,from_client; content:"GET"; http_method; content:"/4x.google|3f|t=61vuom0a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cg.vbep3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669911/; classtype:trojan-activity;sid:84533011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669910)"; flow:established,from_client; content:"GET"; http_method; content:"/j3xor72r69.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.zk5e7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669910/; classtype:trojan-activity;sid:84533010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669909)"; flow:established,from_client; content:"GET"; http_method; content:"/3ohtfxginm.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"02a.mg-1-u-5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669909/; classtype:trojan-activity;sid:84533009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669908)"; flow:established,from_client; content:"GET"; http_method; content:"/z3.google|3f|t=sjvddqoy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6j.vbep3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669908/; classtype:trojan-activity;sid:84533008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669907)"; flow:established,from_client; content:"GET"; http_method; content:"/gd9io68vs0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.zk5e7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669907/; classtype:trojan-activity;sid:84533007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669906)"; flow:established,from_client; content:"GET"; http_method; content:"/z3.google|3f|t=08ggepkk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6j.vbep3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669906/; classtype:trojan-activity;sid:84533006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669905/; classtype:trojan-activity;sid:84533005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.198.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669904/; classtype:trojan-activity;sid:84533004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.238.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669903/; classtype:trojan-activity;sid:84533003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669902)"; flow:established,from_client; content:"GET"; http_method; content:"/7mpar7juan.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"02a.mg-1-u-5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669902/; classtype:trojan-activity;sid:84533002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669901)"; flow:established,from_client; content:"GET"; http_method; content:"/615.google|3f|t=kgmzkjz3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lio.vbep3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669901/; classtype:trojan-activity;sid:84533001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669900)"; flow:established,from_client; content:"GET"; http_method; content:"/615.google|3f|t=xlosejki"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lio.vbep3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669900/; classtype:trojan-activity;sid:84533000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669899)"; flow:established,from_client; content:"GET"; http_method; content:"/an24lzro3x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.zk5e7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669899/; classtype:trojan-activity;sid:84532999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.154.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669898/; classtype:trojan-activity;sid:84532998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669897)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5174701268/ykfer5k.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669897/; classtype:trojan-activity;sid:84532997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669896)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/build.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"serasoo.direct.quickconnect.to"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669896/; classtype:trojan-activity;sid:84532996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669894)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8031475696/03c5lpt.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669894/; classtype:trojan-activity;sid:84532994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669895)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7639673951/yk2ruqy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669895/; classtype:trojan-activity;sid:84532995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669893)"; flow:established,from_client; content:"GET"; http_method; content:"/test/exe/random2.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669893/; classtype:trojan-activity;sid:84532993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669892)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.250.60.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669892/; classtype:trojan-activity;sid:84532992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669889)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7269512085/ghd58.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669889/; classtype:trojan-activity;sid:84532989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669890)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/index.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669890/; classtype:trojan-activity;sid:84532990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669891)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8031475696/03c5lpt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669891/; classtype:trojan-activity;sid:84532991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669888)"; flow:established,from_client; content:"GET"; http_method; content:"/ilx5315le0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.zk5e7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669888/; classtype:trojan-activity;sid:84532988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669887)"; flow:established,from_client; content:"GET"; http_method; content:"/p2r.google|3f|t=785ltnfv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7n.vbep3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669887/; classtype:trojan-activity;sid:84532987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.61.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669886/; classtype:trojan-activity;sid:84532986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669884)"; flow:established,from_client; content:"GET"; http_method; content:"/p2r.google|3f|t=m0wk3jfz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7n.vbep3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669884/; classtype:trojan-activity;sid:84532984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669885)"; flow:established,from_client; content:"GET"; http_method; content:"/xhqii1n179.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pf.mg-1-u-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669885/; classtype:trojan-activity;sid:84532985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.102.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669883/; classtype:trojan-activity;sid:84532983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669882)"; flow:established,from_client; content:"GET"; http_method; content:"/wv516n39tq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pf.mg-1-u-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669882/; classtype:trojan-activity;sid:84532982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669881)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.google|3f|t=xq1e5u0j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hk.vbep3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669881/; classtype:trojan-activity;sid:84532981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669880/; classtype:trojan-activity;sid:84532980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669879)"; flow:established,from_client; content:"GET"; http_method; content:"/39z7ss3pqo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.zk5e7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669879/; classtype:trojan-activity;sid:84532979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669878)"; flow:established,from_client; content:"GET"; http_method; content:"/xi.google|3f|t=cqc0uk23"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hk.vbep3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669878/; classtype:trojan-activity;sid:84532978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669877/; classtype:trojan-activity;sid:84532977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.154.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669876/; classtype:trojan-activity;sid:84532976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669875)"; flow:established,from_client; content:"GET"; http_method; content:"/7gicktbort.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.zk5e7.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669875/; classtype:trojan-activity;sid:84532975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669874)"; flow:established,from_client; content:"GET"; http_method; content:"/nn4fsblsxl.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"r79.mg-1-u-5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669874/; classtype:trojan-activity;sid:84532974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669873)"; flow:established,from_client; content:"GET"; http_method; content:"/4y.check|3f|t=v9ogwyns"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"1k.vbep3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669873/; classtype:trojan-activity;sid:84532973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669872)"; flow:established,from_client; content:"GET"; http_method; content:"/4y.check|3f|t=b84c9wce"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"1k.vbep3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669872/; classtype:trojan-activity;sid:84532972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.102.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669871/; classtype:trojan-activity;sid:84532971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669870/; classtype:trojan-activity;sid:84532970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669865/; classtype:trojan-activity;sid:84532965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669866/; classtype:trojan-activity;sid:84532966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669867/; classtype:trojan-activity;sid:84532967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.7.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669868/; classtype:trojan-activity;sid:84532968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.148.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669869/; classtype:trojan-activity;sid:84532969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.147.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669864/; classtype:trojan-activity;sid:84532964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669863)"; flow:established,from_client; content:"GET"; http_method; content:"/m7o5a28kz6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.fj4i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669863/; classtype:trojan-activity;sid:84532963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669862)"; flow:established,from_client; content:"GET"; http_method; content:"/7ndvhxd7xg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"r2.mg-1-u-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669862/; classtype:trojan-activity;sid:84532962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669860)"; flow:established,from_client; content:"GET"; http_method; content:"/u8k.google|3f|t=27i8we4f"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31x.rjuq3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669860/; classtype:trojan-activity;sid:84532960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669861)"; flow:established,from_client; content:"GET"; http_method; content:"/u8k.google|3f|t=8cvp16ur"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31x.rjuq3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669861/; classtype:trojan-activity;sid:84532961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669859/; classtype:trojan-activity;sid:84532959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669858)"; flow:established,from_client; content:"GET"; http_method; content:"/vbdxz0dgiz.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vr4.bh-3-i-6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669858/; classtype:trojan-activity;sid:84532958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669857)"; flow:established,from_client; content:"GET"; http_method; content:"/8k.check|3f|t=jj5jtx75"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lf8.rjuq3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669857/; classtype:trojan-activity;sid:84532957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669856)"; flow:established,from_client; content:"GET"; http_method; content:"/8k.check|3f|t=bssd1xkp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lf8.rjuq3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669856/; classtype:trojan-activity;sid:84532956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669855)"; flow:established,from_client; content:"GET"; http_method; content:"/9jw53hz5hm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.fj4i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669855/; classtype:trojan-activity;sid:84532955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.3.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669854/; classtype:trojan-activity;sid:84532954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669853)"; flow:established,from_client; content:"GET"; http_method; content:"/hhpmtp307c.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vr4.bh-3-i-6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669853/; classtype:trojan-activity;sid:84532953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669852)"; flow:established,from_client; content:"GET"; http_method; content:"/s1.check|3f|t=tdf7e01t"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"67.rjuq3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669852/; classtype:trojan-activity;sid:84532952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669851)"; flow:established,from_client; content:"GET"; http_method; content:"/u1g3owjusj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.fj4i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669851/; classtype:trojan-activity;sid:84532951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669850)"; flow:established,from_client; content:"GET"; http_method; content:"/s1.check|3f|t=xzlweei8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"67.rjuq3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669850/; classtype:trojan-activity;sid:84532950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669849)"; flow:established,from_client; content:"GET"; http_method; content:"/sme78506eb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.fj4i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669849/; classtype:trojan-activity;sid:84532949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669847)"; flow:established,from_client; content:"GET"; http_method; content:"/mc.check|3f|t=qkkcuoo3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z1f.rjuq3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669847/; classtype:trojan-activity;sid:84532947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669848)"; flow:established,from_client; content:"GET"; http_method; content:"/mc.check|3f|t=nnelqq7c"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z1f.rjuq3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669848/; classtype:trojan-activity;sid:84532948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669846)"; flow:established,from_client; content:"GET"; http_method; content:"/mg85v853kx.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"jvu.bh-3-i-6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669846/; classtype:trojan-activity;sid:84532946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.77.146.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669845/; classtype:trojan-activity;sid:84532945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.3.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669844/; classtype:trojan-activity;sid:84532944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669843)"; flow:established,from_client; content:"GET"; http_method; content:"/ttbaeno3t8.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"gd.bh-3-i-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669843/; classtype:trojan-activity;sid:84532943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669842)"; flow:established,from_client; content:"GET"; http_method; content:"/8r.google|3f|t=re299ici"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b5d.rjuq3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669842/; classtype:trojan-activity;sid:84532942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669841)"; flow:established,from_client; content:"GET"; http_method; content:"/5kyvnk1jkg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.fj4i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669841/; classtype:trojan-activity;sid:84532941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669840)"; flow:established,from_client; content:"GET"; http_method; content:"/8r.google|3f|t=2zyud0vv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b5d.rjuq3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669840/; classtype:trojan-activity;sid:84532940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.53.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669839/; classtype:trojan-activity;sid:84532939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.86.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669837/; classtype:trojan-activity;sid:84532937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.77.146.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669838/; classtype:trojan-activity;sid:84532938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669836)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.check|3f|t=fy2y020u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"at7.rjuq3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669836/; classtype:trojan-activity;sid:84532936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669834)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.check|3f|t=sq5jp83r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"at7.rjuq3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669834/; classtype:trojan-activity;sid:84532934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669835)"; flow:established,from_client; content:"GET"; http_method; content:"/v3oa99mfy5.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wpy.bh-3-i-6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669835/; classtype:trojan-activity;sid:84532935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.213.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669833/; classtype:trojan-activity;sid:84532933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.229.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669832/; classtype:trojan-activity;sid:84532932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669831)"; flow:established,from_client; content:"GET"; http_method; content:"/28d165ljx5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.fj4i6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669831/; classtype:trojan-activity;sid:84532931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669830)"; flow:established,from_client; content:"GET"; http_method; content:"/vov.google|3f|t=niskgccg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"6c.rjuq3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669830/; classtype:trojan-activity;sid:84532930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669829)"; flow:established,from_client; content:"GET"; http_method; content:"/vov.google|3f|t=fpuspbbj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"6c.rjuq3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669829/; classtype:trojan-activity;sid:84532929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669828)"; flow:established,from_client; content:"GET"; http_method; content:"/ujgx7j3jrm.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"lk.bh-3-i-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669828/; classtype:trojan-activity;sid:84532928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.27.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669827/; classtype:trojan-activity;sid:84532927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669826)"; flow:established,from_client; content:"GET"; http_method; content:"/lsg.check|3f|t=7j3q2bjw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kf.bvuf2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669826/; classtype:trojan-activity;sid:84532926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669825)"; flow:established,from_client; content:"GET"; http_method; content:"/6yizvy7i0b.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"lk.bh-3-i-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669825/; classtype:trojan-activity;sid:84532925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.53.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669824/; classtype:trojan-activity;sid:84532924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669823)"; flow:established,from_client; content:"GET"; http_method; content:"/re53rwstt3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.fq1y8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669823/; classtype:trojan-activity;sid:84532923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669822)"; flow:established,from_client; content:"GET"; http_method; content:"/lsg.check|3f|t=jumbsfp7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kf.bvuf2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669822/; classtype:trojan-activity;sid:84532922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669821)"; flow:established,from_client; content:"GET"; http_method; content:"/2sahkzg610.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"lk.bh-3-i-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669821/; classtype:trojan-activity;sid:84532921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669820)"; flow:established,from_client; content:"GET"; http_method; content:"/95ajclhj00.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.fq1y8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669820/; classtype:trojan-activity;sid:84532920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669818)"; flow:established,from_client; content:"GET"; http_method; content:"/zl.google|3f|t=qtc60xgu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ai.bvuf2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669818/; classtype:trojan-activity;sid:84532918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669819)"; flow:established,from_client; content:"GET"; http_method; content:"/zl.google|3f|t=ei0eol3o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ai.bvuf2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669819/; classtype:trojan-activity;sid:84532919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669817/; classtype:trojan-activity;sid:84532917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669816)"; flow:established,from_client; content:"GET"; http_method; content:"/f807ljd9xo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.fq1y8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669816/; classtype:trojan-activity;sid:84532916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669815)"; flow:established,from_client; content:"GET"; http_method; content:"/8l.check|3f|t=vq4dggd4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"jdv.bvuf2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669815/; classtype:trojan-activity;sid:84532915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.213.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669814/; classtype:trojan-activity;sid:84532914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669813)"; flow:established,from_client; content:"GET"; http_method; content:"/dtu.check|3f|t=j8tly356"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1jd.bvuf2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669813/; classtype:trojan-activity;sid:84532913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669812)"; flow:established,from_client; content:"GET"; http_method; content:"/am75h0ewk3.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"s64.bh-3-i-6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669812/; classtype:trojan-activity;sid:84532912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.27.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669811/; classtype:trojan-activity;sid:84532911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669810)"; flow:established,from_client; content:"GET"; http_method; content:"/282miq9h1h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.fj4i6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669810/; classtype:trojan-activity;sid:84532910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669809)"; flow:established,from_client; content:"GET"; http_method; content:"/dtu.check|3f|t=moe6cbf5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1jd.bvuf2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669809/; classtype:trojan-activity;sid:84532909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.193.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669808/; classtype:trojan-activity;sid:84532908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669807)"; flow:established,from_client; content:"GET"; http_method; content:"/bc.game-new-installer.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"223.16.184.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669807/; classtype:trojan-activity;sid:84532907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.202.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669806/; classtype:trojan-activity;sid:84532906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.87.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669805/; classtype:trojan-activity;sid:84532905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669804)"; flow:established,from_client; content:"GET"; http_method; content:"/yl54tsl7r9.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1z3.ss-9-y-4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669804/; classtype:trojan-activity;sid:84532904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669803)"; flow:established,from_client; content:"GET"; http_method; content:"/yo.check|3f|t=venzpdxv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mi.bvuf2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669803/; classtype:trojan-activity;sid:84532903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669802)"; flow:established,from_client; content:"GET"; http_method; content:"/yo.check|3f|t=6fcvm4k6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mi.bvuf2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669802/; classtype:trojan-activity;sid:84532902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669801)"; flow:established,from_client; content:"GET"; http_method; content:"/vbgg6rc2h7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.fj4i6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669801/; classtype:trojan-activity;sid:84532901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669800)"; flow:established,from_client; content:"GET"; http_method; content:"/2uuw5kb124.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1z3.ss-9-y-4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669800/; classtype:trojan-activity;sid:84532900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669799)"; flow:established,from_client; content:"GET"; http_method; content:"/ae.google|3f|t=rth38wlw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2f.bvuf2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669799/; classtype:trojan-activity;sid:84532899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.207.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669798/; classtype:trojan-activity;sid:84532898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.44.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669797/; classtype:trojan-activity;sid:84532897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.202.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669796/; classtype:trojan-activity;sid:84532896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669794)"; flow:established,from_client; content:"GET"; http_method; content:"/ae.google|3f|t=4a6mh8xj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2f.bvuf2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669794/; classtype:trojan-activity;sid:84532894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669795)"; flow:established,from_client; content:"GET"; http_method; content:"/oashzrmlef.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.fq1y8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669795/; classtype:trojan-activity;sid:84532895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.237.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669793/; classtype:trojan-activity;sid:84532893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669792)"; flow:established,from_client; content:"GET"; http_method; content:"/hqt8t9ieib.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.fq1y8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669792/; classtype:trojan-activity;sid:84532892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.177.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669791/; classtype:trojan-activity;sid:84532891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669790)"; flow:established,from_client; content:"GET"; http_method; content:"/lu.google|3f|t=rleahl1n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wz.bvuf2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669790/; classtype:trojan-activity;sid:84532890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.74.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669789/; classtype:trojan-activity;sid:84532889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669788)"; flow:established,from_client; content:"GET"; http_method; content:"/p5tj7kf4hf.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"gc.ss-9-y-4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669788/; classtype:trojan-activity;sid:84532888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669787)"; flow:established,from_client; content:"GET"; http_method; content:"/lu.google|3f|t=jvaakui5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wz.bvuf2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669787/; classtype:trojan-activity;sid:84532887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669786)"; flow:established,from_client; content:"GET"; http_method; content:"/hiuje2996o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.fq1y8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669786/; classtype:trojan-activity;sid:84532886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669785)"; flow:established,from_client; content:"GET"; http_method; content:"/uzj.check|3f|t=bxb3wwbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cv.gdyl2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669785/; classtype:trojan-activity;sid:84532885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669783)"; flow:established,from_client; content:"GET"; http_method; content:"/lu.google|3f|t=egt06o6x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wz.bvuf2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669783/; classtype:trojan-activity;sid:84532883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669784)"; flow:established,from_client; content:"GET"; http_method; content:"/hownngmvvk.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"gc.ss-9-y-4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669784/; classtype:trojan-activity;sid:84532884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669782)"; flow:established,from_client; content:"GET"; http_method; content:"/jhbmscy1ub.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"gc.ss-9-y-4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669782/; classtype:trojan-activity;sid:84532882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669781)"; flow:established,from_client; content:"GET"; http_method; content:"/uzj.check|3f|t=nsqfh1aa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cv.gdyl2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669781/; classtype:trojan-activity;sid:84532881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669780)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669780/; classtype:trojan-activity;sid:84532880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669779)"; flow:established,from_client; content:"GET"; http_method; content:"/7i1vpjwyxu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.fq1y8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669779/; classtype:trojan-activity;sid:84532879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669776)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669776/; classtype:trojan-activity;sid:84532876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669777)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669777/; classtype:trojan-activity;sid:84532877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669778)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.check|3f|t=uqgvigx3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lv.gdyl2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669778/; classtype:trojan-activity;sid:84532878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669774)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86-debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669774/; classtype:trojan-activity;sid:84532874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669775)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/sh4.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669775/; classtype:trojan-activity;sid:84532875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669773/; classtype:trojan-activity;sid:84532873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669772)"; flow:established,from_client; content:"GET"; http_method; content:"/fsho82gkk6.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2zi.ss-9-y-4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669772/; classtype:trojan-activity;sid:84532872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669771)"; flow:established,from_client; content:"GET"; http_method; content:"/cr.check|3f|t=bqd14hhr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lv.gdyl2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669771/; classtype:trojan-activity;sid:84532871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669770)"; flow:established,from_client; content:"GET"; http_method; content:"/app.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"495161.yummygorgeous.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669770/; classtype:trojan-activity;sid:84532870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669769)"; flow:established,from_client; content:"GET"; http_method; content:"/mfuuk58e05.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2zi.ss-9-y-4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669769/; classtype:trojan-activity;sid:84532869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669768)"; flow:established,from_client; content:"GET"; http_method; content:"/f38.google|3f|t=9o33pbld"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w3.gdyl2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669768/; classtype:trojan-activity;sid:84532868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.55.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669766/; classtype:trojan-activity;sid:84532866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669767)"; flow:established,from_client; content:"GET"; http_method; content:"/euz7x0nbn7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.fq1y8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669767/; classtype:trojan-activity;sid:84532867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669765)"; flow:established,from_client; content:"GET"; http_method; content:"/f38.google|3f|t=mf11dn7r"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w3.gdyl2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669765/; classtype:trojan-activity;sid:84532865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.243.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669764/; classtype:trojan-activity;sid:84532864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669762)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669762/; classtype:trojan-activity;sid:84532862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669763)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669763/; classtype:trojan-activity;sid:84532863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669759)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669759/; classtype:trojan-activity;sid:84532859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669760)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669760/; classtype:trojan-activity;sid:84532860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669761)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669761/; classtype:trojan-activity;sid:84532861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669754)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669754/; classtype:trojan-activity;sid:84532854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669755)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669755/; classtype:trojan-activity;sid:84532855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669756)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669756/; classtype:trojan-activity;sid:84532856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669757)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669757/; classtype:trojan-activity;sid:84532857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669758)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"164.68.99.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669758/; classtype:trojan-activity;sid:84532858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669753)"; flow:established,from_client; content:"GET"; http_method; content:"/crcsh429qx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.fq1y8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669753/; classtype:trojan-activity;sid:84532853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669752)"; flow:established,from_client; content:"GET"; http_method; content:"/t0x.check|3f|t=dd1m0pup"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rw.gdyl2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669752/; classtype:trojan-activity;sid:84532852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669751)"; flow:established,from_client; content:"GET"; http_method; content:"/3vzsvvgwhc.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sn.ss-9-y-4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669751/; classtype:trojan-activity;sid:84532851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669750)"; flow:established,from_client; content:"GET"; http_method; content:"/t0x.check|3f|t=ahatl8id"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rw.gdyl2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669750/; classtype:trojan-activity;sid:84532850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669749)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.94.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669749/; classtype:trojan-activity;sid:84532849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.55.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669748/; classtype:trojan-activity;sid:84532848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669747)"; flow:established,from_client; content:"GET"; http_method; content:"/qbbb998qei.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sn.ss-9-y-4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669747/; classtype:trojan-activity;sid:84532847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669746)"; flow:established,from_client; content:"GET"; http_method; content:"/i9v.google|3f|t=lredpcgx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nkv.gdyl2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669746/; classtype:trojan-activity;sid:84532846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669745)"; flow:established,from_client; content:"GET"; http_method; content:"/i9v.google|3f|t=p3yc2k7h"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nkv.gdyl2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669745/; classtype:trojan-activity;sid:84532845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669744)"; flow:established,from_client; content:"GET"; http_method; content:"/gl2rd77q6w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.fq1y8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669744/; classtype:trojan-activity;sid:84532844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.74.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669743/; classtype:trojan-activity;sid:84532843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.81.96.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669742/; classtype:trojan-activity;sid:84532842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.237.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669741/; classtype:trojan-activity;sid:84532841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669740)"; flow:established,from_client; content:"GET"; http_method; content:"/wc9s59tqaq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.fq1y8.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669740/; classtype:trojan-activity;sid:84532840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669739)"; flow:established,from_client; content:"GET"; http_method; content:"/czg.check|3f|t=wm3f2pnu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"o6v.gdyl2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669739/; classtype:trojan-activity;sid:84532839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669737)"; flow:established,from_client; content:"GET"; http_method; content:"/czg.check|3f|t=42buoay1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"o6v.gdyl2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669737/; classtype:trojan-activity;sid:84532837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669738)"; flow:established,from_client; content:"GET"; http_method; content:"/sfmo31dmi7.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"11.ss-9-y-4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669738/; classtype:trojan-activity;sid:84532838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.21.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669736/; classtype:trojan-activity;sid:84532836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.81.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669735/; classtype:trojan-activity;sid:84532835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.84.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669734/; classtype:trojan-activity;sid:84532834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.81.96.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669733/; classtype:trojan-activity;sid:84532833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669732)"; flow:established,from_client; content:"GET"; http_method; content:"/z1ga9xuwdb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.db3a4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669732/; classtype:trojan-activity;sid:84532832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.239.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669731/; classtype:trojan-activity;sid:84532831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669726)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669726/; classtype:trojan-activity;sid:84532826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669727)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669727/; classtype:trojan-activity;sid:84532827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669728)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669728/; classtype:trojan-activity;sid:84532828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669729)"; flow:established,from_client; content:"GET"; http_method; content:"/afs4i69aiq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"11.ss-9-y-4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669729/; classtype:trojan-activity;sid:84532829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669730)"; flow:established,from_client; content:"GET"; http_method; content:"/y5h7imfra2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.db3a4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669730/; classtype:trojan-activity;sid:84532830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669724)"; flow:established,from_client; content:"GET"; http_method; content:"/34ga4dcxqz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.db3a4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669724/; classtype:trojan-activity;sid:84532824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669725)"; flow:established,from_client; content:"GET"; http_method; content:"/lva7kiup3a.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pw.ss-9-y-4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669725/; classtype:trojan-activity;sid:84532825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669720)"; flow:established,from_client; content:"GET"; http_method; content:"/rx.check|3f|t=0ka36c2g"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qx.kjyx7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669720/; classtype:trojan-activity;sid:84532820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669721)"; flow:established,from_client; content:"GET"; http_method; content:"/rx.check|3f|t=4ezwmcgj"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qx.kjyx7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669721/; classtype:trojan-activity;sid:84532821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669722)"; flow:established,from_client; content:"GET"; http_method; content:"/8d.google|3f|t=ly0dz7d6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"omg.gdyl2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669722/; classtype:trojan-activity;sid:84532822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669723)"; flow:established,from_client; content:"GET"; http_method; content:"/8d.google|3f|t=43y3ojp9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"omg.gdyl2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669723/; classtype:trojan-activity;sid:84532823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.84.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669719/; classtype:trojan-activity;sid:84532819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669707)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669707/; classtype:trojan-activity;sid:84532807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669708)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669708/; classtype:trojan-activity;sid:84532808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669709)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669709/; classtype:trojan-activity;sid:84532809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669710)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669710/; classtype:trojan-activity;sid:84532810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669711)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669711/; classtype:trojan-activity;sid:84532811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669712)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669712/; classtype:trojan-activity;sid:84532812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669713)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669713/; classtype:trojan-activity;sid:84532813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669714)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669714/; classtype:trojan-activity;sid:84532814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669715)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669715/; classtype:trojan-activity;sid:84532815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.126.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669716/; classtype:trojan-activity;sid:84532816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669717)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669717/; classtype:trojan-activity;sid:84532817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.118.33.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669718/; classtype:trojan-activity;sid:84532818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669706)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669706/; classtype:trojan-activity;sid:84532806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669705)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669705/; classtype:trojan-activity;sid:84532805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669701)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669701/; classtype:trojan-activity;sid:84532801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669702)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669702/; classtype:trojan-activity;sid:84532802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669703)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669703/; classtype:trojan-activity;sid:84532803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669704)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669704/; classtype:trojan-activity;sid:84532804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669693)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669693/; classtype:trojan-activity;sid:84532793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669694)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669694/; classtype:trojan-activity;sid:84532794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669695)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669695/; classtype:trojan-activity;sid:84532795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669696)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669696/; classtype:trojan-activity;sid:84532796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669697)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669697/; classtype:trojan-activity;sid:84532797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669698)"; flow:established,from_client; content:"GET"; http_method; content:"/sl27eiahgj.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9h2.rk-8-y-6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669698/; classtype:trojan-activity;sid:84532798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669699)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669699/; classtype:trojan-activity;sid:84532799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669700)"; flow:established,from_client; content:"GET"; http_method; content:"/ntc.check|3f|t=c796gf2h"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"umw.kjyx7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669700/; classtype:trojan-activity;sid:84532800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669690)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669690/; classtype:trojan-activity;sid:84532790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669691)"; flow:established,from_client; content:"GET"; http_method; content:"/6st7w3ba7d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.db3a4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669691/; classtype:trojan-activity;sid:84532791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669692)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669692/; classtype:trojan-activity;sid:84532792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669688)"; flow:established,from_client; content:"GET"; http_method; content:"/3k7.check|3f|t=g7zzyqhq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qrk.kjyx7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669688/; classtype:trojan-activity;sid:84532788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669689)"; flow:established,from_client; content:"GET"; http_method; content:"/3k7.check|3f|t=zlq57emm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qrk.kjyx7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669689/; classtype:trojan-activity;sid:84532789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669679)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669679/; classtype:trojan-activity;sid:84532779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669680)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669680/; classtype:trojan-activity;sid:84532780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669681)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669681/; classtype:trojan-activity;sid:84532781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669682)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669682/; classtype:trojan-activity;sid:84532782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669683)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669683/; classtype:trojan-activity;sid:84532783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669684)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669684/; classtype:trojan-activity;sid:84532784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669685)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86_64"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669685/; classtype:trojan-activity;sid:84532785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669686)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669686/; classtype:trojan-activity;sid:84532786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669687)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669687/; classtype:trojan-activity;sid:84532787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669667)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669667/; classtype:trojan-activity;sid:84532767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669668)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669668/; classtype:trojan-activity;sid:84532768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669669)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669669/; classtype:trojan-activity;sid:84532769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669670)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669670/; classtype:trojan-activity;sid:84532770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669671)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669671/; classtype:trojan-activity;sid:84532771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669672)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669672/; classtype:trojan-activity;sid:84532772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669673)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669673/; classtype:trojan-activity;sid:84532773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669674)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669674/; classtype:trojan-activity;sid:84532774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669675)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669675/; classtype:trojan-activity;sid:84532775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669676)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669676/; classtype:trojan-activity;sid:84532776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669677)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669677/; classtype:trojan-activity;sid:84532777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669678)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669678/; classtype:trojan-activity;sid:84532778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669664)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669664/; classtype:trojan-activity;sid:84532764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669665)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669665/; classtype:trojan-activity;sid:84532765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669666)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"scan.504.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669666/; classtype:trojan-activity;sid:84532766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669661)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669661/; classtype:trojan-activity;sid:84532761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669662)"; flow:established,from_client; content:"GET"; http_method; content:"/76d32be0.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669662/; classtype:trojan-activity;sid:84532762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669663)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86_64"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"cnc.504.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669663/; classtype:trojan-activity;sid:84532763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669660)"; flow:established,from_client; content:"GET"; http_method; content:"/h3xx0i1o7r.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"m3.rk-8-y-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669660/; classtype:trojan-activity;sid:84532760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669659)"; flow:established,from_client; content:"GET"; http_method; content:"/ntc.check|3f|t=a8b0x224"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"umw.kjyx7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669659/; classtype:trojan-activity;sid:84532759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669658)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669658/; classtype:trojan-activity;sid:84532758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669650)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669650/; classtype:trojan-activity;sid:84532750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669651)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669651/; classtype:trojan-activity;sid:84532751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669652)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669652/; classtype:trojan-activity;sid:84532752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669653)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669653/; classtype:trojan-activity;sid:84532753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669654)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669654/; classtype:trojan-activity;sid:84532754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669655)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669655/; classtype:trojan-activity;sid:84532755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669656)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669656/; classtype:trojan-activity;sid:84532756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669657)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669657/; classtype:trojan-activity;sid:84532757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669648)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86_64"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669648/; classtype:trojan-activity;sid:84532748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.0.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669647/; classtype:trojan-activity;sid:84532747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669646/; classtype:trojan-activity;sid:84532746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669644)"; flow:established,from_client; content:"GET"; http_method; content:"/juh.google|3f|t=x8zvoh8z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7k.kjyx7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669644/; classtype:trojan-activity;sid:84532744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669645)"; flow:established,from_client; content:"GET"; http_method; content:"/vzghmxnjmq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ui.rk-8-y-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669645/; classtype:trojan-activity;sid:84532745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669642)"; flow:established,from_client; content:"GET"; http_method; content:"/juh.google|3f|t=8wlo8cn3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7k.kjyx7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669642/; classtype:trojan-activity;sid:84532742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669643)"; flow:established,from_client; content:"GET"; http_method; content:"/qu3ez2zhrf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.db3a4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669643/; classtype:trojan-activity;sid:84532743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.243.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669641/; classtype:trojan-activity;sid:84532741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.119.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669640/; classtype:trojan-activity;sid:84532740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669639)"; flow:established,from_client; content:"GET"; http_method; content:"/04mqvg6yhg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.db3a4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669639/; classtype:trojan-activity;sid:84532739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669638)"; flow:established,from_client; content:"GET"; http_method; content:"/zs.check|3f|t=l2xbylep"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"l2v.kjyx7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669638/; classtype:trojan-activity;sid:84532738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.241.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669637/; classtype:trojan-activity;sid:84532737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.126.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669636/; classtype:trojan-activity;sid:84532736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669635)"; flow:established,from_client; content:"GET"; http_method; content:"/i47j94rfn4.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"6z.rk-8-y-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669635/; classtype:trojan-activity;sid:84532735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669634)"; flow:established,from_client; content:"GET"; http_method; content:"/zs.check|3f|t=v86sfuko"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"l2v.kjyx7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669634/; classtype:trojan-activity;sid:84532734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.213.32.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669633/; classtype:trojan-activity;sid:84532733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.24.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669632/; classtype:trojan-activity;sid:84532732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669631)"; flow:established,from_client; content:"GET"; http_method; content:"/m235hl3edu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.db3a4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669631/; classtype:trojan-activity;sid:84532731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669630)"; flow:established,from_client; content:"GET"; http_method; content:"/r9.google|3f|t=oeyhit2f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ayl.kjyx7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669630/; classtype:trojan-activity;sid:84532730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.0.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669629/; classtype:trojan-activity;sid:84532729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669628)"; flow:established,from_client; content:"GET"; http_method; content:"/2bo6s172mx.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"qa.rk-8-y-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669628/; classtype:trojan-activity;sid:84532728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669627)"; flow:established,from_client; content:"GET"; http_method; content:"/r9.google|3f|t=hoe7t8sw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ayl.kjyx7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669627/; classtype:trojan-activity;sid:84532727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669626)"; flow:established,from_client; content:"GET"; http_method; content:"/5o.google|3f|t=c3187f17"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lyg.kjyx7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669626/; classtype:trojan-activity;sid:84532726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669625)"; flow:established,from_client; content:"GET"; http_method; content:"/371ok42gcr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.db3a4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669625/; classtype:trojan-activity;sid:84532725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669624)"; flow:established,from_client; content:"GET"; http_method; content:"/5o.google|3f|t=labsxcxe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lyg.kjyx7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669624/; classtype:trojan-activity;sid:84532724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669623)"; flow:established,from_client; content:"GET"; http_method; content:"/w819516e9h.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1qb.rk-8-y-6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669623/; classtype:trojan-activity;sid:84532723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669622)"; flow:established,from_client; content:"GET"; http_method; content:"/q4.google|3f|t=darmxipq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y4.mcej9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669622/; classtype:trojan-activity;sid:84532722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669621)"; flow:established,from_client; content:"GET"; http_method; content:"/gkq9cp72te.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1qb.rk-8-y-6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669621/; classtype:trojan-activity;sid:84532721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669620)"; flow:established,from_client; content:"GET"; http_method; content:"/cy3dwogxrb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.rd1a2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669620/; classtype:trojan-activity;sid:84532720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669619)"; flow:established,from_client; content:"GET"; http_method; content:"/q4.google|3f|t=att6soun"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"y4.mcej9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669619/; classtype:trojan-activity;sid:84532719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.20.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669618/; classtype:trojan-activity;sid:84532718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.173.199.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669617/; classtype:trojan-activity;sid:84532717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669616)"; flow:established,from_client; content:"GET"; http_method; content:"/545uooxzua.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.rd1a2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669616/; classtype:trojan-activity;sid:84532716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669615)"; flow:established,from_client; content:"GET"; http_method; content:"/1gyhjwe0ns.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ee.fp-0-y-9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669615/; classtype:trojan-activity;sid:84532715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669613)"; flow:established,from_client; content:"GET"; http_method; content:"/a6h.check|3f|t=azd9ukpy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0jz.mcej9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669613/; classtype:trojan-activity;sid:84532713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669614)"; flow:established,from_client; content:"GET"; http_method; content:"/a6h.check|3f|t=9hptepn8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0jz.mcej9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669614/; classtype:trojan-activity;sid:84532714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.191.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669611/; classtype:trojan-activity;sid:84532711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.30.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669612/; classtype:trojan-activity;sid:84532712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669610/; classtype:trojan-activity;sid:84532710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669608)"; flow:established,from_client; content:"GET"; http_method; content:"/y1.check|3f|t=0tkyk8su"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"prr.mcej9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669608/; classtype:trojan-activity;sid:84532708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669609)"; flow:established,from_client; content:"GET"; http_method; content:"/za7yoluzug.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.rd1a2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669609/; classtype:trojan-activity;sid:84532709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669606)"; flow:established,from_client; content:"GET"; http_method; content:"/y1.check|3f|t=gcmgx3q8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"prr.mcej9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669606/; classtype:trojan-activity;sid:84532706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669607)"; flow:established,from_client; content:"GET"; http_method; content:"/36afoag5br.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2tj.fp-0-y-9.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669607/; classtype:trojan-activity;sid:84532707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669605)"; flow:established,from_client; content:"GET"; http_method; content:"/gjs7sdfvsde/plugins/cred64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windowsedgeupdater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669605/; classtype:trojan-activity;sid:84532705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669604)"; flow:established,from_client; content:"GET"; http_method; content:"/gjs7sdfvsde/plugins/clip.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"windowsedgeupdater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669604/; classtype:trojan-activity;sid:84532704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669603)"; flow:established,from_client; content:"GET"; http_method; content:"/gjs7sdfvsde/plugins/cred.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"windowsedgeupdater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669603/; classtype:trojan-activity;sid:84532703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669602)"; flow:established,from_client; content:"GET"; http_method; content:"/8j.google|3f|t=z36uforu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uo.mcej9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669602/; classtype:trojan-activity;sid:84532702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669596)"; flow:established,from_client; content:"GET"; http_method; content:"/04sybwm7yv.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ubs.fp-0-y-9.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669596/; classtype:trojan-activity;sid:84532696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669597)"; flow:established,from_client; content:"GET"; http_method; content:"/gjs7sdfvsde/plugins/clip.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.224.92.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669597/; classtype:trojan-activity;sid:84532697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669598)"; flow:established,from_client; content:"GET"; http_method; content:"/gjs7sdfvsde/plugins/cred.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.224.92.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669598/; classtype:trojan-activity;sid:84532698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669599)"; flow:established,from_client; content:"GET"; http_method; content:"/gjs7sdfvsde/plugins/vnc.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.224.92.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669599/; classtype:trojan-activity;sid:84532699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669600)"; flow:established,from_client; content:"GET"; http_method; content:"/gjs7sdfvsde/plugins/cred64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.224.92.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669600/; classtype:trojan-activity;sid:84532700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669601)"; flow:established,from_client; content:"GET"; http_method; content:"/gjs7sdfvsde/plugins/vnc.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"windowsedgeupdater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669601/; classtype:trojan-activity;sid:84532701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669594)"; flow:established,from_client; content:"GET"; http_method; content:"/8j.google|3f|t=m0u238vt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uo.mcej9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669594/; classtype:trojan-activity;sid:84532694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669595)"; flow:established,from_client; content:"GET"; http_method; content:"/k5xixz15t9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.rd1a2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669595/; classtype:trojan-activity;sid:84532695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669593)"; flow:established,from_client; content:"GET"; http_method; content:"/ddi.google|3f|t=soy6sefx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w4g.mcej9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669593/; classtype:trojan-activity;sid:84532693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669592)"; flow:established,from_client; content:"GET"; http_method; content:"/79e81tt9vg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ubs.fp-0-y-9.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669592/; classtype:trojan-activity;sid:84532692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.119.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669591/; classtype:trojan-activity;sid:84532691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669590)"; flow:established,from_client; content:"GET"; http_method; content:"/uqrn57ixav.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.rd1a2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669590/; classtype:trojan-activity;sid:84532690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669589)"; flow:established,from_client; content:"GET"; http_method; content:"/ddi.google|3f|t=21als0d0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w4g.mcej9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669589/; classtype:trojan-activity;sid:84532689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669588)"; flow:established,from_client; content:"GET"; http_method; content:"/x7aelermtz.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"4y4.fp-0-y-9.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669588/; classtype:trojan-activity;sid:84532688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669587)"; flow:established,from_client; content:"GET"; http_method; content:"/ddi.google|3f|t=18ob21w2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w4g.mcej9.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669587/; classtype:trojan-activity;sid:84532687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.24.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669586/; classtype:trojan-activity;sid:84532686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.204.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669585/; classtype:trojan-activity;sid:84532685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.253.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669584/; classtype:trojan-activity;sid:84532684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.72.238.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669583/; classtype:trojan-activity;sid:84532683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.75.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669582/; classtype:trojan-activity;sid:84532682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669573)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669573/; classtype:trojan-activity;sid:84532673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669574)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.arc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669574/; classtype:trojan-activity;sid:84532674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669575)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669575/; classtype:trojan-activity;sid:84532675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669576)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669576/; classtype:trojan-activity;sid:84532676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669577)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669577/; classtype:trojan-activity;sid:84532677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669578)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669578/; classtype:trojan-activity;sid:84532678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669579)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669579/; classtype:trojan-activity;sid:84532679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669580)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.spc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669580/; classtype:trojan-activity;sid:84532680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669581)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669581/; classtype:trojan-activity;sid:84532681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669570)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669570/; classtype:trojan-activity;sid:84532670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669571)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669571/; classtype:trojan-activity;sid:84532671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669572)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/vdataupdate.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669572/; classtype:trojan-activity;sid:84532672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669569)"; flow:established,from_client; content:"GET"; http_method; content:"/ol.google|3f|t=dyayifaz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a4.mcej9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669569/; classtype:trojan-activity;sid:84532669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669568)"; flow:established,from_client; content:"GET"; http_method; content:"/8ai7czfbu5.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"4y4.fp-0-y-9.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669568/; classtype:trojan-activity;sid:84532668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.70.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669567/; classtype:trojan-activity;sid:84532667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669566)"; flow:established,from_client; content:"GET"; http_method; content:"/ol.google|3f|t=m4ro1c0s"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a4.mcej9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669566/; classtype:trojan-activity;sid:84532666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669565)"; flow:established,from_client; content:"GET"; http_method; content:"/1v8pvceprj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.rd1a2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669565/; classtype:trojan-activity;sid:84532665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669561/; classtype:trojan-activity;sid:84532661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669562/; classtype:trojan-activity;sid:84532662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669563/; classtype:trojan-activity;sid:84532663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669564)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669564/; classtype:trojan-activity;sid:84532664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669559/; classtype:trojan-activity;sid:84532659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669560/; classtype:trojan-activity;sid:84532660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669558/; classtype:trojan-activity;sid:84532658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669553/; classtype:trojan-activity;sid:84532653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669554/; classtype:trojan-activity;sid:84532654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669555/; classtype:trojan-activity;sid:84532655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669556/; classtype:trojan-activity;sid:84532656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669557/; classtype:trojan-activity;sid:84532657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669552)"; flow:established,from_client; content:"GET"; http_method; content:"/43sz155pbq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"f3l.fp-0-y-9.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669552/; classtype:trojan-activity;sid:84532652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669551)"; flow:established,from_client; content:"GET"; http_method; content:"/wgw.check|3f|t=vtw5pl13"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"he.mcej9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669551/; classtype:trojan-activity;sid:84532651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669549)"; flow:established,from_client; content:"GET"; http_method; content:"/wgw.check|3f|t=frfmece6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"he.mcej9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669549/; classtype:trojan-activity;sid:84532649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmx1obnbvo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.rd1a2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669550/; classtype:trojan-activity;sid:84532650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.204.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669548/; classtype:trojan-activity;sid:84532648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669547)"; flow:established,from_client; content:"GET"; http_method; content:"/7e.check|3f|t=we5kutde"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dy.nqyf7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669547/; classtype:trojan-activity;sid:84532647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669546)"; flow:established,from_client; content:"GET"; http_method; content:"/bvnzrvj6zm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.rd1a2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669546/; classtype:trojan-activity;sid:84532646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669544)"; flow:established,from_client; content:"GET"; http_method; content:"/7e.check|3f|t=ssi544pq"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dy.nqyf7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669544/; classtype:trojan-activity;sid:84532644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669545)"; flow:established,from_client; content:"GET"; http_method; content:"/ryfne3ir5r.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"i3.ll-7-y-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669545/; classtype:trojan-activity;sid:84532645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669543)"; flow:established,from_client; content:"GET"; http_method; content:"/ffwt2pbwqm.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"i3.ll-7-y-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669543/; classtype:trojan-activity;sid:84532643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669542)"; flow:established,from_client; content:"GET"; http_method; content:"/ika.google|3f|t=nwvu0hns"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sv.nqyf7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669542/; classtype:trojan-activity;sid:84532642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669541)"; flow:established,from_client; content:"GET"; http_method; content:"/m11tj2ltls.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.bw6u0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669541/; classtype:trojan-activity;sid:84532641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669540)"; flow:established,from_client; content:"GET"; http_method; content:"/ika.google|3f|t=bhlv8ld9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sv.nqyf7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669540/; classtype:trojan-activity;sid:84532640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.177.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669539/; classtype:trojan-activity;sid:84532639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.70.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669538/; classtype:trojan-activity;sid:84532638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669537)"; flow:established,from_client; content:"GET"; http_method; content:"/ikc8cyf4pk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.bw6u0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669537/; classtype:trojan-activity;sid:84532637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669536)"; flow:established,from_client; content:"GET"; http_method; content:"/06f.google|3f|t=2ve6n155"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uwf.nqyf7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669536/; classtype:trojan-activity;sid:84532636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.180.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669535/; classtype:trojan-activity;sid:84532635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.202.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669534/; classtype:trojan-activity;sid:84532634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.5.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669533/; classtype:trojan-activity;sid:84532633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.101.0.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669532/; classtype:trojan-activity;sid:84532632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669531)"; flow:established,from_client; content:"GET"; http_method; content:"/q1.check|3f|t=c50wtby7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"1e.nqyf7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669531/; classtype:trojan-activity;sid:84532631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669530)"; flow:established,from_client; content:"GET"; http_method; content:"/tkly9d125r.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"z5.ll-7-y-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669530/; classtype:trojan-activity;sid:84532630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669529)"; flow:established,from_client; content:"GET"; http_method; content:"/q1.check|3f|t=78fztkgx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"1e.nqyf7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669529/; classtype:trojan-activity;sid:84532629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669528)"; flow:established,from_client; content:"GET"; http_method; content:"/8yn6fkn9td.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.bw6u0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669528/; classtype:trojan-activity;sid:84532628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.76.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669524/; classtype:trojan-activity;sid:84532624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669525/; classtype:trojan-activity;sid:84532625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.99.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669526/; classtype:trojan-activity;sid:84532626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.21.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669527/; classtype:trojan-activity;sid:84532627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.5.253.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669523/; classtype:trojan-activity;sid:84532623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669521)"; flow:established,from_client; content:"GET"; http_method; content:"/mf5.check|3f|t=nimk1cq0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4ed.nqyf7.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669521/; classtype:trojan-activity;sid:84532621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669522)"; flow:established,from_client; content:"GET"; http_method; content:"/gi7ratc0u8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.bw6u0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669522/; classtype:trojan-activity;sid:84532622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.124.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669520/; classtype:trojan-activity;sid:84532620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.244.165.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669519/; classtype:trojan-activity;sid:84532619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.5.253.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669518/; classtype:trojan-activity;sid:84532618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.207.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669517/; classtype:trojan-activity;sid:84532617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.226.208.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669516/; classtype:trojan-activity;sid:84532616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.32.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669515/; classtype:trojan-activity;sid:84532615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.19.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669514/; classtype:trojan-activity;sid:84532614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669513)"; flow:established,from_client; content:"GET"; http_method; content:"/2rgysw1v35.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"07o.ll-7-y-5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669513/; classtype:trojan-activity;sid:84532613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669512)"; flow:established,from_client; content:"GET"; http_method; content:"/m1.check|3f|t=mh1n6ukw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ep.nqyf7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669512/; classtype:trojan-activity;sid:84532612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.21.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669510/; classtype:trojan-activity;sid:84532610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.64.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669511/; classtype:trojan-activity;sid:84532611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.194.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669509/; classtype:trojan-activity;sid:84532609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.99.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669508/; classtype:trojan-activity;sid:84532608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.158.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669507/; classtype:trojan-activity;sid:84532607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669506)"; flow:established,from_client; content:"GET"; http_method; content:"/7ds1krr9xc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.bw6u0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669506/; classtype:trojan-activity;sid:84532606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669505)"; flow:established,from_client; content:"GET"; http_method; content:"/m1.check|3f|t=yqpfpx6z"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ep.nqyf7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669505/; classtype:trojan-activity;sid:84532605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669504)"; flow:established,from_client; content:"GET"; http_method; content:"/a8s.check|3f|t=b6f5ycsv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fv.nqyf7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669504/; classtype:trojan-activity;sid:84532604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669503)"; flow:established,from_client; content:"GET"; http_method; content:"/o7exg47v7x.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"07o.ll-7-y-5.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669503/; classtype:trojan-activity;sid:84532603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.202.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669502/; classtype:trojan-activity;sid:84532602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.24.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669501/; classtype:trojan-activity;sid:84532601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669500)"; flow:established,from_client; content:"GET"; http_method; content:"/nlampcbyoi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.bw6u0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669500/; classtype:trojan-activity;sid:84532600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669499)"; flow:established,from_client; content:"GET"; http_method; content:"/a8s.check|3f|t=ay966zfg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fv.nqyf7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669499/; classtype:trojan-activity;sid:84532599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669498/; classtype:trojan-activity;sid:84532598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.128.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669497/; classtype:trojan-activity;sid:84532597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669496)"; flow:established,from_client; content:"GET"; http_method; content:"/hysf70jq6n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.bw6u0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669496/; classtype:trojan-activity;sid:84532596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669495)"; flow:established,from_client; content:"GET"; http_method; content:"/p3.google|3f|t=ie3f1dty"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hb9.bqet3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669495/; classtype:trojan-activity;sid:84532595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669494)"; flow:established,from_client; content:"GET"; http_method; content:"/jb7ogt39zp.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"7r.ll-7-y-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669494/; classtype:trojan-activity;sid:84532594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669493)"; flow:established,from_client; content:"GET"; http_method; content:"/p3.google|3f|t=rusq6tie"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hb9.bqet3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669493/; classtype:trojan-activity;sid:84532593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.158.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669491/; classtype:trojan-activity;sid:84532591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.43.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669492/; classtype:trojan-activity;sid:84532592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.253.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669490/; classtype:trojan-activity;sid:84532590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.1.251.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669489/; classtype:trojan-activity;sid:84532589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669488)"; flow:established,from_client; content:"GET"; http_method; content:"/9n.check|3f|t=18z2d9be"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"l0a.bqet3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669488/; classtype:trojan-activity;sid:84532588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669487)"; flow:established,from_client; content:"GET"; http_method; content:"/i8n82fdmjk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.bw6u0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669487/; classtype:trojan-activity;sid:84532587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669486)"; flow:established,from_client; content:"GET"; http_method; content:"/9n.check|3f|t=vyzfl735"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"l0a.bqet3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669486/; classtype:trojan-activity;sid:84532586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669485/; classtype:trojan-activity;sid:84532585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669484)"; flow:established,from_client; content:"GET"; http_method; content:"/9artz0tahm.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"no.ll-7-y-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669484/; classtype:trojan-activity;sid:84532584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669483)"; flow:established,from_client; content:"GET"; http_method; content:"/ovtsqrdzq6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.bw6u0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669483/; classtype:trojan-activity;sid:84532583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669482)"; flow:established,from_client; content:"GET"; http_method; content:"/myz.check|3f|t=prjuxovk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hr.bqet3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669482/; classtype:trojan-activity;sid:84532582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669480)"; flow:established,from_client; content:"GET"; http_method; content:"/myz.check|3f|t=03ftnh9w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hr.bqet3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669480/; classtype:trojan-activity;sid:84532580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669481)"; flow:established,from_client; content:"GET"; http_method; content:"/pox20p6lxw.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"no.ll-7-y-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669481/; classtype:trojan-activity;sid:84532581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669479)"; flow:established,from_client; content:"GET"; http_method; content:"/mb.google|3f|t=5jgwwyjo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u98.bqet3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669479/; classtype:trojan-activity;sid:84532579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669478)"; flow:established,from_client; content:"GET"; http_method; content:"/awg9seyh1e.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"no.ll-7-y-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669478/; classtype:trojan-activity;sid:84532578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669477)"; flow:established,from_client; content:"GET"; http_method; content:"/mb.google|3f|t=e6lg8pws"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u98.bqet3.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669477/; classtype:trojan-activity;sid:84532577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669476)"; flow:established,from_client; content:"GET"; http_method; content:"/ekmdxhctt0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.bw6u0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669476/; classtype:trojan-activity;sid:84532576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.142.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669475/; classtype:trojan-activity;sid:84532575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.47.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669473/; classtype:trojan-activity;sid:84532573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.17.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669474/; classtype:trojan-activity;sid:84532574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.72.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669472/; classtype:trojan-activity;sid:84532572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.89.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669471/; classtype:trojan-activity;sid:84532571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.111.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669470/; classtype:trojan-activity;sid:84532570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669469/; classtype:trojan-activity;sid:84532569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669468)"; flow:established,from_client; content:"GET"; http_method; content:"/28t8vfzozt.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cy7.fj-2-e-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669468/; classtype:trojan-activity;sid:84532568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669467)"; flow:established,from_client; content:"GET"; http_method; content:"/ou.check|3f|t=gc6l5g9a"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"rg.bqet3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669467/; classtype:trojan-activity;sid:84532567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.122.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669466/; classtype:trojan-activity;sid:84532566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669465)"; flow:established,from_client; content:"GET"; http_method; content:"/moaixoq6r7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.bw6u0.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669465/; classtype:trojan-activity;sid:84532565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669464)"; flow:established,from_client; content:"GET"; http_method; content:"/ou.check|3f|t=eini1w3k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"rg.bqet3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669464/; classtype:trojan-activity;sid:84532564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.187.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669463/; classtype:trojan-activity;sid:84532563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669461)"; flow:established,from_client; content:"GET"; http_method; content:"/nt.check|3f|t=f2f6y4j0"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"7i.bqet3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669461/; classtype:trojan-activity;sid:84532561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669462)"; flow:established,from_client; content:"GET"; http_method; content:"/0e84fdyug3.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cy7.fj-2-e-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669462/; classtype:trojan-activity;sid:84532562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.142.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669460/; classtype:trojan-activity;sid:84532560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.170.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669459/; classtype:trojan-activity;sid:84532559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669458)"; flow:established,from_client; content:"GET"; http_method; content:"/x2bb4xv6gu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.gr3e4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669458/; classtype:trojan-activity;sid:84532558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669457)"; flow:established,from_client; content:"GET"; http_method; content:"/nt.check|3f|t=qv8ou5gp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"7i.bqet3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669457/; classtype:trojan-activity;sid:84532557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669456/; classtype:trojan-activity;sid:84532556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669455)"; flow:established,from_client; content:"GET"; http_method; content:"/jt321nf1z7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.gr3e4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669455/; classtype:trojan-activity;sid:84532555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669454)"; flow:established,from_client; content:"GET"; http_method; content:"/1mh.check|3f|t=l8297u7w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lyh.tvoj5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669454/; classtype:trojan-activity;sid:84532554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669453)"; flow:established,from_client; content:"GET"; http_method; content:"/1mh.check|3f|t=dlv36p5q"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lyh.tvoj5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669453/; classtype:trojan-activity;sid:84532553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669452)"; flow:established,from_client; content:"GET"; http_method; content:"/kqa0z5m257.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"st7.fj-2-e-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669452/; classtype:trojan-activity;sid:84532552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669451)"; flow:established,from_client; content:"GET"; http_method; content:"/euo.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vps-ec9d6f72.vps.ovh.ca"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669451/; classtype:trojan-activity;sid:84532551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669447)"; flow:established,from_client; content:"GET"; http_method; content:"/bios.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vps-ec9d6f72.vps.ovh.ca"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669447/; classtype:trojan-activity;sid:84532547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669448)"; flow:established,from_client; content:"GET"; http_method; content:"/shoopify.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vps-ec9d6f72.vps.ovh.ca"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669448/; classtype:trojan-activity;sid:84532548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669449)"; flow:established,from_client; content:"GET"; http_method; content:"/startupppppppppp.bat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"vps-ec9d6f72.vps.ovh.ca"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669449/; classtype:trojan-activity;sid:84532549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669450)"; flow:established,from_client; content:"GET"; http_method; content:"/startupppppp.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vps-ec9d6f72.vps.ovh.ca"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669450/; classtype:trojan-activity;sid:84532550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.111.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669446/; classtype:trojan-activity;sid:84532546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.122.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669445/; classtype:trojan-activity;sid:84532545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.89.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669444/; classtype:trojan-activity;sid:84532544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669443)"; flow:established,from_client; content:"GET"; http_method; content:"/8h.google|3f|t=fnheckew"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fg7.tvoj5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669443/; classtype:trojan-activity;sid:84532543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669442)"; flow:established,from_client; content:"GET"; http_method; content:"/i1ehbq8jk7.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"y0.fj-2-e-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669442/; classtype:trojan-activity;sid:84532542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669441)"; flow:established,from_client; content:"GET"; http_method; content:"/nelox5k6fw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.gr3e4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669441/; classtype:trojan-activity;sid:84532541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669440)"; flow:established,from_client; content:"GET"; http_method; content:"/8h.google|3f|t=rapx5ziq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fg7.tvoj5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669440/; classtype:trojan-activity;sid:84532540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.187.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669439/; classtype:trojan-activity;sid:84532539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669438)"; flow:established,from_client; content:"GET"; http_method; content:"/vl8.google|3f|t=fj7ymzqt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"os.tvoj5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669438/; classtype:trojan-activity;sid:84532538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669437)"; flow:established,from_client; content:"GET"; http_method; content:"/h2v4am1nwp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.gr3e4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669437/; classtype:trojan-activity;sid:84532537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.11.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669436/; classtype:trojan-activity;sid:84532536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669435)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669435/; classtype:trojan-activity;sid:84532535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669434)"; flow:established,from_client; content:"GET"; http_method; content:"/xxek5u4qi1.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xh7.fj-2-e-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669434/; classtype:trojan-activity;sid:84532534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669423/; classtype:trojan-activity;sid:84532523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669424)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669424/; classtype:trojan-activity;sid:84532524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669425)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.ppc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669425/; classtype:trojan-activity;sid:84532525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.arm"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669426/; classtype:trojan-activity;sid:84532526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669427)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669427/; classtype:trojan-activity;sid:84532527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669428/; classtype:trojan-activity;sid:84532528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669429)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669429/; classtype:trojan-activity;sid:84532529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669430/; classtype:trojan-activity;sid:84532530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669431/; classtype:trojan-activity;sid:84532531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669432/; classtype:trojan-activity;sid:84532532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.3.54"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669433/; classtype:trojan-activity;sid:84532533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669421)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669421/; classtype:trojan-activity;sid:84532521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669422)"; flow:established,from_client; content:"GET"; http_method; content:"/or.google|3f|t=ypx1fc1t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f1.tvoj5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669422/; classtype:trojan-activity;sid:84532522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669406)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669406/; classtype:trojan-activity;sid:84532506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669407)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669407/; classtype:trojan-activity;sid:84532507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669408)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669408/; classtype:trojan-activity;sid:84532508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669409)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669409/; classtype:trojan-activity;sid:84532509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669410)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669410/; classtype:trojan-activity;sid:84532510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669411)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669411/; classtype:trojan-activity;sid:84532511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669412)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669412/; classtype:trojan-activity;sid:84532512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669413)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669413/; classtype:trojan-activity;sid:84532513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669414)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669414/; classtype:trojan-activity;sid:84532514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669415)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669415/; classtype:trojan-activity;sid:84532515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.mips64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669416/; classtype:trojan-activity;sid:84532516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669417/; classtype:trojan-activity;sid:84532517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.i686"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669418/; classtype:trojan-activity;sid:84532518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.arc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669419/; classtype:trojan-activity;sid:84532519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/b3astmode.sparc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"84.234.96.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669420/; classtype:trojan-activity;sid:84532520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669405)"; flow:established,from_client; content:"GET"; http_method; content:"/ux8qpndrjp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.gr3e4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669405/; classtype:trojan-activity;sid:84532505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669402)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669402/; classtype:trojan-activity;sid:84532502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669403)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669403/; classtype:trojan-activity;sid:84532503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669404)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"196.251.83.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669404/; classtype:trojan-activity;sid:84532504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669401)"; flow:established,from_client; content:"GET"; http_method; content:"/or.google|3f|t=amc4qdbk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f1.tvoj5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669401/; classtype:trojan-activity;sid:84532501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669400)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669400/; classtype:trojan-activity;sid:84532500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669397)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669397/; classtype:trojan-activity;sid:84532497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669398)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669398/; classtype:trojan-activity;sid:84532498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669399)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669399/; classtype:trojan-activity;sid:84532499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669394)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"72.60.250.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669394/; classtype:trojan-activity;sid:84532494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669395)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.250.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669395/; classtype:trojan-activity;sid:84532495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669396)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"72.60.250.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669396/; classtype:trojan-activity;sid:84532496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669382)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669382/; classtype:trojan-activity;sid:84532482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669383)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669383/; classtype:trojan-activity;sid:84532483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669384)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.250.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669384/; classtype:trojan-activity;sid:84532484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669385)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669385/; classtype:trojan-activity;sid:84532485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669386)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669386/; classtype:trojan-activity;sid:84532486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669387)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669387/; classtype:trojan-activity;sid:84532487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669388)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669388/; classtype:trojan-activity;sid:84532488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669389)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669389/; classtype:trojan-activity;sid:84532489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669390)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.250.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669390/; classtype:trojan-activity;sid:84532490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669391)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669391/; classtype:trojan-activity;sid:84532491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669392)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669392/; classtype:trojan-activity;sid:84532492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669393)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"72.60.250.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669393/; classtype:trojan-activity;sid:84532493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669371)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669371/; classtype:trojan-activity;sid:84532471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669372)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669372/; classtype:trojan-activity;sid:84532472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669373)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669373/; classtype:trojan-activity;sid:84532473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669374)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669374/; classtype:trojan-activity;sid:84532474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669375)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"72.60.250.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669375/; classtype:trojan-activity;sid:84532475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669376)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669376/; classtype:trojan-activity;sid:84532476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669377)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669377/; classtype:trojan-activity;sid:84532477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669378)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669378/; classtype:trojan-activity;sid:84532478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669379)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669379/; classtype:trojan-activity;sid:84532479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669380)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669380/; classtype:trojan-activity;sid:84532480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669381)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669381/; classtype:trojan-activity;sid:84532481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669370)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"72.60.250.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669370/; classtype:trojan-activity;sid:84532470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669368)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669368/; classtype:trojan-activity;sid:84532468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669369)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669369/; classtype:trojan-activity;sid:84532469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669367)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"72.60.250.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669367/; classtype:trojan-activity;sid:84532467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669365)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669365/; classtype:trojan-activity;sid:84532465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669366)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.47.174.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669366/; classtype:trojan-activity;sid:84532466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669364)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"srv1054171.hstgr.cloud"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669364/; classtype:trojan-activity;sid:84532464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669362)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669362/; classtype:trojan-activity;sid:84532462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669363)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669363/; classtype:trojan-activity;sid:84532463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669359)"; flow:established,from_client; content:"GET"; http_method; content:"/home.html"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.86.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669359/; classtype:trojan-activity;sid:84532459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669360)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669360/; classtype:trojan-activity;sid:84532460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669361)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669361/; classtype:trojan-activity;sid:84532461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669354)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669354/; classtype:trojan-activity;sid:84532454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669355)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669355/; classtype:trojan-activity;sid:84532455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669356)"; flow:established,from_client; content:"GET"; http_method; content:"/mpslnd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.210.101.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669356/; classtype:trojan-activity;sid:84532456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669357)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669357/; classtype:trojan-activity;sid:84532457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669358)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669358/; classtype:trojan-activity;sid:84532458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669353)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669353/; classtype:trojan-activity;sid:84532453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669352)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669352/; classtype:trojan-activity;sid:84532452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669349)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669349/; classtype:trojan-activity;sid:84532449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669350)"; flow:established,from_client; content:"GET"; http_method; content:"/error.html"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.86.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669350/; classtype:trojan-activity;sid:84532450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669351)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.231.222.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669351/; classtype:trojan-activity;sid:84532451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669348)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.142.53.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669348/; classtype:trojan-activity;sid:84532448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669347)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.254.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669347/; classtype:trojan-activity;sid:84532447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669346)"; flow:established,from_client; content:"GET"; http_method; content:"/dedsec1313/homeddep31/98c617bc1e114652e6f2a20c18fb2e8b990407a0/imyd7uep15.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669346/; classtype:trojan-activity;sid:84532446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.25.210.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669345/; classtype:trojan-activity;sid:84532445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.151.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669344/; classtype:trojan-activity;sid:84532444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669343)"; flow:established,from_client; content:"GET"; http_method; content:"/5uv7wcl2ay.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.gr3e4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669343/; classtype:trojan-activity;sid:84532443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669342)"; flow:established,from_client; content:"GET"; http_method; content:"/ah.google|3f|t=c3npz88c"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sp1.tvoj5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669342/; classtype:trojan-activity;sid:84532442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669341)"; flow:established,from_client; content:"GET"; http_method; content:"/fu9xjaa31j.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"29.fj-2-e-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669341/; classtype:trojan-activity;sid:84532441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669340)"; flow:established,from_client; content:"GET"; http_method; content:"/ah.google|3f|t=w47fz32f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sp1.tvoj5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669340/; classtype:trojan-activity;sid:84532440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.11.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669339/; classtype:trojan-activity;sid:84532439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669338/; classtype:trojan-activity;sid:84532438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.45.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669337/; classtype:trojan-activity;sid:84532437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669336)"; flow:established,from_client; content:"GET"; http_method; content:"/hw4.google|3f|t=0gnr8j4y"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ks.tvoj5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669336/; classtype:trojan-activity;sid:84532436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669335)"; flow:established,from_client; content:"GET"; http_method; content:"/9b4vzl3yjd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.gr3e4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669335/; classtype:trojan-activity;sid:84532435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669334)"; flow:established,from_client; content:"GET"; http_method; content:"/lklo8746vq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"y6m.fj-2-e-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669334/; classtype:trojan-activity;sid:84532434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669333)"; flow:established,from_client; content:"GET"; http_method; content:"/hw4.google|3f|t=bl71c47r"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ks.tvoj5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669333/; classtype:trojan-activity;sid:84532433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669332)"; flow:established,from_client; content:"GET"; http_method; content:"/5h.google|3f|t=lgxy92hl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"65.tvoj5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669332/; classtype:trojan-activity;sid:84532432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669331)"; flow:established,from_client; content:"GET"; http_method; content:"/vqimakeay8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.gr3e4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669331/; classtype:trojan-activity;sid:84532431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.25.210.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669330/; classtype:trojan-activity;sid:84532430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.151.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669329/; classtype:trojan-activity;sid:84532429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669328)"; flow:established,from_client; content:"GET"; http_method; content:"/scan36iarg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.gr3e4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669328/; classtype:trojan-activity;sid:84532428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669327)"; flow:established,from_client; content:"GET"; http_method; content:"/jg.check|3f|t=s0j0yorb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"i2.wtok2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669327/; classtype:trojan-activity;sid:84532427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669326/; classtype:trojan-activity;sid:84532426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669325)"; flow:established,from_client; content:"GET"; http_method; content:"/ggpcq8hkgg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"b6v.pf-6-o-2.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669325/; classtype:trojan-activity;sid:84532425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669324)"; flow:established,from_client; content:"GET"; http_method; content:"/jg.check|3f|t=xvojtd01"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"i2.wtok2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669324/; classtype:trojan-activity;sid:84532424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.136.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669323/; classtype:trojan-activity;sid:84532423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669322)"; flow:established,from_client; content:"GET"; http_method; content:"/l3im6gjcaz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.qj4y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669322/; classtype:trojan-activity;sid:84532422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669321)"; flow:established,from_client; content:"GET"; http_method; content:"/jd.check|3f|t=qg73kil4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nxz.wtok2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669321/; classtype:trojan-activity;sid:84532421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmdpl4ln1a.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"b6v.pf-6-o-2.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669320/; classtype:trojan-activity;sid:84532420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669319)"; flow:established,from_client; content:"GET"; http_method; content:"/jd.check|3f|t=88vedryk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nxz.wtok2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669319/; classtype:trojan-activity;sid:84532419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669318)"; flow:established,from_client; content:"GET"; http_method; content:"/ekom1z6yar.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.qj4y4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669318/; classtype:trojan-activity;sid:84532418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669317)"; flow:established,from_client; content:"GET"; http_method; content:"/h9p.check|3f|t=k8d6jxms"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7m.wtok2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669317/; classtype:trojan-activity;sid:84532417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.148.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669316/; classtype:trojan-activity;sid:84532416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669315/; classtype:trojan-activity;sid:84532415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.129.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669314/; classtype:trojan-activity;sid:84532414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669313)"; flow:established,from_client; content:"GET"; http_method; content:"/mnh7xrtmbs.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.qj4y4.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669313/; classtype:trojan-activity;sid:84532413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669312)"; flow:established,from_client; content:"GET"; http_method; content:"/epb.google|3f|t=5f5ws8zw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ic3.wtok2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669312/; classtype:trojan-activity;sid:84532412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669310)"; flow:established,from_client; content:"GET"; http_method; content:"/epb.google|3f|t=l2ljjc6t"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ic3.wtok2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669310/; classtype:trojan-activity;sid:84532410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669311)"; flow:established,from_client; content:"GET"; http_method; content:"/q8r109qocn.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"p0.pf-6-o-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669311/; classtype:trojan-activity;sid:84532411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669309/; classtype:trojan-activity;sid:84532409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669307)"; flow:established,from_client; content:"GET"; http_method; content:"/a22.google|3f|t=oreaiuzm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3oi.wtok2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669307/; classtype:trojan-activity;sid:84532407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669308)"; flow:established,from_client; content:"GET"; http_method; content:"/7te3c4456q.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"p0.pf-6-o-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669308/; classtype:trojan-activity;sid:84532408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669306)"; flow:established,from_client; content:"GET"; http_method; content:"/a22.google|3f|t=1mqpa36t"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3oi.wtok2.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669306/; classtype:trojan-activity;sid:84532406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669305)"; flow:established,from_client; content:"GET"; http_method; content:"/3ybbnypmn9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.qj4y4.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669305/; classtype:trojan-activity;sid:84532405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669304/; classtype:trojan-activity;sid:84532404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.52.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669303/; classtype:trojan-activity;sid:84532403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669301)"; flow:established,from_client; content:"GET"; http_method; content:"/dyy.check|3f|t=v3dceco7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"32.wtok2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669301/; classtype:trojan-activity;sid:84532401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669302)"; flow:established,from_client; content:"GET"; http_method; content:"/ha1d5b40xs.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wh.pf-6-o-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669302/; classtype:trojan-activity;sid:84532402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669300)"; flow:established,from_client; content:"GET"; http_method; content:"/dyy.check|3f|t=p6ytrgo4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"32.wtok2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669300/; classtype:trojan-activity;sid:84532400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669299)"; flow:established,from_client; content:"GET"; http_method; content:"/a2ksyi08a3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.qj4y4.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669299/; classtype:trojan-activity;sid:84532399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669298)"; flow:established,from_client; content:"GET"; http_method; content:"/cbqrp79cjq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wh.pf-6-o-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669298/; classtype:trojan-activity;sid:84532398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669297)"; flow:established,from_client; content:"GET"; http_method; content:"/p4s.check|3f|t=v8n0akbe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xt.wtok2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669297/; classtype:trojan-activity;sid:84532397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.129.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669296/; classtype:trojan-activity;sid:84532396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.148.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669295/; classtype:trojan-activity;sid:84532395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.148.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669294/; classtype:trojan-activity;sid:84532394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669293)"; flow:established,from_client; content:"GET"; http_method; content:"/p4s.check|3f|t=nz1zjzcs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xt.wtok2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669293/; classtype:trojan-activity;sid:84532393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669292)"; flow:established,from_client; content:"GET"; http_method; content:"/t462j0nx1q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4.zv1a0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669292/; classtype:trojan-activity;sid:84532392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.208.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669291/; classtype:trojan-activity;sid:84532391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669290)"; flow:established,from_client; content:"GET"; http_method; content:"/w3ac6qlyfw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.zv1a0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669290/; classtype:trojan-activity;sid:84532390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669289)"; flow:established,from_client; content:"GET"; http_method; content:"/2a09.google|3f|t=13m7e9dp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x8n.p74yi.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669289/; classtype:trojan-activity;sid:84532389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.52.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669288/; classtype:trojan-activity;sid:84532388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.215.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669287/; classtype:trojan-activity;sid:84532387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669286)"; flow:established,from_client; content:"GET"; http_method; content:"/9zzcpf84vt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hm.zv1a0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669286/; classtype:trojan-activity;sid:84532386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669285)"; flow:established,from_client; content:"GET"; http_method; content:"/7vb.check|3f|t=dpvfmxua"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9.p74yi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669285/; classtype:trojan-activity;sid:84532385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669284)"; flow:established,from_client; content:"GET"; http_method; content:"/m0q.google|3f|t=au0hm0hy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.p74yi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669284/; classtype:trojan-activity;sid:84532384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669283)"; flow:established,from_client; content:"GET"; http_method; content:"/2waaoaq1tt.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hd.pf-6-o-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669283/; classtype:trojan-activity;sid:84532383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.21.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669282/; classtype:trojan-activity;sid:84532382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.177.111.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669281/; classtype:trojan-activity;sid:84532381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.148.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669280/; classtype:trojan-activity;sid:84532380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669279)"; flow:established,from_client; content:"GET"; http_method; content:"/u49xmx0044.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.zv1a0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669279/; classtype:trojan-activity;sid:84532379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669278)"; flow:established,from_client; content:"GET"; http_method; content:"/m0q.google|3f|t=8btzl0fv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.p74yi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669278/; classtype:trojan-activity;sid:84532378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669277)"; flow:established,from_client; content:"GET"; http_method; content:"/ra14851795.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.zv1a0.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669277/; classtype:trojan-activity;sid:84532377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669276)"; flow:established,from_client; content:"GET"; http_method; content:"/ks.check|3f|t=firobkac"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z1.p74yi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669276/; classtype:trojan-activity;sid:84532376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669275)"; flow:established,from_client; content:"GET"; http_method; content:"/mrtr7wf4ay.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ip.pf-6-o-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669275/; classtype:trojan-activity;sid:84532375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669274)"; flow:established,from_client; content:"GET"; http_method; content:"/ks.check|3f|t=5yibnuu4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z1.p74yi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669274/; classtype:trojan-activity;sid:84532374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.158.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669273/; classtype:trojan-activity;sid:84532373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.240.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669272/; classtype:trojan-activity;sid:84532372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.64.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669271/; classtype:trojan-activity;sid:84532371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669269)"; flow:established,from_client; content:"GET"; http_method; content:"/9zignhk142.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.zv1a0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669269/; classtype:trojan-activity;sid:84532369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669270)"; flow:established,from_client; content:"GET"; http_method; content:"/0l4.google|3f|t=7l1j0mwp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bd.p74yi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669270/; classtype:trojan-activity;sid:84532370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669267)"; flow:established,from_client; content:"GET"; http_method; content:"/0l4.google|3f|t=qc2m7r51"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bd.p74yi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669267/; classtype:trojan-activity;sid:84532367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669268)"; flow:established,from_client; content:"GET"; http_method; content:"/7ecazdm6uq.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ip.pf-6-o-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669268/; classtype:trojan-activity;sid:84532368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669266)"; flow:established,from_client; content:"GET"; http_method; content:"/b7dpke3zgh.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ip.pf-6-o-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669266/; classtype:trojan-activity;sid:84532366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669265)"; flow:established,from_client; content:"GET"; http_method; content:"/1va.check|3f|t=sxklzz3p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q4.p74yi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669265/; classtype:trojan-activity;sid:84532365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.197.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669264/; classtype:trojan-activity;sid:84532364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669263)"; flow:established,from_client; content:"GET"; http_method; content:"/gjuahuq83g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.zv1a0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669263/; classtype:trojan-activity;sid:84532363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669262)"; flow:established,from_client; content:"GET"; http_method; content:"/1va.check|3f|t=5hn4nss5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q4.p74yi.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669262/; classtype:trojan-activity;sid:84532362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.21.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669261/; classtype:trojan-activity;sid:84532361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669260)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5089917904/xctciib.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669260/; classtype:trojan-activity;sid:84532360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669259)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6622187147/a7myec8.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669259/; classtype:trojan-activity;sid:84532359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669258)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/ltt9blq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669258/; classtype:trojan-activity;sid:84532358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669255)"; flow:established,from_client; content:"GET"; http_method; content:"/xs578f9bf7.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"px.pf-6-o-2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669255/; classtype:trojan-activity;sid:84532355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669256)"; flow:established,from_client; content:"GET"; http_method; content:"/jqvd5tqk6a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.zv1a0.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669256/; classtype:trojan-activity;sid:84532356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669257)"; flow:established,from_client; content:"GET"; http_method; content:"/ep.google|3f|t=3izfg4af"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.p74yi.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669257/; classtype:trojan-activity;sid:84532357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669254)"; flow:established,from_client; content:"GET"; http_method; content:"/ep.google|3f|t=msn3k3t0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.p74yi.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669254/; classtype:trojan-activity;sid:84532354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669253)"; flow:established,from_client; content:"GET"; http_method; content:"/y939w5kkz2.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"p2.ls-2-a-9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669253/; classtype:trojan-activity;sid:84532353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669252)"; flow:established,from_client; content:"GET"; http_method; content:"/7w2.google|3f|t=u1nj6nek"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p9.p51io.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669252/; classtype:trojan-activity;sid:84532352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.197.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669251/; classtype:trojan-activity;sid:84532351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669250)"; flow:established,from_client; content:"GET"; http_method; content:"/jcha6tgduh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d5.8a-mg.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669250/; classtype:trojan-activity;sid:84532350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669249)"; flow:established,from_client; content:"GET"; http_method; content:"/7w2.google|3f|t=64s34hto"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p9.p51io.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669249/; classtype:trojan-activity;sid:84532349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669248)"; flow:established,from_client; content:"GET"; http_method; content:"/xo30lpxjqo.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"p2.ls-2-a-9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669248/; classtype:trojan-activity;sid:84532348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669247)"; flow:established,from_client; content:"GET"; http_method; content:"/kd.check|3f|t=5mr341xe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"h7m.p51io.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669247/; classtype:trojan-activity;sid:84532347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.43.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669246/; classtype:trojan-activity;sid:84532346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669245)"; flow:established,from_client; content:"GET"; http_method; content:"/06s2cjyzm0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.8a-mg.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669245/; classtype:trojan-activity;sid:84532345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669244)"; flow:established,from_client; content:"GET"; http_method; content:"/kd.check|3f|t=5s9mqweb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"h7m.p51io.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669244/; classtype:trojan-activity;sid:84532344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669243/; classtype:trojan-activity;sid:84532343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.115.122.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669242/; classtype:trojan-activity;sid:84532342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669241/; classtype:trojan-activity;sid:84532341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669240)"; flow:established,from_client; content:"GET"; http_method; content:"/ab03.google|3f|t=j05hkj71"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x.p51io.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669240/; classtype:trojan-activity;sid:84532340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669239)"; flow:established,from_client; content:"GET"; http_method; content:"/9njujvz4jh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m6.8a-mg.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669239/; classtype:trojan-activity;sid:84532339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669237)"; flow:established,from_client; content:"GET"; http_method; content:"/ab03.google|3f|t=p8d7eaf7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x.p51io.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669237/; classtype:trojan-activity;sid:84532337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669238)"; flow:established,from_client; content:"GET"; http_method; content:"/byqq38noau.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wmw.ls-2-a-9.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669238/; classtype:trojan-activity;sid:84532338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.9.224.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669236/; classtype:trojan-activity;sid:84532336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669235)"; flow:established,from_client; content:"GET"; http_method; content:"/sa1hu7y9ca.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.8a-mg.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669235/; classtype:trojan-activity;sid:84532335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669234)"; flow:established,from_client; content:"GET"; http_method; content:"/zfgji500gg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9m.ls-2-a-9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669234/; classtype:trojan-activity;sid:84532334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669232)"; flow:established,from_client; content:"GET"; http_method; content:"/rva.check|3f|t=lmjbtxlh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1.p51io.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669232/; classtype:trojan-activity;sid:84532332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669233)"; flow:established,from_client; content:"GET"; http_method; content:"/rva.check|3f|t=zmptz1e7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1.p51io.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669233/; classtype:trojan-activity;sid:84532333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.154.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669231/; classtype:trojan-activity;sid:84532331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.239.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669230/; classtype:trojan-activity;sid:84532330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669229)"; flow:established,from_client; content:"GET"; http_method; content:"/0p.google|3f|t=kb1dv4zy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zk.p51io.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669229/; classtype:trojan-activity;sid:84532329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669228)"; flow:established,from_client; content:"GET"; http_method; content:"/23lc5u0osn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1.8a-mg.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669228/; classtype:trojan-activity;sid:84532328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669227)"; flow:established,from_client; content:"GET"; http_method; content:"/ynoln7tdgh.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"9m.ls-2-a-9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669227/; classtype:trojan-activity;sid:84532327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669226)"; flow:established,from_client; content:"GET"; http_method; content:"/0p.google|3f|t=ixwhfj7q"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zk.p51io.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669226/; classtype:trojan-activity;sid:84532326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669225/; classtype:trojan-activity;sid:84532325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669224/; classtype:trojan-activity;sid:84532324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.235.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669223/; classtype:trojan-activity;sid:84532323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.61.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669218/; classtype:trojan-activity;sid:84532318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.105.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669219/; classtype:trojan-activity;sid:84532319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.84.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669220/; classtype:trojan-activity;sid:84532320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669221/; classtype:trojan-activity;sid:84532321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.148.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669222/; classtype:trojan-activity;sid:84532322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.87.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669217/; classtype:trojan-activity;sid:84532317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669216/; classtype:trojan-activity;sid:84532316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.124.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669215/; classtype:trojan-activity;sid:84532315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669214)"; flow:established,from_client; content:"GET"; http_method; content:"/uqqozt79ow.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.8a-mg.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669214/; classtype:trojan-activity;sid:84532314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669213)"; flow:established,from_client; content:"GET"; http_method; content:"/7xm.check|3f|t=fsz0buh6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n2.p51io.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669213/; classtype:trojan-activity;sid:84532313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.91.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669212/; classtype:trojan-activity;sid:84532312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.124.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669211/; classtype:trojan-activity;sid:84532311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669210)"; flow:established,from_client; content:"GET"; http_method; content:"/jxnb0i89b1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz9.8a-mg.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669210/; classtype:trojan-activity;sid:84532310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669209)"; flow:established,from_client; content:"GET"; http_method; content:"/q5.google|3f|t=4t4jrfi2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.p51io.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669209/; classtype:trojan-activity;sid:84532309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669208)"; flow:established,from_client; content:"GET"; http_method; content:"/q5.google|3f|t=y9ihoi2p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.p51io.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669208/; classtype:trojan-activity;sid:84532308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669207)"; flow:established,from_client; content:"GET"; http_method; content:"/nlcikgvvli.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"v2.ls-2-a-9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669207/; classtype:trojan-activity;sid:84532307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.105.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669206/; classtype:trojan-activity;sid:84532306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.239.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669205/; classtype:trojan-activity;sid:84532305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669204)"; flow:established,from_client; content:"GET"; http_method; content:"/ynla31vdpe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.8a-mg.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669204/; classtype:trojan-activity;sid:84532304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669203)"; flow:established,from_client; content:"GET"; http_method; content:"/y27xcbddq9.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5f.ls-2-a-9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669203/; classtype:trojan-activity;sid:84532303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669201)"; flow:established,from_client; content:"GET"; http_method; content:"/zp13.google|3f|t=dkzpywzv"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"y7n.c34uu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669201/; classtype:trojan-activity;sid:84532301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669202)"; flow:established,from_client; content:"GET"; http_method; content:"/zp13.google|3f|t=opcudv58"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"y7n.c34uu.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669202/; classtype:trojan-activity;sid:84532302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.142.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669200/; classtype:trojan-activity;sid:84532300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.87.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669199/; classtype:trojan-activity;sid:84532299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.124.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669198/; classtype:trojan-activity;sid:84532298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669197)"; flow:established,from_client; content:"GET"; http_method; content:"/mwqlerpwhf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2.8a-mg.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669197/; classtype:trojan-activity;sid:84532297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669196)"; flow:established,from_client; content:"GET"; http_method; content:"/aw0.check|3f|t=58ws4oyn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qz.c34uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669196/; classtype:trojan-activity;sid:84532296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669194)"; flow:established,from_client; content:"GET"; http_method; content:"/aw0.check|3f|t=lfwt08cs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qz.c34uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669194/; classtype:trojan-activity;sid:84532294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669195)"; flow:established,from_client; content:"GET"; http_method; content:"/ydw51ylsyo.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"95.ls-2-a-9.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669195/; classtype:trojan-activity;sid:84532295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.124.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669193/; classtype:trojan-activity;sid:84532293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.147.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669192/; classtype:trojan-activity;sid:84532292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669190)"; flow:established,from_client; content:"GET"; http_method; content:"/nr1ebpx8za.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ent.bw-6-u-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669190/; classtype:trojan-activity;sid:84532290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669191)"; flow:established,from_client; content:"GET"; http_method; content:"/4t.google|3f|t=tvp3iiis"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m3.c34uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669191/; classtype:trojan-activity;sid:84532291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669189)"; flow:established,from_client; content:"GET"; http_method; content:"/vk62ux1w6c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k.8a-mg.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669189/; classtype:trojan-activity;sid:84532289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669188)"; flow:established,from_client; content:"GET"; http_method; content:"/4t.google|3f|t=3k8b6mom"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m3.c34uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669188/; classtype:trojan-activity;sid:84532288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669187)"; flow:established,from_client; content:"GET"; http_method; content:"/wm8bkvcpyn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t2.0y-pm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669187/; classtype:trojan-activity;sid:84532287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669186)"; flow:established,from_client; content:"GET"; http_method; content:"/kq7.check|3f|t=1kt108ep"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.c34uu.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669186/; classtype:trojan-activity;sid:84532286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669185)"; flow:established,from_client; content:"GET"; http_method; content:"/kq7.check|3f|t=pugs83mu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x.c34uu.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669185/; classtype:trojan-activity;sid:84532285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669184)"; flow:established,from_client; content:"GET"; http_method; content:"/7l1sb015ol.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sx.bw-6-u-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669184/; classtype:trojan-activity;sid:84532284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669183)"; flow:established,from_client; content:"GET"; http_method; content:"/4tqo574cxz.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"75.bw-6-u-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669183/; classtype:trojan-activity;sid:84532283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669182)"; flow:established,from_client; content:"GET"; http_method; content:"/1n.google|3f|t=9lgdlucr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vv.c34uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669182/; classtype:trojan-activity;sid:84532282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669181)"; flow:established,from_client; content:"GET"; http_method; content:"/1n.google|3f|t=mgipl9ke"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vv.c34uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669181/; classtype:trojan-activity;sid:84532281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669180)"; flow:established,from_client; content:"GET"; http_method; content:"/0p88aihvsa.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.0y-pm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669180/; classtype:trojan-activity;sid:84532280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669179/; classtype:trojan-activity;sid:84532279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.27.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669178/; classtype:trojan-activity;sid:84532278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669177)"; flow:established,from_client; content:"GET"; http_method; content:"/sdrde5ptm4.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"75.bw-6-u-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669177/; classtype:trojan-activity;sid:84532277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669176)"; flow:established,from_client; content:"GET"; http_method; content:"/0xm.check|3f|t=49proah4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a9.c34uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669176/; classtype:trojan-activity;sid:84532276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.142.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669175/; classtype:trojan-activity;sid:84532275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669174)"; flow:established,from_client; content:"GET"; http_method; content:"/tp2fq3jezv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1.0y-pm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669174/; classtype:trojan-activity;sid:84532274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669173)"; flow:established,from_client; content:"GET"; http_method; content:"/0xm.check|3f|t=4yfiexos"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a9.c34uu.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669173/; classtype:trojan-activity;sid:84532273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.27.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669172/; classtype:trojan-activity;sid:84532272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669171)"; flow:established,from_client; content:"GET"; http_method; content:"/hqxdr6llkj.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xp3.bw-6-u-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669171/; classtype:trojan-activity;sid:84532271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.59.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669169/; classtype:trojan-activity;sid:84532269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669170)"; flow:established,from_client; content:"GET"; http_method; content:"/d5.google|3f|t=pnt92it7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.c34uu.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669170/; classtype:trojan-activity;sid:84532270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669167)"; flow:established,from_client; content:"GET"; http_method; content:"/d5.google|3f|t=od9agt33"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.c34uu.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669167/; classtype:trojan-activity;sid:84532267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669168)"; flow:established,from_client; content:"GET"; http_method; content:"/7nnvz088wp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.0y-pm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669168/; classtype:trojan-activity;sid:84532268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.71.60.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669166/; classtype:trojan-activity;sid:84532266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.234.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669165/; classtype:trojan-activity;sid:84532265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.71.60.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669164/; classtype:trojan-activity;sid:84532264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669162)"; flow:established,from_client; content:"GET"; http_method; content:"/zy1qc2adgn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.0y-pm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669162/; classtype:trojan-activity;sid:84532262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669163)"; flow:established,from_client; content:"GET"; http_method; content:"/aeppb2rnaw.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xp3.bw-6-u-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669163/; classtype:trojan-activity;sid:84532263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669161)"; flow:established,from_client; content:"GET"; http_method; content:"/7m04.google|3f|t=t5zbmgmn"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1v.v57eo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669161/; classtype:trojan-activity;sid:84532261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669160)"; flow:established,from_client; content:"GET"; http_method; content:"/7m04.google|3f|t=t2z96ro4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"t1v.v57eo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669160/; classtype:trojan-activity;sid:84532260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669158)"; flow:established,from_client; content:"GET"; http_method; content:"/vb.check|3f|t=faid0qx2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"k0.v57eo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669158/; classtype:trojan-activity;sid:84532258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669159)"; flow:established,from_client; content:"GET"; http_method; content:"/g6d06r6owq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4.0y-pm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669159/; classtype:trojan-activity;sid:84532259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.204.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669157/; classtype:trojan-activity;sid:84532257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669155)"; flow:established,from_client; content:"GET"; http_method; content:"/vb.check|3f|t=h81k4h48"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"k0.v57eo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669155/; classtype:trojan-activity;sid:84532255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669156)"; flow:established,from_client; content:"GET"; http_method; content:"/a2c2l4yjz0.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"837.bw-6-u-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669156/; classtype:trojan-activity;sid:84532256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.59.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669154/; classtype:trojan-activity;sid:84532254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669153)"; flow:established,from_client; content:"GET"; http_method; content:"/azykiqgqqf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pm7.0y-pm.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669153/; classtype:trojan-activity;sid:84532253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669152)"; flow:established,from_client; content:"GET"; http_method; content:"/9q1.google|3f|t=znz1zpiw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hx.v57eo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669152/; classtype:trojan-activity;sid:84532252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.72.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669151/; classtype:trojan-activity;sid:84532251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669150/; classtype:trojan-activity;sid:84532250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669149)"; flow:established,from_client; content:"GET"; http_method; content:"/lpjpb3rzid.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"837.bw-6-u-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669149/; classtype:trojan-activity;sid:84532249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669148)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=1dpudo21"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z7.v57eo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669148/; classtype:trojan-activity;sid:84532248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669147)"; flow:established,from_client; content:"GET"; http_method; content:"/xctswy250w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.0y-pm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669147/; classtype:trojan-activity;sid:84532247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669146)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=gqn1rxlo"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z7.v57eo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669146/; classtype:trojan-activity;sid:84532246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669145/; classtype:trojan-activity;sid:84532245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669144)"; flow:established,from_client; content:"GET"; http_method; content:"/ons24sqmnq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y.0y-pm.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669144/; classtype:trojan-activity;sid:84532244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669143)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=sbu4v16z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qa.v57eo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669143/; classtype:trojan-activity;sid:84532243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669142)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=kj6ed87k"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qa.v57eo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669142/; classtype:trojan-activity;sid:84532242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669141)"; flow:established,from_client; content:"GET"; http_method; content:"/tf6udhpom1.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"oh.bw-6-u-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669141/; classtype:trojan-activity;sid:84532241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.139.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669140/; classtype:trojan-activity;sid:84532240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669139)"; flow:established,from_client; content:"GET"; http_method; content:"/2z785xc9lg.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"oh.bw-6-u-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669139/; classtype:trojan-activity;sid:84532239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669138)"; flow:established,from_client; content:"GET"; http_method; content:"/62uas4rps1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g8.7a-xz.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669138/; classtype:trojan-activity;sid:84532238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669136)"; flow:established,from_client; content:"GET"; http_method; content:"/1kz.check|3f|t=6g6xn2sc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.v57eo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669136/; classtype:trojan-activity;sid:84532236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669137)"; flow:established,from_client; content:"GET"; http_method; content:"/1kz.check|3f|t=uesdd4mb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m2.v57eo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669137/; classtype:trojan-activity;sid:84532237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.123.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669135/; classtype:trojan-activity;sid:84532235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.191.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669134/; classtype:trojan-activity;sid:84532234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669133)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.google|3f|t=816bfr4w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.v57eo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669133/; classtype:trojan-activity;sid:84532233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669132)"; flow:established,from_client; content:"GET"; http_method; content:"/utw97ez6pb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.7a-xz.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669132/; classtype:trojan-activity;sid:84532232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.195.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669131/; classtype:trojan-activity;sid:84532231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669130)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.google|3f|t=nsyaslt7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.v57eo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669130/; classtype:trojan-activity;sid:84532230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669129)"; flow:established,from_client; content:"GET"; http_method; content:"/vkk3gwahbj.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xw.fj-4-i-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669129/; classtype:trojan-activity;sid:84532229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.146.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669128/; classtype:trojan-activity;sid:84532228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669127)"; flow:established,from_client; content:"GET"; http_method; content:"/p6f267tlmz.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xw.fj-4-i-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669127/; classtype:trojan-activity;sid:84532227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669126)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=tbnx69wb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.s91ii.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669126/; classtype:trojan-activity;sid:84532226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669125)"; flow:established,from_client; content:"GET"; http_method; content:"/9x43io8010.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4.7a-xz.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669125/; classtype:trojan-activity;sid:84532225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669124)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=b976m1a3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.s91ii.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669124/; classtype:trojan-activity;sid:84532224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.123.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669123/; classtype:trojan-activity;sid:84532223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.34.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669122/; classtype:trojan-activity;sid:84532222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669121)"; flow:established,from_client; content:"GET"; http_method; content:"/6vk1hc369x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3.7a-xz.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669121/; classtype:trojan-activity;sid:84532221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669120)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=ppxw0cvv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.s91ii.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669120/; classtype:trojan-activity;sid:84532220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.199.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669119/; classtype:trojan-activity;sid:84532219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669118)"; flow:established,from_client; content:"GET"; http_method; content:"/7xenl2n9bh.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"gw.fj-4-i-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669118/; classtype:trojan-activity;sid:84532218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669117)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=280sruwa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.s91ii.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669117/; classtype:trojan-activity;sid:84532217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.44.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669116/; classtype:trojan-activity;sid:84532216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669115)"; flow:established,from_client; content:"GET"; http_method; content:"/h3q3czep50.vsix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"3tq.fj-4-i-6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669115/; classtype:trojan-activity;sid:84532215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669114)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=tzar6q5q"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0.s91ii.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669114/; classtype:trojan-activity;sid:84532214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.146.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669113/; classtype:trojan-activity;sid:84532213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669112)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=ykj116iu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0.s91ii.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669112/; classtype:trojan-activity;sid:84532212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669111)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1hzjpi2y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qm9.7a-xz.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669111/; classtype:trojan-activity;sid:84532211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668794)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.126.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668794/; classtype:trojan-activity;sid:84531894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.141.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668780/; classtype:trojan-activity;sid:84531880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668657)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5296057416/ef3z01h.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668657/; classtype:trojan-activity;sid:84531757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668647)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.24.0/xmrig-6.24.0-windows-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668647/; classtype:trojan-activity;sid:84531747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668639)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5900855435/lzq6raq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668639/; classtype:trojan-activity;sid:84531739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"apn-87-251-249-41.static.gprs.plus.pl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668586/; classtype:trojan-activity;sid:84531686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668551/; classtype:trojan-activity;sid:84531651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668504)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668504/; classtype:trojan-activity;sid:84531604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668501)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668501/; classtype:trojan-activity;sid:84531601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.131.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668499/; classtype:trojan-activity;sid:84531599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.131.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668497/; classtype:trojan-activity;sid:84531597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668457/; classtype:trojan-activity;sid:84531557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668386/; classtype:trojan-activity;sid:84531486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668367/; classtype:trojan-activity;sid:84531467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668279/; classtype:trojan-activity;sid:84531379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.95.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668255/; classtype:trojan-activity;sid:84531355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668240/; classtype:trojan-activity;sid:84531340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668203)"; flow:established,from_client; content:"GET"; http_method; content:"/vhvd9ugu8er4rnq.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668203/; classtype:trojan-activity;sid:84531303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668193/; classtype:trojan-activity;sid:84531293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668179)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668179/; classtype:trojan-activity;sid:84531279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668175)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668175/; classtype:trojan-activity;sid:84531275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668168)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668168/; classtype:trojan-activity;sid:84531268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668169)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668169/; classtype:trojan-activity;sid:84531269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668154)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668154/; classtype:trojan-activity;sid:84531254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668155)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668155/; classtype:trojan-activity;sid:84531255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668157)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668157/; classtype:trojan-activity;sid:84531257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668142)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668142/; classtype:trojan-activity;sid:84531242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668131)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668131/; classtype:trojan-activity;sid:84531231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.186.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668124/; classtype:trojan-activity;sid:84531224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668116/; classtype:trojan-activity;sid:84531216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668112/; classtype:trojan-activity;sid:84531212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668095)"; flow:established,from_client; content:"GET"; http_method; content:"/qudette/2wcwjxtg2340akf/releases/download/loaders/setup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668095/; classtype:trojan-activity;sid:84531195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.155.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668085/; classtype:trojan-activity;sid:84531185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.202.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3667895/; classtype:trojan-activity;sid:84530995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667854/; classtype:trojan-activity;sid:84530954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.254.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667797/; classtype:trojan-activity;sid:84530897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667750)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667750/; classtype:trojan-activity;sid:84530850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.253.86.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667743/; classtype:trojan-activity;sid:84530843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667715)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"82.64.201.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667715/; classtype:trojan-activity;sid:84530815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.124.205.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667695/; classtype:trojan-activity;sid:84530795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667680)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.192.49.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667680/; classtype:trojan-activity;sid:84530780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667684)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.150.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667684/; classtype:trojan-activity;sid:84530784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667687)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.91.84.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667687/; classtype:trojan-activity;sid:84530787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667591)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667591/; classtype:trojan-activity;sid:84530691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667589/; classtype:trojan-activity;sid:84530689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667586)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667586/; classtype:trojan-activity;sid:84530686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667587)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667587/; classtype:trojan-activity;sid:84530687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667588)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667588/; classtype:trojan-activity;sid:84530688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667584)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667584/; classtype:trojan-activity;sid:84530684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667582)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667582/; classtype:trojan-activity;sid:84530682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667583)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667583/; classtype:trojan-activity;sid:84530683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667463)"; flow:established,from_client; content:"GET"; http_method; content:"/2cf91f1cb0224a8999cfa234acca1140_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667463/; classtype:trojan-activity;sid:84530563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.168.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667314/; classtype:trojan-activity;sid:84530414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.168.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667300/; classtype:trojan-activity;sid:84530400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667246)"; flow:established,from_client; content:"GET"; http_method; content:"/276/orifii34fifitoyinjnn45djf459dfkfkjvckj4dgj4dfk99df949fd9vbe49fd934dgg49dg9fd.hta"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"172.245.209.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667246/; classtype:trojan-activity;sid:84530346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/binupload.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"192.177.111.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667233/; classtype:trojan-activity;sid:84530333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.251.21.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667009/; classtype:trojan-activity;sid:84530109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667002)"; flow:established,from_client; content:"GET"; http_method; content:"/35/items/optimized_msi_20251008_1417/optimized_msi.png"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"ia601007.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667002/; classtype:trojan-activity;sid:84530102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667000)"; flow:established,from_client; content:"GET"; http_method; content:"/35/items/optimized_msi_20251008_1417/optimized_msi.png"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"ia601007.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667000/; classtype:trojan-activity;sid:84530100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.251.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3666941/; classtype:trojan-activity;sid:84530041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3666829/; classtype:trojan-activity;sid:84529929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.32.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3666813/; classtype:trojan-activity;sid:84529913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.193.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3666772/; classtype:trojan-activity;sid:84529872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666586/; classtype:trojan-activity;sid:84529686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666575)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.96.89.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666575/; classtype:trojan-activity;sid:84529675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666573)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.192.49.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666573/; classtype:trojan-activity;sid:84529673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666560)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"187.194.128.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666560/; classtype:trojan-activity;sid:84529660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666552)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666552/; classtype:trojan-activity;sid:84529652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.165.215.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666553/; classtype:trojan-activity;sid:84529653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666551/; classtype:trojan-activity;sid:84529651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666547)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666547/; classtype:trojan-activity;sid:84529647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666544)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.149.62.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666544/; classtype:trojan-activity;sid:84529644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666335/; classtype:trojan-activity;sid:84529435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.105.154.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666202/; classtype:trojan-activity;sid:84529302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666168)"; flow:established,from_client; content:"GET"; http_method; content:"/shost.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.188.91.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666168/; classtype:trojan-activity;sid:84529268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666133/; classtype:trojan-activity;sid:84529233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666131/; classtype:trojan-activity;sid:84529231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666130/; classtype:trojan-activity;sid:84529230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666129/; classtype:trojan-activity;sid:84529229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666128/; classtype:trojan-activity;sid:84529228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-11-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666127/; classtype:trojan-activity;sid:84529227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666123/; classtype:trojan-activity;sid:84529223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666124/; classtype:trojan-activity;sid:84529224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666125/; classtype:trojan-activity;sid:84529225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666126/; classtype:trojan-activity;sid:84529226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666121/; classtype:trojan-activity;sid:84529221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666122/; classtype:trojan-activity;sid:84529222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666120/; classtype:trojan-activity;sid:84529220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666118/; classtype:trojan-activity;sid:84529218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666119/; classtype:trojan-activity;sid:84529219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666113/; classtype:trojan-activity;sid:84529213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666114/; classtype:trojan-activity;sid:84529214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666116/; classtype:trojan-activity;sid:84529216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666117/; classtype:trojan-activity;sid:84529217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666110/; classtype:trojan-activity;sid:84529210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666111/; classtype:trojan-activity;sid:84529211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666112/; classtype:trojan-activity;sid:84529212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666105/; classtype:trojan-activity;sid:84529205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666107/; classtype:trojan-activity;sid:84529207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666108/; classtype:trojan-activity;sid:84529208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666109/; classtype:trojan-activity;sid:84529209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666101/; classtype:trojan-activity;sid:84529201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666102/; classtype:trojan-activity;sid:84529202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666103/; classtype:trojan-activity;sid:84529203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666104/; classtype:trojan-activity;sid:84529204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666095/; classtype:trojan-activity;sid:84529195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666096/; classtype:trojan-activity;sid:84529196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666098/; classtype:trojan-activity;sid:84529198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666099/; classtype:trojan-activity;sid:84529199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666092/; classtype:trojan-activity;sid:84529192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666094/; classtype:trojan-activity;sid:84529194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666090/; classtype:trojan-activity;sid:84529190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666091/; classtype:trojan-activity;sid:84529191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666089/; classtype:trojan-activity;sid:84529189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666084/; classtype:trojan-activity;sid:84529184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666081/; classtype:trojan-activity;sid:84529181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666082/; classtype:trojan-activity;sid:84529182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666083/; classtype:trojan-activity;sid:84529183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666069/; classtype:trojan-activity;sid:84529169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666070/; classtype:trojan-activity;sid:84529170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666071/; classtype:trojan-activity;sid:84529171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666073/; classtype:trojan-activity;sid:84529173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666075/; classtype:trojan-activity;sid:84529175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666076/; classtype:trojan-activity;sid:84529176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666080/; classtype:trojan-activity;sid:84529180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666066/; classtype:trojan-activity;sid:84529166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666065/; classtype:trojan-activity;sid:84529165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666063/; classtype:trojan-activity;sid:84529163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666062/; classtype:trojan-activity;sid:84529162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666061/; classtype:trojan-activity;sid:84529161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666060/; classtype:trojan-activity;sid:84529160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666059/; classtype:trojan-activity;sid:84529159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666058/; classtype:trojan-activity;sid:84529158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666057/; classtype:trojan-activity;sid:84529157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666056/; classtype:trojan-activity;sid:84529156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666053/; classtype:trojan-activity;sid:84529153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666055/; classtype:trojan-activity;sid:84529155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666048/; classtype:trojan-activity;sid:84529148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666049/; classtype:trojan-activity;sid:84529149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666050/; classtype:trojan-activity;sid:84529150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666051/; classtype:trojan-activity;sid:84529151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666052/; classtype:trojan-activity;sid:84529152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666042/; classtype:trojan-activity;sid:84529142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666043/; classtype:trojan-activity;sid:84529143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666045/; classtype:trojan-activity;sid:84529145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666047/; classtype:trojan-activity;sid:84529147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666038/; classtype:trojan-activity;sid:84529138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666039/; classtype:trojan-activity;sid:84529139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666041/; classtype:trojan-activity;sid:84529141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666036/; classtype:trojan-activity;sid:84529136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666037/; classtype:trojan-activity;sid:84529137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666033/; classtype:trojan-activity;sid:84529133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666035/; classtype:trojan-activity;sid:84529135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666032/; classtype:trojan-activity;sid:84529132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666028/; classtype:trojan-activity;sid:84529128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666029/; classtype:trojan-activity;sid:84529129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666030/; classtype:trojan-activity;sid:84529130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666031/; classtype:trojan-activity;sid:84529131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666027/; classtype:trojan-activity;sid:84529127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666026/; classtype:trojan-activity;sid:84529126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666020/; classtype:trojan-activity;sid:84529120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666022/; classtype:trojan-activity;sid:84529122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666023/; classtype:trojan-activity;sid:84529123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666024/; classtype:trojan-activity;sid:84529124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666025/; classtype:trojan-activity;sid:84529125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666019/; classtype:trojan-activity;sid:84529119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666015/; classtype:trojan-activity;sid:84529115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666017/; classtype:trojan-activity;sid:84529117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666014/; classtype:trojan-activity;sid:84529114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666013/; classtype:trojan-activity;sid:84529113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665992/; classtype:trojan-activity;sid:84529092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.210.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665939/; classtype:trojan-activity;sid:84529039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665932/; classtype:trojan-activity;sid:84529032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.210.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665920/; classtype:trojan-activity;sid:84529020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.81.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665881/; classtype:trojan-activity;sid:84528981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665848)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/debug"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665848/; classtype:trojan-activity;sid:84528948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665846)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665846/; classtype:trojan-activity;sid:84528946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665844)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665844/; classtype:trojan-activity;sid:84528944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665843)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665843/; classtype:trojan-activity;sid:84528943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665838)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665838/; classtype:trojan-activity;sid:84528938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665840)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665840/; classtype:trojan-activity;sid:84528940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665823)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665823/; classtype:trojan-activity;sid:84528923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665831)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665831/; classtype:trojan-activity;sid:84528931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665832)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665832/; classtype:trojan-activity;sid:84528932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665807)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665807/; classtype:trojan-activity;sid:84528907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665805)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665805/; classtype:trojan-activity;sid:84528905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665801/; classtype:trojan-activity;sid:84528901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665803/; classtype:trojan-activity;sid:84528903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665796/; classtype:trojan-activity;sid:84528896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665792)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.207.44.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665792/; classtype:trojan-activity;sid:84528892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665788)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665788/; classtype:trojan-activity;sid:84528888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665783)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.255.218.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665783/; classtype:trojan-activity;sid:84528883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665779)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665779/; classtype:trojan-activity;sid:84528879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665777)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.207.55.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665777/; classtype:trojan-activity;sid:84528877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665767)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665767/; classtype:trojan-activity;sid:84528867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665758)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.138.28.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665758/; classtype:trojan-activity;sid:84528858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665760)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.91.88.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665760/; classtype:trojan-activity;sid:84528860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665756)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.207.55.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665756/; classtype:trojan-activity;sid:84528856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665748)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.204.240.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665748/; classtype:trojan-activity;sid:84528848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665749)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.157.110.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665749/; classtype:trojan-activity;sid:84528849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665750)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.207.44.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665750/; classtype:trojan-activity;sid:84528850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665747)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665747/; classtype:trojan-activity;sid:84528847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665742)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665742/; classtype:trojan-activity;sid:84528842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665733)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665733/; classtype:trojan-activity;sid:84528833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665713)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.204.240.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665713/; classtype:trojan-activity;sid:84528813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665709)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665709/; classtype:trojan-activity;sid:84528809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665707)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.255.22.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665707/; classtype:trojan-activity;sid:84528807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665703)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665703/; classtype:trojan-activity;sid:84528803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665700)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.4.52.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665700/; classtype:trojan-activity;sid:84528800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665692)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665692/; classtype:trojan-activity;sid:84528792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665677/; classtype:trojan-activity;sid:84528777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665675)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.207.55.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665675/; classtype:trojan-activity;sid:84528775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665671/; classtype:trojan-activity;sid:84528771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665669)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665669/; classtype:trojan-activity;sid:84528769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665662)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.144.160.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665662/; classtype:trojan-activity;sid:84528762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665645)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/productcode/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665645/; classtype:trojan-activity;sid:84528745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665643)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/trkjob/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665643/; classtype:trojan-activity;sid:84528743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665644)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665644/; classtype:trojan-activity;sid:84528744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665642)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665642/; classtype:trojan-activity;sid:84528742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665641)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/2_0_50727/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665641/; classtype:trojan-activity;sid:84528741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665640)"; flow:established,from_client; content:"GET"; http_method; content:"/image/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665640/; classtype:trojan-activity;sid:84528740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665639)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665639/; classtype:trojan-activity;sid:84528739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665635)"; flow:established,from_client; content:"GET"; http_method; content:"/check_update_apk/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665635/; classtype:trojan-activity;sid:84528735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665636)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665636/; classtype:trojan-activity;sid:84528736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665637)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/system_web/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665637/; classtype:trojan-activity;sid:84528737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665638)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/wmsentry/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665638/; classtype:trojan-activity;sid:84528738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665633)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665633/; classtype:trojan-activity;sid:84528733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665632)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/system_web/4_0_30319/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665632/; classtype:trojan-activity;sid:84528732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665631)"; flow:established,from_client; content:"GET"; http_method; content:"/barcode/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665631/; classtype:trojan-activity;sid:84528731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665629)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/qdsc/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665629/; classtype:trojan-activity;sid:84528729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665630)"; flow:established,from_client; content:"GET"; http_method; content:"/cfg/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665630/; classtype:trojan-activity;sid:84528730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665627)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665627/; classtype:trojan-activity;sid:84528727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665628)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/customercode/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665628/; classtype:trojan-activity;sid:84528728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665626)"; flow:established,from_client; content:"GET"; http_method; content:"/toupdateapk/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665626/; classtype:trojan-activity;sid:84528726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665625)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/cys/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665625/; classtype:trojan-activity;sid:84528725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665624)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/sysreport/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665624/; classtype:trojan-activity;sid:84528724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665622)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/testappicon/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665622/; classtype:trojan-activity;sid:84528722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665623)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/null/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665623/; classtype:trojan-activity;sid:84528723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665621)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665621/; classtype:trojan-activity;sid:84528721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665620)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/system_web/2_0_50727/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665620/; classtype:trojan-activity;sid:84528720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665619)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc-testapp-/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665619/; classtype:trojan-activity;sid:84528719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665617)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/maanbang/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665617/; classtype:trojan-activity;sid:84528717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665616)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/liubin/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665616/; classtype:trojan-activity;sid:84528716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665615)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/fengzaixing/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665615/; classtype:trojan-activity;sid:84528715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665611)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665611/; classtype:trojan-activity;sid:84528711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665613)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665613/; classtype:trojan-activity;sid:84528713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665556)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665556/; classtype:trojan-activity;sid:84528656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665555)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665555/; classtype:trojan-activity;sid:84528655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665548)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665548/; classtype:trojan-activity;sid:84528648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665549)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665549/; classtype:trojan-activity;sid:84528649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665550)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665550/; classtype:trojan-activity;sid:84528650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665539)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665539/; classtype:trojan-activity;sid:84528639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665540)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665540/; classtype:trojan-activity;sid:84528640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665541)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665541/; classtype:trojan-activity;sid:84528641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665542)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665542/; classtype:trojan-activity;sid:84528642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665543)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665543/; classtype:trojan-activity;sid:84528643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665545)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665545/; classtype:trojan-activity;sid:84528645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665546)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/debug"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665546/; classtype:trojan-activity;sid:84528646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665547)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665547/; classtype:trojan-activity;sid:84528647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665535)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665535/; classtype:trojan-activity;sid:84528635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665530)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%ae%af%e6%8d%b7%e7%89%a9%e6%b5%81%e6%96%b0%e7%89%88%e4%bf%a1%e6%81%af%e7%ae%a1%e7%90%86%e7%b3%bb%e7%bb%9f%e5%8e%86%e5%8f%b2%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6%e5%a4%87%e4%bb%bd/%e8%ae%af%e6%8d%b7%e7%89%a9%e6%b5%81%200310%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6%2001/info.zip"; http_uri; depth:275; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665530/; classtype:trojan-activity;sid:84528630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665520)"; flow:established,from_client; content:"GET"; http_method; content:"/c8d7af13171946fdaa7f283db2ae7b94_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665520/; classtype:trojan-activity;sid:84528620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665521)"; flow:established,from_client; content:"GET"; http_method; content:"/fffd8103854047c7ad5afa9c3f60de5d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665521/; classtype:trojan-activity;sid:84528621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665482)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665482/; classtype:trojan-activity;sid:84528582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665481)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665481/; classtype:trojan-activity;sid:84528581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665471)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665471/; classtype:trojan-activity;sid:84528571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665473)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665473/; classtype:trojan-activity;sid:84528573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665478)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665478/; classtype:trojan-activity;sid:84528578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665479)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665479/; classtype:trojan-activity;sid:84528579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665469)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665469/; classtype:trojan-activity;sid:84528569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665470)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665470/; classtype:trojan-activity;sid:84528570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665463)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665463/; classtype:trojan-activity;sid:84528563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665464)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665464/; classtype:trojan-activity;sid:84528564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665465)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665465/; classtype:trojan-activity;sid:84528565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665466)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665466/; classtype:trojan-activity;sid:84528566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665467)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665467/; classtype:trojan-activity;sid:84528567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665468)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665468/; classtype:trojan-activity;sid:84528568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665460)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665460/; classtype:trojan-activity;sid:84528560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665461)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665461/; classtype:trojan-activity;sid:84528561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665462)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665462/; classtype:trojan-activity;sid:84528562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665455)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665455/; classtype:trojan-activity;sid:84528555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665452)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.at"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665452/; classtype:trojan-activity;sid:84528552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665450)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/vnc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"microsoft-telemetry.at"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665450/; classtype:trojan-activity;sid:84528550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665451)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.at"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665451/; classtype:trojan-activity;sid:84528551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665447)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.at"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665447/; classtype:trojan-activity;sid:84528547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665448)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"23.94.252.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665448/; classtype:trojan-activity;sid:84528548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665449)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"23.94.252.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665449/; classtype:trojan-activity;sid:84528549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665443)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"23.94.252.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665443/; classtype:trojan-activity;sid:84528543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665444)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/vnc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"23.94.252.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665444/; classtype:trojan-activity;sid:84528544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665445)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.at"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665445/; classtype:trojan-activity;sid:84528545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665446)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"23.94.252.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665446/; classtype:trojan-activity;sid:84528546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665442)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/vnc.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.92.242.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665442/; classtype:trojan-activity;sid:84528542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665441)"; flow:established,from_client; content:"GET"; http_method; content:"/du4ko7hd/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665441/; classtype:trojan-activity;sid:84528541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665437)"; flow:established,from_client; content:"GET"; http_method; content:"/du4ko7hd/plugins/vnc.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665437/; classtype:trojan-activity;sid:84528537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665438)"; flow:established,from_client; content:"GET"; http_method; content:"/du4ko7hd/plugins/clip.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665438/; classtype:trojan-activity;sid:84528538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665439)"; flow:established,from_client; content:"GET"; http_method; content:"/du4ko7hd/plugins/clip64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665439/; classtype:trojan-activity;sid:84528539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665440)"; flow:established,from_client; content:"GET"; http_method; content:"/du4ko7hd/plugins/cred64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665440/; classtype:trojan-activity;sid:84528540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.72.238.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665321/; classtype:trojan-activity;sid:84528421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.37.228.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665066/; classtype:trojan-activity;sid:84528166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.11.130.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665064/; classtype:trojan-activity;sid:84528164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665050)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.73.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665050/; classtype:trojan-activity;sid:84528150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665048)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.73.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665048/; classtype:trojan-activity;sid:84528148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665015/; classtype:trojan-activity;sid:84528115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.90.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664984/; classtype:trojan-activity;sid:84528084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664885/; classtype:trojan-activity;sid:84527985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664881)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.204.240.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664881/; classtype:trojan-activity;sid:84527981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664880)"; flow:established,from_client; content:"GET"; http_method; content:"/public/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664880/; classtype:trojan-activity;sid:84527980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664821)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/viewer.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664821/; classtype:trojan-activity;sid:84527921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664820)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/screenconnect.clientsetup.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664820/; classtype:trojan-activity;sid:84527920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664813)"; flow:established,from_client; content:"GET"; http_method; content:"/28/items/msi-pro-with-b-64_20251007_2240/msi_pro_with_b64.png"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"ia601009.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664813/; classtype:trojan-activity;sid:84527913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664764)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bookings.mp4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664764/; classtype:trojan-activity;sid:84527864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.229.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664748/; classtype:trojan-activity;sid:84527848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664602/; classtype:trojan-activity;sid:84527702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662980/; classtype:trojan-activity;sid:84526080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662917)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/doc1.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"81.90.31.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662917/; classtype:trojan-activity;sid:84526017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662913)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/doc2.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"81.90.31.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662913/; classtype:trojan-activity;sid:84526013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662914)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/aaaa.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"81.90.31.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662914/; classtype:trojan-activity;sid:84526014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662886/; classtype:trojan-activity;sid:84525986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662887)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662887/; classtype:trojan-activity;sid:84525987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662850)"; flow:established,from_client; content:"GET"; http_method; content:"/afkzspyf66vlcjs.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662850/; classtype:trojan-activity;sid:84525950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662848)"; flow:established,from_client; content:"GET"; http_method; content:"/hmskzgr1vlc14nt.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662848/; classtype:trojan-activity;sid:84525948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662805)"; flow:established,from_client; content:"GET"; http_method; content:"/asmroyal/cd4/releases/download/cd4/cd4.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662805/; classtype:trojan-activity;sid:84525905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662802)"; flow:established,from_client; content:"GET"; http_method; content:"/8088da70c9d74b18aaa9c25e7334b986_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662802/; classtype:trojan-activity;sid:84525902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661435)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1afutsiefohaia02gkfjdbgn-kk91hksb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661435/; classtype:trojan-activity;sid:84524535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661367)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8233900432/3nvhynj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661367/; classtype:trojan-activity;sid:84524467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661353/; classtype:trojan-activity;sid:84524453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.1.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661259/; classtype:trojan-activity;sid:84524359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661083)"; flow:established,from_client; content:"GET"; http_method; content:"/bebc91fb1cc0431f965b38927c28ce04_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661083/; classtype:trojan-activity;sid:84524183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661068)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/javawe.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661068/; classtype:trojan-activity;sid:84524168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661069)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/rate.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661069/; classtype:trojan-activity;sid:84524169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661079)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/arce.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661079/; classtype:trojan-activity;sid:84524179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.186.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660997/; classtype:trojan-activity;sid:84524097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.222.192.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660984/; classtype:trojan-activity;sid:84524084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.204.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660935/; classtype:trojan-activity;sid:84524035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660928/; classtype:trojan-activity;sid:84524028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.204.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660926/; classtype:trojan-activity;sid:84524026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660738)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660738/; classtype:trojan-activity;sid:84523838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660696)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660696/; classtype:trojan-activity;sid:84523796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660690)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660690/; classtype:trojan-activity;sid:84523790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660688)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660688/; classtype:trojan-activity;sid:84523788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660680)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660680/; classtype:trojan-activity;sid:84523780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660679)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660679/; classtype:trojan-activity;sid:84523779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660677)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660677/; classtype:trojan-activity;sid:84523777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660676)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660676/; classtype:trojan-activity;sid:84523776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660675)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660675/; classtype:trojan-activity;sid:84523775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660674)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660674/; classtype:trojan-activity;sid:84523774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660672)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660672/; classtype:trojan-activity;sid:84523772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660670)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660670/; classtype:trojan-activity;sid:84523770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660668)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660668/; classtype:trojan-activity;sid:84523768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660669)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660669/; classtype:trojan-activity;sid:84523769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660665)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660665/; classtype:trojan-activity;sid:84523765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660666)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660666/; classtype:trojan-activity;sid:84523766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660663)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660663/; classtype:trojan-activity;sid:84523763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660664)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660664/; classtype:trojan-activity;sid:84523764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660660)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660660/; classtype:trojan-activity;sid:84523760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660659)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660659/; classtype:trojan-activity;sid:84523759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660657)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660657/; classtype:trojan-activity;sid:84523757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660658)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660658/; classtype:trojan-activity;sid:84523758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660655/; classtype:trojan-activity;sid:84523755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660656)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660656/; classtype:trojan-activity;sid:84523756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660654)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660654/; classtype:trojan-activity;sid:84523754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660652)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660652/; classtype:trojan-activity;sid:84523752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660653)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660653/; classtype:trojan-activity;sid:84523753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660647)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660647/; classtype:trojan-activity;sid:84523747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660648)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660648/; classtype:trojan-activity;sid:84523748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660649)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660649/; classtype:trojan-activity;sid:84523749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660644)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660644/; classtype:trojan-activity;sid:84523744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660642)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660642/; classtype:trojan-activity;sid:84523742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660641)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660641/; classtype:trojan-activity;sid:84523741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660639)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660639/; classtype:trojan-activity;sid:84523739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660638)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660638/; classtype:trojan-activity;sid:84523738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660637)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660637/; classtype:trojan-activity;sid:84523737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660636)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660636/; classtype:trojan-activity;sid:84523736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660635)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660635/; classtype:trojan-activity;sid:84523735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660634)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660634/; classtype:trojan-activity;sid:84523734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660633)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660633/; classtype:trojan-activity;sid:84523733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660631)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660631/; classtype:trojan-activity;sid:84523731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660630)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660630/; classtype:trojan-activity;sid:84523730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660629)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660629/; classtype:trojan-activity;sid:84523729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660625)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660625/; classtype:trojan-activity;sid:84523725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660624)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660624/; classtype:trojan-activity;sid:84523724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660622)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660622/; classtype:trojan-activity;sid:84523722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660623)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660623/; classtype:trojan-activity;sid:84523723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660621)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660621/; classtype:trojan-activity;sid:84523721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660620)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660620/; classtype:trojan-activity;sid:84523720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660619)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660619/; classtype:trojan-activity;sid:84523719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660618)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660618/; classtype:trojan-activity;sid:84523718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660615)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660615/; classtype:trojan-activity;sid:84523715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660616)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660616/; classtype:trojan-activity;sid:84523716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660612)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660612/; classtype:trojan-activity;sid:84523712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660613)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660613/; classtype:trojan-activity;sid:84523713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660611)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660611/; classtype:trojan-activity;sid:84523711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660608)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660608/; classtype:trojan-activity;sid:84523708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660607)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660607/; classtype:trojan-activity;sid:84523707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660605)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660605/; classtype:trojan-activity;sid:84523705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660603)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660603/; classtype:trojan-activity;sid:84523703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660600)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660600/; classtype:trojan-activity;sid:84523700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660599)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660599/; classtype:trojan-activity;sid:84523699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660598)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660598/; classtype:trojan-activity;sid:84523698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660596)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660596/; classtype:trojan-activity;sid:84523696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660595)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660595/; classtype:trojan-activity;sid:84523695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660594)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660594/; classtype:trojan-activity;sid:84523694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660592)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660592/; classtype:trojan-activity;sid:84523692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660593)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660593/; classtype:trojan-activity;sid:84523693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660590)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660590/; classtype:trojan-activity;sid:84523690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660591)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660591/; classtype:trojan-activity;sid:84523691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660588)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660588/; classtype:trojan-activity;sid:84523688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660589)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660589/; classtype:trojan-activity;sid:84523689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660584)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660584/; classtype:trojan-activity;sid:84523684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660581)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660581/; classtype:trojan-activity;sid:84523681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660582)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660582/; classtype:trojan-activity;sid:84523682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660579)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660579/; classtype:trojan-activity;sid:84523679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660580)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660580/; classtype:trojan-activity;sid:84523680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660577)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660577/; classtype:trojan-activity;sid:84523677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660575)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660575/; classtype:trojan-activity;sid:84523675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660576)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660576/; classtype:trojan-activity;sid:84523676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660573)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660573/; classtype:trojan-activity;sid:84523673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660574)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660574/; classtype:trojan-activity;sid:84523674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660571)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660571/; classtype:trojan-activity;sid:84523671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660569)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660569/; classtype:trojan-activity;sid:84523669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660570)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660570/; classtype:trojan-activity;sid:84523670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660568)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660568/; classtype:trojan-activity;sid:84523668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660563)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660563/; classtype:trojan-activity;sid:84523663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660564)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660564/; classtype:trojan-activity;sid:84523664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660566)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660566/; classtype:trojan-activity;sid:84523666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660559)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660559/; classtype:trojan-activity;sid:84523659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660560)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660560/; classtype:trojan-activity;sid:84523660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660561)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660561/; classtype:trojan-activity;sid:84523661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660552)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660552/; classtype:trojan-activity;sid:84523652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660553)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660553/; classtype:trojan-activity;sid:84523653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660554)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660554/; classtype:trojan-activity;sid:84523654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660555)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660555/; classtype:trojan-activity;sid:84523655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660556)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660556/; classtype:trojan-activity;sid:84523656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660510)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.48.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660510/; classtype:trojan-activity;sid:84523610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660513)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660513/; classtype:trojan-activity;sid:84523613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660514)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.32.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660514/; classtype:trojan-activity;sid:84523614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660506)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.180.49.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660506/; classtype:trojan-activity;sid:84523606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660505)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.95.124.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660505/; classtype:trojan-activity;sid:84523605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.210.101.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660500/; classtype:trojan-activity;sid:84523600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.10.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660475/; classtype:trojan-activity;sid:84523575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660466)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.18.158.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660466/; classtype:trojan-activity;sid:84523566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660460)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660460/; classtype:trojan-activity;sid:84523560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660332)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660332/; classtype:trojan-activity;sid:84523432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660331)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660331/; classtype:trojan-activity;sid:84523431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660329)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660329/; classtype:trojan-activity;sid:84523429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660327/; classtype:trojan-activity;sid:84523427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660262)"; flow:established,from_client; content:"GET"; http_method; content:"/fire/situp.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660262/; classtype:trojan-activity;sid:84523362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660207)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660207/; classtype:trojan-activity;sid:84523307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660200)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660200/; classtype:trojan-activity;sid:84523300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660201)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660201/; classtype:trojan-activity;sid:84523301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660202)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660202/; classtype:trojan-activity;sid:84523302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660197)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660197/; classtype:trojan-activity;sid:84523297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660190)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660190/; classtype:trojan-activity;sid:84523290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660192)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660192/; classtype:trojan-activity;sid:84523292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660193)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660193/; classtype:trojan-activity;sid:84523293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660180)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660180/; classtype:trojan-activity;sid:84523280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660177)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660177/; classtype:trojan-activity;sid:84523277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660167)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660167/; classtype:trojan-activity;sid:84523267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660168/; classtype:trojan-activity;sid:84523268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660165)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660165/; classtype:trojan-activity;sid:84523265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660161/; classtype:trojan-activity;sid:84523261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660162/; classtype:trojan-activity;sid:84523262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660142)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660142/; classtype:trojan-activity;sid:84523242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660144)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660144/; classtype:trojan-activity;sid:84523244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660145)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660145/; classtype:trojan-activity;sid:84523245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660146)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660146/; classtype:trojan-activity;sid:84523246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660148)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660148/; classtype:trojan-activity;sid:84523248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660150)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660150/; classtype:trojan-activity;sid:84523250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660152)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660152/; classtype:trojan-activity;sid:84523252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660153)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660153/; classtype:trojan-activity;sid:84523253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660154)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660154/; classtype:trojan-activity;sid:84523254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660155)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660155/; classtype:trojan-activity;sid:84523255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660156/; classtype:trojan-activity;sid:84523256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660159/; classtype:trojan-activity;sid:84523259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660132)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660132/; classtype:trojan-activity;sid:84523232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660133)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660133/; classtype:trojan-activity;sid:84523233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660136)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660136/; classtype:trojan-activity;sid:84523236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660138)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660138/; classtype:trojan-activity;sid:84523238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660139)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660139/; classtype:trojan-activity;sid:84523239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660140)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660140/; classtype:trojan-activity;sid:84523240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmb/wealthyblessedman.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"aerconditionat-arges.ro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660123/; classtype:trojan-activity;sid:84523223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659905)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/ckhhvtd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659905/; classtype:trojan-activity;sid:84523005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.230.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659881/; classtype:trojan-activity;sid:84522981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659836/; classtype:trojan-activity;sid:84522936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659835)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659835/; classtype:trojan-activity;sid:84522935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659834)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659834/; classtype:trojan-activity;sid:84522934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659833)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659833/; classtype:trojan-activity;sid:84522933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659805)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659805/; classtype:trojan-activity;sid:84522905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659801/; classtype:trojan-activity;sid:84522901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659802)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.187.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659802/; classtype:trojan-activity;sid:84522902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659803)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659803/; classtype:trojan-activity;sid:84522903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659796/; classtype:trojan-activity;sid:84522896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659797)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659797/; classtype:trojan-activity;sid:84522897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659789)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659789/; classtype:trojan-activity;sid:84522889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659792)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659792/; classtype:trojan-activity;sid:84522892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659779)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659779/; classtype:trojan-activity;sid:84522879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659782)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659782/; classtype:trojan-activity;sid:84522882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659769)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659769/; classtype:trojan-activity;sid:84522869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659766/; classtype:trojan-activity;sid:84522866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659599)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.84.56.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659599/; classtype:trojan-activity;sid:84522699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659594)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659594/; classtype:trojan-activity;sid:84522694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659581)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659581/; classtype:trojan-activity;sid:84522681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659559)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659559/; classtype:trojan-activity;sid:84522659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659548)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.84.56.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659548/; classtype:trojan-activity;sid:84522648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659539)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659539/; classtype:trojan-activity;sid:84522639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659532)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659532/; classtype:trojan-activity;sid:84522632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659512)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.84.56.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659512/; classtype:trojan-activity;sid:84522612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659519)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659519/; classtype:trojan-activity;sid:84522619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659520)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.102.226.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659520/; classtype:trojan-activity;sid:84522620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659490)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659490/; classtype:trojan-activity;sid:84522590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659492)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659492/; classtype:trojan-activity;sid:84522592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659483)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659483/; classtype:trojan-activity;sid:84522583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659484)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659484/; classtype:trojan-activity;sid:84522584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659485)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659485/; classtype:trojan-activity;sid:84522585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659486)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659486/; classtype:trojan-activity;sid:84522586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659488)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"180.93.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659488/; classtype:trojan-activity;sid:84522588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659035/; classtype:trojan-activity;sid:84522135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02102019084433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659034/; classtype:trojan-activity;sid:84522134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/14092020084207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659033/; classtype:trojan-activity;sid:84522133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26112020085916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659032/; classtype:trojan-activity;sid:84522132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18102019111038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659029/; classtype:trojan-activity;sid:84522129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15032020090651/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659031/; classtype:trojan-activity;sid:84522131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659027/; classtype:trojan-activity;sid:84522127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019112646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659028/; classtype:trojan-activity;sid:84522128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659025/; classtype:trojan-activity;sid:84522125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09022020101638/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659026/; classtype:trojan-activity;sid:84522126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16022020064629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659024/; classtype:trojan-activity;sid:84522124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02122019094630/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659023/; classtype:trojan-activity;sid:84522123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659022/; classtype:trojan-activity;sid:84522122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019114000/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659020/; classtype:trojan-activity;sid:84522120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08102020100008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659021/; classtype:trojan-activity;sid:84522121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10072020083751/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659019/; classtype:trojan-activity;sid:84522119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659017/; classtype:trojan-activity;sid:84522117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23092020092742/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659018/; classtype:trojan-activity;sid:84522118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020073000/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659016/; classtype:trojan-activity;sid:84522116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020104632/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659015/; classtype:trojan-activity;sid:84522115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20022020082433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659014/; classtype:trojan-activity;sid:84522114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659013/; classtype:trojan-activity;sid:84522113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09112020092547/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659012/; classtype:trojan-activity;sid:84522112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30102019072217/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659011/; classtype:trojan-activity;sid:84522111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659010/; classtype:trojan-activity;sid:84522110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06032020111840/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659009/; classtype:trojan-activity;sid:84522109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020102618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659008/; classtype:trojan-activity;sid:84522108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24102019112253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659007/; classtype:trojan-activity;sid:84522107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659004/; classtype:trojan-activity;sid:84522104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659000/; classtype:trojan-activity;sid:84522100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13092019111559/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659001/; classtype:trojan-activity;sid:84522101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020111356/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659002/; classtype:trojan-activity;sid:84522102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658998/; classtype:trojan-activity;sid:84522098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658994/; classtype:trojan-activity;sid:84522094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22052020090422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658995/; classtype:trojan-activity;sid:84522095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27112019140402/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658993/; classtype:trojan-activity;sid:84522093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658990/; classtype:trojan-activity;sid:84522090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02112019073947/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658988/; classtype:trojan-activity;sid:84522088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658987/; classtype:trojan-activity;sid:84522087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19122019111433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658984/; classtype:trojan-activity;sid:84522084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17102019111450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658985/; classtype:trojan-activity;sid:84522085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12022020103210/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658986/; classtype:trojan-activity;sid:84522086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658982/; classtype:trojan-activity;sid:84522082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658980/; classtype:trojan-activity;sid:84522080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020081006/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658979/; classtype:trojan-activity;sid:84522079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658978/; classtype:trojan-activity;sid:84522078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658974/; classtype:trojan-activity;sid:84522074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658970/; classtype:trojan-activity;sid:84522070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30062020084236/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658968/; classtype:trojan-activity;sid:84522068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020073716/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658966/; classtype:trojan-activity;sid:84522066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03082019091209/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658963/; classtype:trojan-activity;sid:84522063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658964/; classtype:trojan-activity;sid:84522064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658965/; classtype:trojan-activity;sid:84522065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658962/; classtype:trojan-activity;sid:84522062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-09-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658957/; classtype:trojan-activity;sid:84522057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658954/; classtype:trojan-activity;sid:84522054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020075936/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658955/; classtype:trojan-activity;sid:84522055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019090429/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658953/; classtype:trojan-activity;sid:84522053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25012020103314/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658949/; classtype:trojan-activity;sid:84522049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25092019085125/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658951/; classtype:trojan-activity;sid:84522051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658952/; classtype:trojan-activity;sid:84522052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658943/; classtype:trojan-activity;sid:84522043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658944/; classtype:trojan-activity;sid:84522044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24112019093155/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658941/; classtype:trojan-activity;sid:84522041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658938/; classtype:trojan-activity;sid:84522038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26082019085159/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658939/; classtype:trojan-activity;sid:84522039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658937/; classtype:trojan-activity;sid:84522037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020103652/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658934/; classtype:trojan-activity;sid:84522034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01022020073820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658935/; classtype:trojan-activity;sid:84522035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25062020092106/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658931/; classtype:trojan-activity;sid:84522031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658932/; classtype:trojan-activity;sid:84522032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10082020083839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658929/; classtype:trojan-activity;sid:84522029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25112019100904/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658927/; classtype:trojan-activity;sid:84522027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01022020074721/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658923/; classtype:trojan-activity;sid:84522023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658924/; classtype:trojan-activity;sid:84522024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658926/; classtype:trojan-activity;sid:84522026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658921/; classtype:trojan-activity;sid:84522021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658922/; classtype:trojan-activity;sid:84522022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020074152/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658917/; classtype:trojan-activity;sid:84522017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658913/; classtype:trojan-activity;sid:84522013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28102019124803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658914/; classtype:trojan-activity;sid:84522014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658905/; classtype:trojan-activity;sid:84522005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07082019085049/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658906/; classtype:trojan-activity;sid:84522006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18122019111713/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658909/; classtype:trojan-activity;sid:84522009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658910/; classtype:trojan-activity;sid:84522010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658903/; classtype:trojan-activity;sid:84522003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020083458/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658904/; classtype:trojan-activity;sid:84522004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07032020103438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658902/; classtype:trojan-activity;sid:84522002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22062020085933/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658900/; classtype:trojan-activity;sid:84522000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14082019111536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658895/; classtype:trojan-activity;sid:84521995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12082019083210/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658896/; classtype:trojan-activity;sid:84521996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29122019110754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658897/; classtype:trojan-activity;sid:84521997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658893/; classtype:trojan-activity;sid:84521993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09102019084351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658894/; classtype:trojan-activity;sid:84521994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24082020090253/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658884/; classtype:trojan-activity;sid:84521984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658885/; classtype:trojan-activity;sid:84521985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658886/; classtype:trojan-activity;sid:84521986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658880/; classtype:trojan-activity;sid:84521980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02082019084250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658881/; classtype:trojan-activity;sid:84521981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020074634/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658882/; classtype:trojan-activity;sid:84521982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22072020095444/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658883/; classtype:trojan-activity;sid:84521983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658878/; classtype:trojan-activity;sid:84521978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07102020082312/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658875/; classtype:trojan-activity;sid:84521975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658876/; classtype:trojan-activity;sid:84521976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658877/; classtype:trojan-activity;sid:84521977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23012020103306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658873/; classtype:trojan-activity;sid:84521973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22012020083836/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658872/; classtype:trojan-activity;sid:84521972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16092019081308/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658868/; classtype:trojan-activity;sid:84521968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658870/; classtype:trojan-activity;sid:84521970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658866/; classtype:trojan-activity;sid:84521966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020084705/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658862/; classtype:trojan-activity;sid:84521962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658863/; classtype:trojan-activity;sid:84521963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658864/; classtype:trojan-activity;sid:84521964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658865/; classtype:trojan-activity;sid:84521965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03032020101713/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658861/; classtype:trojan-activity;sid:84521961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658859/; classtype:trojan-activity;sid:84521959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31012020141621/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658857/; classtype:trojan-activity;sid:84521957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658856/; classtype:trojan-activity;sid:84521956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09092020085515/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658854/; classtype:trojan-activity;sid:84521954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658855/; classtype:trojan-activity;sid:84521955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019103158/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658852/; classtype:trojan-activity;sid:84521952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658851/; classtype:trojan-activity;sid:84521951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19112020085207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658847/; classtype:trojan-activity;sid:84521947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15062020104329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658845/; classtype:trojan-activity;sid:84521945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658841/; classtype:trojan-activity;sid:84521941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658836/; classtype:trojan-activity;sid:84521936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658832/; classtype:trojan-activity;sid:84521932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30122019083201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658835/; classtype:trojan-activity;sid:84521935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658825/; classtype:trojan-activity;sid:84521925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27072020084358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658826/; classtype:trojan-activity;sid:84521926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658828/; classtype:trojan-activity;sid:84521928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658829/; classtype:trojan-activity;sid:84521929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20052020090958/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658821/; classtype:trojan-activity;sid:84521921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11022020102208/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658824/; classtype:trojan-activity;sid:84521924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24012020083927/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658814/; classtype:trojan-activity;sid:84521914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658816/; classtype:trojan-activity;sid:84521916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21072020093623/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658817/; classtype:trojan-activity;sid:84521917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658819/; classtype:trojan-activity;sid:84521919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658820/; classtype:trojan-activity;sid:84521920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25122019075053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658810/; classtype:trojan-activity;sid:84521910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20102020083404/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658811/; classtype:trojan-activity;sid:84521911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23092019082104/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658807/; classtype:trojan-activity;sid:84521907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658805/; classtype:trojan-activity;sid:84521905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23022020084448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658806/; classtype:trojan-activity;sid:84521906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658803/; classtype:trojan-activity;sid:84521903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658801/; classtype:trojan-activity;sid:84521901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658802/; classtype:trojan-activity;sid:84521902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658798/; classtype:trojan-activity;sid:84521898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658789/; classtype:trojan-activity;sid:84521889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019111905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658791/; classtype:trojan-activity;sid:84521891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21012020083050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658793/; classtype:trojan-activity;sid:84521893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10032020102753/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658784/; classtype:trojan-activity;sid:84521884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658783/; classtype:trojan-activity;sid:84521883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2023-11-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658778/; classtype:trojan-activity;sid:84521878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/04305539000100/2020-07-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658781/; classtype:trojan-activity;sid:84521881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019084056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658771/; classtype:trojan-activity;sid:84521871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658774/; classtype:trojan-activity;sid:84521874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658775/; classtype:trojan-activity;sid:84521875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19092019112515/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658777/; classtype:trojan-activity;sid:84521877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658769/; classtype:trojan-activity;sid:84521869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658768/; classtype:trojan-activity;sid:84521868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/04092020084339/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658767/; classtype:trojan-activity;sid:84521867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07032020081614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658759/; classtype:trojan-activity;sid:84521859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658758/; classtype:trojan-activity;sid:84521858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658748/; classtype:trojan-activity;sid:84521848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658749/; classtype:trojan-activity;sid:84521849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658751/; classtype:trojan-activity;sid:84521851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05112019085201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658754/; classtype:trojan-activity;sid:84521854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658755/; classtype:trojan-activity;sid:84521855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22102020084229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658746/; classtype:trojan-activity;sid:84521846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05062020084755/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658747/; classtype:trojan-activity;sid:84521847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658745/; classtype:trojan-activity;sid:84521845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01042020144319/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658744/; classtype:trojan-activity;sid:84521844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658741/; classtype:trojan-activity;sid:84521841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658743/; classtype:trojan-activity;sid:84521843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14012020083431/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658739/; classtype:trojan-activity;sid:84521839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658735/; classtype:trojan-activity;sid:84521835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27012020110730/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658736/; classtype:trojan-activity;sid:84521836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658737/; classtype:trojan-activity;sid:84521837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27022020082832/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658738/; classtype:trojan-activity;sid:84521838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21112019100237/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658733/; classtype:trojan-activity;sid:84521833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658734/; classtype:trojan-activity;sid:84521834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03112019070517/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658731/; classtype:trojan-activity;sid:84521831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08032020071252/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658732/; classtype:trojan-activity;sid:84521832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658728/; classtype:trojan-activity;sid:84521828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658729/; classtype:trojan-activity;sid:84521829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019120500/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658730/; classtype:trojan-activity;sid:84521830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18032020110859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658724/; classtype:trojan-activity;sid:84521824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020142629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658722/; classtype:trojan-activity;sid:84521822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658720/; classtype:trojan-activity;sid:84521820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27082019102541/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658718/; classtype:trojan-activity;sid:84521818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020102826/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658719/; classtype:trojan-activity;sid:84521819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14122019072107/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658716/; classtype:trojan-activity;sid:84521816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16032020112426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658711/; classtype:trojan-activity;sid:84521811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19062020070009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658709/; classtype:trojan-activity;sid:84521809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/14092020083259/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658710/; classtype:trojan-activity;sid:84521810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05112019071742/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658702/; classtype:trojan-activity;sid:84521802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658703/; classtype:trojan-activity;sid:84521803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14112019111430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658696/; classtype:trojan-activity;sid:84521796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658697/; classtype:trojan-activity;sid:84521797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020090003/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658698/; classtype:trojan-activity;sid:84521798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30102019110916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658700/; classtype:trojan-activity;sid:84521800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020084905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658691/; classtype:trojan-activity;sid:84521791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658693/; classtype:trojan-activity;sid:84521793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658694/; classtype:trojan-activity;sid:84521794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02122019130515/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658688/; classtype:trojan-activity;sid:84521788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14042020090844/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658682/; classtype:trojan-activity;sid:84521782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658683/; classtype:trojan-activity;sid:84521783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30072020090328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658684/; classtype:trojan-activity;sid:84521784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020073631/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658679/; classtype:trojan-activity;sid:84521779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05022020103349/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658681/; classtype:trojan-activity;sid:84521781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14012020101406/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658678/; classtype:trojan-activity;sid:84521778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05092019101555/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658671/; classtype:trojan-activity;sid:84521771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01032020102326/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658672/; classtype:trojan-activity;sid:84521772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17012020111119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658674/; classtype:trojan-activity;sid:84521774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658675/; classtype:trojan-activity;sid:84521775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658670/; classtype:trojan-activity;sid:84521770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658666/; classtype:trojan-activity;sid:84521766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020064019/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658667/; classtype:trojan-activity;sid:84521767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658668/; classtype:trojan-activity;sid:84521768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658662/; classtype:trojan-activity;sid:84521762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23082019111824/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658664/; classtype:trojan-activity;sid:84521764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/04305539000100/2020-10-08/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658665/; classtype:trojan-activity;sid:84521765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10092019102851/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658659/; classtype:trojan-activity;sid:84521759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658660/; classtype:trojan-activity;sid:84521760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020102754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658658/; classtype:trojan-activity;sid:84521758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658655/; classtype:trojan-activity;sid:84521755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658656/; classtype:trojan-activity;sid:84521756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658653/; classtype:trojan-activity;sid:84521753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05092019100003/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658650/; classtype:trojan-activity;sid:84521750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14012020084424/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658651/; classtype:trojan-activity;sid:84521751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658652/; classtype:trojan-activity;sid:84521752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13082019110916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658649/; classtype:trojan-activity;sid:84521749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020073553/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658646/; classtype:trojan-activity;sid:84521746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30092020084740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658647/; classtype:trojan-activity;sid:84521747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658648/; classtype:trojan-activity;sid:84521748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658644/; classtype:trojan-activity;sid:84521744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10122019082932/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658637/; classtype:trojan-activity;sid:84521737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020142117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658638/; classtype:trojan-activity;sid:84521738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658639/; classtype:trojan-activity;sid:84521739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19082019071713/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658640/; classtype:trojan-activity;sid:84521740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23022020112139/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658641/; classtype:trojan-activity;sid:84521741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658636/; classtype:trojan-activity;sid:84521736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658632/; classtype:trojan-activity;sid:84521732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26022020101439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658633/; classtype:trojan-activity;sid:84521733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658634/; classtype:trojan-activity;sid:84521734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25092020085034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658635/; classtype:trojan-activity;sid:84521735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10082019090714/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658626/; classtype:trojan-activity;sid:84521726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28102020084216/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658627/; classtype:trojan-activity;sid:84521727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04032020083309/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658630/; classtype:trojan-activity;sid:84521730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658623/; classtype:trojan-activity;sid:84521723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658624/; classtype:trojan-activity;sid:84521724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28012020111221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658625/; classtype:trojan-activity;sid:84521725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658622/; classtype:trojan-activity;sid:84521722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658619/; classtype:trojan-activity;sid:84521719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21092019094026/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658620/; classtype:trojan-activity;sid:84521720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02012020080457/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658621/; classtype:trojan-activity;sid:84521721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08072020085529/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658617/; classtype:trojan-activity;sid:84521717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658618/; classtype:trojan-activity;sid:84521718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07082019084803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658611/; classtype:trojan-activity;sid:84521711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29092020084341/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658613/; classtype:trojan-activity;sid:84521713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13112020084116/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658614/; classtype:trojan-activity;sid:84521714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05122019085753/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658615/; classtype:trojan-activity;sid:84521715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658609/; classtype:trojan-activity;sid:84521709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658610/; classtype:trojan-activity;sid:84521710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658608/; classtype:trojan-activity;sid:84521708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658607/; classtype:trojan-activity;sid:84521707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20072020091125/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658606/; classtype:trojan-activity;sid:84521706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19112019095338/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658604/; classtype:trojan-activity;sid:84521704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019085634/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658598/; classtype:trojan-activity;sid:84521698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658599/; classtype:trojan-activity;sid:84521699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658601/; classtype:trojan-activity;sid:84521701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/04305539000100/2020-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658602/; classtype:trojan-activity;sid:84521702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29022020102453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658603/; classtype:trojan-activity;sid:84521703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658595/; classtype:trojan-activity;sid:84521695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18122019084557/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658596/; classtype:trojan-activity;sid:84521696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24122019100332/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658597/; classtype:trojan-activity;sid:84521697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24092020083048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658585/; classtype:trojan-activity;sid:84521685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28022020093617/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658586/; classtype:trojan-activity;sid:84521686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28102019111528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658587/; classtype:trojan-activity;sid:84521687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658590/; classtype:trojan-activity;sid:84521690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020132401/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658591/; classtype:trojan-activity;sid:84521691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13102019111002/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658592/; classtype:trojan-activity;sid:84521692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26102020075618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658593/; classtype:trojan-activity;sid:84521693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22102019075419/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658583/; classtype:trojan-activity;sid:84521683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14022020084908/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658579/; classtype:trojan-activity;sid:84521679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658580/; classtype:trojan-activity;sid:84521680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/2020-08-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658576/; classtype:trojan-activity;sid:84521676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658571/; classtype:trojan-activity;sid:84521671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658572/; classtype:trojan-activity;sid:84521672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658573/; classtype:trojan-activity;sid:84521673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658568/; classtype:trojan-activity;sid:84521668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02032020080301/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658569/; classtype:trojan-activity;sid:84521669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20022020080010/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658570/; classtype:trojan-activity;sid:84521670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658567/; classtype:trojan-activity;sid:84521667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07022020104647/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658562/; classtype:trojan-activity;sid:84521662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658563/; classtype:trojan-activity;sid:84521663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658561/; classtype:trojan-activity;sid:84521661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24022020071045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658560/; classtype:trojan-activity;sid:84521660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658558/; classtype:trojan-activity;sid:84521658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658555/; classtype:trojan-activity;sid:84521655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05022020083919/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658552/; classtype:trojan-activity;sid:84521652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658553/; classtype:trojan-activity;sid:84521653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658549/; classtype:trojan-activity;sid:84521649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658550/; classtype:trojan-activity;sid:84521650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658548/; classtype:trojan-activity;sid:84521648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658546/; classtype:trojan-activity;sid:84521646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658544/; classtype:trojan-activity;sid:84521644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23102019112124/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658541/; classtype:trojan-activity;sid:84521641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658539/; classtype:trojan-activity;sid:84521639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658535/; classtype:trojan-activity;sid:84521635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29102019111414/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658536/; classtype:trojan-activity;sid:84521636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19082019065142/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658531/; classtype:trojan-activity;sid:84521631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658533/; classtype:trojan-activity;sid:84521633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29062020084258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658527/; classtype:trojan-activity;sid:84521627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26122019110920/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658526/; classtype:trojan-activity;sid:84521626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658523/; classtype:trojan-activity;sid:84521623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15032020110206/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658521/; classtype:trojan-activity;sid:84521621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31082019074602/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658522/; classtype:trojan-activity;sid:84521622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03022020083538/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658514/; classtype:trojan-activity;sid:84521614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15012020084147/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658513/; classtype:trojan-activity;sid:84521613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658512/; classtype:trojan-activity;sid:84521612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019103340/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658505/; classtype:trojan-activity;sid:84521605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658509/; classtype:trojan-activity;sid:84521609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29082019090120/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658510/; classtype:trojan-activity;sid:84521610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658502/; classtype:trojan-activity;sid:84521602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15012020111529/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658500/; classtype:trojan-activity;sid:84521600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658501/; classtype:trojan-activity;sid:84521601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658496/; classtype:trojan-activity;sid:84521596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03092020083612/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658497/; classtype:trojan-activity;sid:84521597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28102019124413/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658498/; classtype:trojan-activity;sid:84521598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658495/; classtype:trojan-activity;sid:84521595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658493/; classtype:trojan-activity;sid:84521593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658492/; classtype:trojan-activity;sid:84521592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658491/; classtype:trojan-activity;sid:84521591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29102020082344/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658489/; classtype:trojan-activity;sid:84521589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658486/; classtype:trojan-activity;sid:84521586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658487/; classtype:trojan-activity;sid:84521587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28092019074335/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658488/; classtype:trojan-activity;sid:84521588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03032020092739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658485/; classtype:trojan-activity;sid:84521585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658482/; classtype:trojan-activity;sid:84521582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/04305539000100/2020-10-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658483/; classtype:trojan-activity;sid:84521583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658484/; classtype:trojan-activity;sid:84521584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658477/; classtype:trojan-activity;sid:84521577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658478/; classtype:trojan-activity;sid:84521578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07112019072436/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658479/; classtype:trojan-activity;sid:84521579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28092020084800/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658474/; classtype:trojan-activity;sid:84521574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658470/; classtype:trojan-activity;sid:84521570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658469/; classtype:trojan-activity;sid:84521569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12022020073843/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658466/; classtype:trojan-activity;sid:84521566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658460/; classtype:trojan-activity;sid:84521560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658461/; classtype:trojan-activity;sid:84521561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658462/; classtype:trojan-activity;sid:84521562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658463/; classtype:trojan-activity;sid:84521563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29082019110839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658459/; classtype:trojan-activity;sid:84521559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15082019112133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658454/; classtype:trojan-activity;sid:84521554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05032020100611/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658452/; classtype:trojan-activity;sid:84521552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658451/; classtype:trojan-activity;sid:84521551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31012020084259/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658443/; classtype:trojan-activity;sid:84521543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658444/; classtype:trojan-activity;sid:84521544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658445/; classtype:trojan-activity;sid:84521545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08112019085706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658439/; classtype:trojan-activity;sid:84521539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-12-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658437/; classtype:trojan-activity;sid:84521537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658435/; classtype:trojan-activity;sid:84521535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658436/; classtype:trojan-activity;sid:84521536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15012020084835/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658426/; classtype:trojan-activity;sid:84521526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020073942/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658427/; classtype:trojan-activity;sid:84521527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658428/; classtype:trojan-activity;sid:84521528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658429/; classtype:trojan-activity;sid:84521529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658430/; classtype:trojan-activity;sid:84521530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05022020084858/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658431/; classtype:trojan-activity;sid:84521531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658433/; classtype:trojan-activity;sid:84521533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07102019120718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658424/; classtype:trojan-activity;sid:84521524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658425/; classtype:trojan-activity;sid:84521525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26012020110837/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658419/; classtype:trojan-activity;sid:84521519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658421/; classtype:trojan-activity;sid:84521521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658414/; classtype:trojan-activity;sid:84521514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04092019101034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658416/; classtype:trojan-activity;sid:84521516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10022020141618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658412/; classtype:trojan-activity;sid:84521512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08092019091937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658407/; classtype:trojan-activity;sid:84521507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23112020080135/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658408/; classtype:trojan-activity;sid:84521508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658411/; classtype:trojan-activity;sid:84521511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658403/; classtype:trojan-activity;sid:84521503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15102020075415/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658402/; classtype:trojan-activity;sid:84521502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658401/; classtype:trojan-activity;sid:84521501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27092019112351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658399/; classtype:trojan-activity;sid:84521499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020064612/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658400/; classtype:trojan-activity;sid:84521500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10012020082528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658397/; classtype:trojan-activity;sid:84521497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658396/; classtype:trojan-activity;sid:84521496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019100156/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658395/; classtype:trojan-activity;sid:84521495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658393/; classtype:trojan-activity;sid:84521493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658394/; classtype:trojan-activity;sid:84521494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03022020084036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658392/; classtype:trojan-activity;sid:84521492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658388/; classtype:trojan-activity;sid:84521488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019110544/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658386/; classtype:trojan-activity;sid:84521486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658387/; classtype:trojan-activity;sid:84521487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03112020080201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658384/; classtype:trojan-activity;sid:84521484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02092019084045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658382/; classtype:trojan-activity;sid:84521482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09122019111725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658380/; classtype:trojan-activity;sid:84521480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25082020083620/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658377/; classtype:trojan-activity;sid:84521477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28092020085505/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658376/; classtype:trojan-activity;sid:84521476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04112019111207/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658375/; classtype:trojan-activity;sid:84521475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658374/; classtype:trojan-activity;sid:84521474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020081506/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658371/; classtype:trojan-activity;sid:84521471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658367/; classtype:trojan-activity;sid:84521467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07102019080820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658368/; classtype:trojan-activity;sid:84521468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658369/; classtype:trojan-activity;sid:84521469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658366/; classtype:trojan-activity;sid:84521466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658360/; classtype:trojan-activity;sid:84521460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27082019072537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658361/; classtype:trojan-activity;sid:84521461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658363/; classtype:trojan-activity;sid:84521463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020102110/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658364/; classtype:trojan-activity;sid:84521464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020072533/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658358/; classtype:trojan-activity;sid:84521458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658356/; classtype:trojan-activity;sid:84521456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15092020084622/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658350/; classtype:trojan-activity;sid:84521450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658352/; classtype:trojan-activity;sid:84521452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658353/; classtype:trojan-activity;sid:84521453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658348/; classtype:trojan-activity;sid:84521448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658346/; classtype:trojan-activity;sid:84521446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658347/; classtype:trojan-activity;sid:84521447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658341/; classtype:trojan-activity;sid:84521441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658342/; classtype:trojan-activity;sid:84521442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658344/; classtype:trojan-activity;sid:84521444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658345/; classtype:trojan-activity;sid:84521445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658340/; classtype:trojan-activity;sid:84521440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27092019083316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658338/; classtype:trojan-activity;sid:84521438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658339/; classtype:trojan-activity;sid:84521439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23092019111516/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658336/; classtype:trojan-activity;sid:84521436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658330/; classtype:trojan-activity;sid:84521430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12122019101814/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658331/; classtype:trojan-activity;sid:84521431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16092019110740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658324/; classtype:trojan-activity;sid:84521424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658325/; classtype:trojan-activity;sid:84521425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11102019085631/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658322/; classtype:trojan-activity;sid:84521422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09092019083927/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658317/; classtype:trojan-activity;sid:84521417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05082019090424/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658318/; classtype:trojan-activity;sid:84521418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658321/; classtype:trojan-activity;sid:84521421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658315/; classtype:trojan-activity;sid:84521415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658316/; classtype:trojan-activity;sid:84521416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658309/; classtype:trojan-activity;sid:84521409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658312/; classtype:trojan-activity;sid:84521412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19112019082902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658313/; classtype:trojan-activity;sid:84521413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12082019111048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658305/; classtype:trojan-activity;sid:84521405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31012020112230/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658303/; classtype:trojan-activity;sid:84521403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21052020090420/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658301/; classtype:trojan-activity;sid:84521401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08092019082357/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658299/; classtype:trojan-activity;sid:84521399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17112019105427/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658294/; classtype:trojan-activity;sid:84521394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658288/; classtype:trojan-activity;sid:84521388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658290/; classtype:trojan-activity;sid:84521390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16082019084628/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658291/; classtype:trojan-activity;sid:84521391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04092019080057/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658293/; classtype:trojan-activity;sid:84521393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21102019084527/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658285/; classtype:trojan-activity;sid:84521385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658282/; classtype:trojan-activity;sid:84521382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658284/; classtype:trojan-activity;sid:84521384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658276/; classtype:trojan-activity;sid:84521376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658277/; classtype:trojan-activity;sid:84521377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658278/; classtype:trojan-activity;sid:84521378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658280/; classtype:trojan-activity;sid:84521380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658274/; classtype:trojan-activity;sid:84521374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658273/; classtype:trojan-activity;sid:84521373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658265/; classtype:trojan-activity;sid:84521365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04062020080054/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658266/; classtype:trojan-activity;sid:84521366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11092019084025/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658267/; classtype:trojan-activity;sid:84521367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07082019112547/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658263/; classtype:trojan-activity;sid:84521363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658262/; classtype:trojan-activity;sid:84521362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658261/; classtype:trojan-activity;sid:84521361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658254/; classtype:trojan-activity;sid:84521354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658256/; classtype:trojan-activity;sid:84521356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658258/; classtype:trojan-activity;sid:84521358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08022020071901/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658259/; classtype:trojan-activity;sid:84521359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26102020075115/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658260/; classtype:trojan-activity;sid:84521360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658252/; classtype:trojan-activity;sid:84521352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020111428/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658253/; classtype:trojan-activity;sid:84521353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658247/; classtype:trojan-activity;sid:84521347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019110019/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658249/; classtype:trojan-activity;sid:84521349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658243/; classtype:trojan-activity;sid:84521343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658240/; classtype:trojan-activity;sid:84521340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19022020074049/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658242/; classtype:trojan-activity;sid:84521342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019100052/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658236/; classtype:trojan-activity;sid:84521336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11122019085114/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658237/; classtype:trojan-activity;sid:84521337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658238/; classtype:trojan-activity;sid:84521338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019103005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658239/; classtype:trojan-activity;sid:84521339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02092019135755/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658233/; classtype:trojan-activity;sid:84521333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29012020110926/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658234/; classtype:trojan-activity;sid:84521334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020074337/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658229/; classtype:trojan-activity;sid:84521329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12092019112032/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658231/; classtype:trojan-activity;sid:84521331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658228/; classtype:trojan-activity;sid:84521328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04032020102908/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658220/; classtype:trojan-activity;sid:84521320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658222/; classtype:trojan-activity;sid:84521322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16012020111550/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658224/; classtype:trojan-activity;sid:84521324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14022020140803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658225/; classtype:trojan-activity;sid:84521325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658217/; classtype:trojan-activity;sid:84521317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658218/; classtype:trojan-activity;sid:84521318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658219/; classtype:trojan-activity;sid:84521319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24112020081613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658214/; classtype:trojan-activity;sid:84521314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25112020083758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658211/; classtype:trojan-activity;sid:84521311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22122019072721/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658212/; classtype:trojan-activity;sid:84521312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658213/; classtype:trojan-activity;sid:84521313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07102019075325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658209/; classtype:trojan-activity;sid:84521309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/31072020085247/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658202/; classtype:trojan-activity;sid:84521302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17032020092647/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658203/; classtype:trojan-activity;sid:84521303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21122019075441/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658204/; classtype:trojan-activity;sid:84521304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12122019082453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658205/; classtype:trojan-activity;sid:84521305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020075032/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658206/; classtype:trojan-activity;sid:84521306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658199/; classtype:trojan-activity;sid:84521299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03102019081724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658200/; classtype:trojan-activity;sid:84521300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658198/; classtype:trojan-activity;sid:84521298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02092020090343/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658190/; classtype:trojan-activity;sid:84521290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020102546/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658191/; classtype:trojan-activity;sid:84521291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658192/; classtype:trojan-activity;sid:84521292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658194/; classtype:trojan-activity;sid:84521294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22112019114331/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658195/; classtype:trojan-activity;sid:84521295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03082020091156/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658185/; classtype:trojan-activity;sid:84521285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14072020084319/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658186/; classtype:trojan-activity;sid:84521286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02092019074951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658175/; classtype:trojan-activity;sid:84521275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15122019113205/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658176/; classtype:trojan-activity;sid:84521276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658178/; classtype:trojan-activity;sid:84521278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18112019111421/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658179/; classtype:trojan-activity;sid:84521279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658168/; classtype:trojan-activity;sid:84521268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020102944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658169/; classtype:trojan-activity;sid:84521269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28082019110944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658172/; classtype:trojan-activity;sid:84521272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658173/; classtype:trojan-activity;sid:84521273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658174/; classtype:trojan-activity;sid:84521274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658165/; classtype:trojan-activity;sid:84521265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020083934/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658166/; classtype:trojan-activity;sid:84521266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658164/; classtype:trojan-activity;sid:84521264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658159/; classtype:trojan-activity;sid:84521259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658158/; classtype:trojan-activity;sid:84521258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17022020125714/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658157/; classtype:trojan-activity;sid:84521257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25012020105422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658156/; classtype:trojan-activity;sid:84521256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17032020111050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658151/; classtype:trojan-activity;sid:84521251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658152/; classtype:trojan-activity;sid:84521252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21112019085250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658153/; classtype:trojan-activity;sid:84521253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19092019113551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658154/; classtype:trojan-activity;sid:84521254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10012020081934/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658155/; classtype:trojan-activity;sid:84521255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658147/; classtype:trojan-activity;sid:84521247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658148/; classtype:trojan-activity;sid:84521248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16062020071846/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658149/; classtype:trojan-activity;sid:84521249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658150/; classtype:trojan-activity;sid:84521250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658143/; classtype:trojan-activity;sid:84521243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28022020102447/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658146/; classtype:trojan-activity;sid:84521246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658142/; classtype:trojan-activity;sid:84521242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020091641/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658140/; classtype:trojan-activity;sid:84521240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658141/; classtype:trojan-activity;sid:84521241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658138/; classtype:trojan-activity;sid:84521238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658135/; classtype:trojan-activity;sid:84521235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658137/; classtype:trojan-activity;sid:84521237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019122429/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658133/; classtype:trojan-activity;sid:84521233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658134/; classtype:trojan-activity;sid:84521234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19112019082650/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658130/; classtype:trojan-activity;sid:84521230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658131/; classtype:trojan-activity;sid:84521231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658129/; classtype:trojan-activity;sid:84521229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03122019122626/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658126/; classtype:trojan-activity;sid:84521226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15102019084429/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658127/; classtype:trojan-activity;sid:84521227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658123/; classtype:trojan-activity;sid:84521223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658125/; classtype:trojan-activity;sid:84521225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29072020093540/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658121/; classtype:trojan-activity;sid:84521221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019104436/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658120/; classtype:trojan-activity;sid:84521220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658117/; classtype:trojan-activity;sid:84521217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019111227/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658114/; classtype:trojan-activity;sid:84521214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658110/; classtype:trojan-activity;sid:84521210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/04305539000100/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658112/; classtype:trojan-activity;sid:84521212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658107/; classtype:trojan-activity;sid:84521207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658106/; classtype:trojan-activity;sid:84521206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658101/; classtype:trojan-activity;sid:84521201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658102/; classtype:trojan-activity;sid:84521202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05022020085221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658103/; classtype:trojan-activity;sid:84521203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658105/; classtype:trojan-activity;sid:84521205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019114144/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658096/; classtype:trojan-activity;sid:84521196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020092958/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658097/; classtype:trojan-activity;sid:84521197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18032020083606/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658092/; classtype:trojan-activity;sid:84521192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21102019084320/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658093/; classtype:trojan-activity;sid:84521193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658094/; classtype:trojan-activity;sid:84521194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020085315/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658095/; classtype:trojan-activity;sid:84521195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31012020090045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658090/; classtype:trojan-activity;sid:84521190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-12-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658091/; classtype:trojan-activity;sid:84521191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658087/; classtype:trojan-activity;sid:84521187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658088/; classtype:trojan-activity;sid:84521188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20032020110739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658080/; classtype:trojan-activity;sid:84521180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23062020085151/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658082/; classtype:trojan-activity;sid:84521182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29102019072415/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658070/; classtype:trojan-activity;sid:84521170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020083637/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658072/; classtype:trojan-activity;sid:84521172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020080720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658065/; classtype:trojan-activity;sid:84521165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-08-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658061/; classtype:trojan-activity;sid:84521161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657844)"; flow:established,from_client; content:"GET"; http_method; content:"/8a242049c1a544959e327edc8b7030a4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657844/; classtype:trojan-activity;sid:84520944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657840)"; flow:established,from_client; content:"GET"; http_method; content:"/af613d2a4c3f4b1f90ed44a066aad120_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657840/; classtype:trojan-activity;sid:84520940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657841)"; flow:established,from_client; content:"GET"; http_method; content:"/7daf6df0631b49c99b5fd8bd8ac8f5fa_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657841/; classtype:trojan-activity;sid:84520941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657842)"; flow:established,from_client; content:"GET"; http_method; content:"/d27444f388174b6cb1797e1231490fbd_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657842/; classtype:trojan-activity;sid:84520942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657843)"; flow:established,from_client; content:"GET"; http_method; content:"/41871cbeecb742b491ba660018f6a745_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657843/; classtype:trojan-activity;sid:84520943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657839)"; flow:established,from_client; content:"GET"; http_method; content:"/bab180a47f7f4e539281d55729229a35_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657839/; classtype:trojan-activity;sid:84520939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657835)"; flow:established,from_client; content:"GET"; http_method; content:"/aff93c7d122a49fdadfac79f6772e2c3_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657835/; classtype:trojan-activity;sid:84520935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657836)"; flow:established,from_client; content:"GET"; http_method; content:"/757b472eb94c4319b0110ccb818efa62_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657836/; classtype:trojan-activity;sid:84520936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657837)"; flow:established,from_client; content:"GET"; http_method; content:"/18c07787a8f64cefbbdf2654800587fd_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657837/; classtype:trojan-activity;sid:84520937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657838)"; flow:established,from_client; content:"GET"; http_method; content:"/a7981d5db9244c64af00518cab17b6ca_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657838/; classtype:trojan-activity;sid:84520938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657819)"; flow:established,from_client; content:"GET"; http_method; content:"/3d8f6d30398d4164a1ee7c1cff13dcd2_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657819/; classtype:trojan-activity;sid:84520919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657820)"; flow:established,from_client; content:"GET"; http_method; content:"/f365415546494464bb939957e6f1425b_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657820/; classtype:trojan-activity;sid:84520920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657823)"; flow:established,from_client; content:"GET"; http_method; content:"/b839faeb51054565a4b3167a5ea2a983_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657823/; classtype:trojan-activity;sid:84520923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657824)"; flow:established,from_client; content:"GET"; http_method; content:"/2711f6f1da194c6988a7bbb442adc497_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657824/; classtype:trojan-activity;sid:84520924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657826)"; flow:established,from_client; content:"GET"; http_method; content:"/4f2a4a7472ed4cf3bc5169cfc78bbc2a_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657826/; classtype:trojan-activity;sid:84520926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657827)"; flow:established,from_client; content:"GET"; http_method; content:"/38cb767c16d540ca8ddec944a5630a19_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657827/; classtype:trojan-activity;sid:84520927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657828)"; flow:established,from_client; content:"GET"; http_method; content:"/485cdb1e12474cdcbb699d7da21dfc4b_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657828/; classtype:trojan-activity;sid:84520928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657829)"; flow:established,from_client; content:"GET"; http_method; content:"/f1e5a59b2a9145f6983e2b256ac85ece_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657829/; classtype:trojan-activity;sid:84520929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657830)"; flow:established,from_client; content:"GET"; http_method; content:"/29edca7692ef47b8b96111772d829167_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657830/; classtype:trojan-activity;sid:84520930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657831)"; flow:established,from_client; content:"GET"; http_method; content:"/aaaf981bbc4b49faa06ffb4ee0945290_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657831/; classtype:trojan-activity;sid:84520931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657832)"; flow:established,from_client; content:"GET"; http_method; content:"/53290cf06e95475fa6ebc07d5b612d8f_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657832/; classtype:trojan-activity;sid:84520932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657833)"; flow:established,from_client; content:"GET"; http_method; content:"/305056fab30e4c04a491787c14867fee_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657833/; classtype:trojan-activity;sid:84520933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657814)"; flow:established,from_client; content:"GET"; http_method; content:"/9c6acbed3faa456abaa16388e9c7667c_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657814/; classtype:trojan-activity;sid:84520914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657815)"; flow:established,from_client; content:"GET"; http_method; content:"/f1b4cc7898d045af91b7d550bb78c93c_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657815/; classtype:trojan-activity;sid:84520915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657816)"; flow:established,from_client; content:"GET"; http_method; content:"/b30229946e9e4d4aa9846128e779a33c_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657816/; classtype:trojan-activity;sid:84520916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657817)"; flow:established,from_client; content:"GET"; http_method; content:"/dadaasads_new.ps1|3f|c"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657817/; classtype:trojan-activity;sid:84520917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657818)"; flow:established,from_client; content:"GET"; http_method; content:"/2c9332860ee544daabf3449fd4a5b914_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657818/; classtype:trojan-activity;sid:84520918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657811)"; flow:established,from_client; content:"GET"; http_method; content:"/ba6752c4d8034ddeaafa804902bcd4c8_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657811/; classtype:trojan-activity;sid:84520911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657812)"; flow:established,from_client; content:"GET"; http_method; content:"/c2e23717744b43abaa3bed47a19309b3_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657812/; classtype:trojan-activity;sid:84520912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657813)"; flow:established,from_client; content:"GET"; http_method; content:"/80c34ba726e8444395fc5acb5f6461cd_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657813/; classtype:trojan-activity;sid:84520913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657810)"; flow:established,from_client; content:"GET"; http_method; content:"/5d410f2cf7594dbe9390d56f746995d1_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657810/; classtype:trojan-activity;sid:84520910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657807)"; flow:established,from_client; content:"GET"; http_method; content:"/7bf5a1d8a204495caad97b148eb1bf97_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657807/; classtype:trojan-activity;sid:84520907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657808)"; flow:established,from_client; content:"GET"; http_method; content:"/1656cc33836f45d3b71798c874fa8543_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657808/; classtype:trojan-activity;sid:84520908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657809)"; flow:established,from_client; content:"GET"; http_method; content:"/3dcd6dd8348540bfaacce836c8e157fa_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657809/; classtype:trojan-activity;sid:84520909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657805)"; flow:established,from_client; content:"GET"; http_method; content:"/03f48fe85fa6454bac21ae095ebb502b_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657805/; classtype:trojan-activity;sid:84520905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657806)"; flow:established,from_client; content:"GET"; http_method; content:"/89be5298127c4675b13e5347c435a9ab_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657806/; classtype:trojan-activity;sid:84520906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657795)"; flow:established,from_client; content:"GET"; http_method; content:"/1bdd223140d443b883991e5f9417bdba_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657795/; classtype:trojan-activity;sid:84520895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657796)"; flow:established,from_client; content:"GET"; http_method; content:"/2fcba6c61f984bb2961c26d50d02e609_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657796/; classtype:trojan-activity;sid:84520896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657797)"; flow:established,from_client; content:"GET"; http_method; content:"/c98b36f432364f18af87198670387fe4_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657797/; classtype:trojan-activity;sid:84520897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657798)"; flow:established,from_client; content:"GET"; http_method; content:"/7b6e617e0a6d48539be22c865f8c0bf9_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657798/; classtype:trojan-activity;sid:84520898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657799)"; flow:established,from_client; content:"GET"; http_method; content:"/b6e6471857364f4292d095423fa7ebd0_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657799/; classtype:trojan-activity;sid:84520899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657800)"; flow:established,from_client; content:"GET"; http_method; content:"/89ff9bdcea23450fb3db369ccbe08dae_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657800/; classtype:trojan-activity;sid:84520900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657801)"; flow:established,from_client; content:"GET"; http_method; content:"/fbb49b7f138445709424a8ea0ecf1b0e_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657801/; classtype:trojan-activity;sid:84520901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657802)"; flow:established,from_client; content:"GET"; http_method; content:"/5f70936adcc640a4852b6037417b1301_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657802/; classtype:trojan-activity;sid:84520902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657803)"; flow:established,from_client; content:"GET"; http_method; content:"/040c5409ce5d40168c989f9346803091_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657803/; classtype:trojan-activity;sid:84520903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657804)"; flow:established,from_client; content:"GET"; http_method; content:"/e1ae86354aec48f9924f31c4660ee0e8_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657804/; classtype:trojan-activity;sid:84520904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657787)"; flow:established,from_client; content:"GET"; http_method; content:"/132859e38755407f8b96a074084bbcd8_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657787/; classtype:trojan-activity;sid:84520887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657788)"; flow:established,from_client; content:"GET"; http_method; content:"/ebb10b00c7d74dd58698a0983cb9b526_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657788/; classtype:trojan-activity;sid:84520888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657789)"; flow:established,from_client; content:"GET"; http_method; content:"/442541487e10423ab3fef5d7c2abbe1a_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657789/; classtype:trojan-activity;sid:84520889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657790)"; flow:established,from_client; content:"GET"; http_method; content:"/ecf3472393084c539688cdf124f987e3_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657790/; classtype:trojan-activity;sid:84520890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657791)"; flow:established,from_client; content:"GET"; http_method; content:"/9614db5763934b9eace34b1a16dc0ae8_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657791/; classtype:trojan-activity;sid:84520891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657792)"; flow:established,from_client; content:"GET"; http_method; content:"/2ed3e3c5abb540b4a2af71d844db728d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657792/; classtype:trojan-activity;sid:84520892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657793)"; flow:established,from_client; content:"GET"; http_method; content:"/ee3a7ec1b7e847179e4d6df1de6bae6d_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657793/; classtype:trojan-activity;sid:84520893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657784)"; flow:established,from_client; content:"GET"; http_method; content:"/46c75e08065c4e1eb01a8cba113d68f6_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657784/; classtype:trojan-activity;sid:84520884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657785)"; flow:established,from_client; content:"GET"; http_method; content:"/91367eb6b012489799a8454b8a080de4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657785/; classtype:trojan-activity;sid:84520885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657781)"; flow:established,from_client; content:"GET"; http_method; content:"/file/pdf24creator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657781/; classtype:trojan-activity;sid:84520881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657782)"; flow:established,from_client; content:"GET"; http_method; content:"/04f74d1de9b942179b52fd8b6eef1a84_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657782/; classtype:trojan-activity;sid:84520882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657783)"; flow:established,from_client; content:"GET"; http_method; content:"/58e87367f66b46828e268b8a1ed4ae95_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657783/; classtype:trojan-activity;sid:84520883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657779)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/bj4bgb6.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657779/; classtype:trojan-activity;sid:84520879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657780)"; flow:established,from_client; content:"GET"; http_method; content:"/218aac863bec4553b2da928cecceb9ca_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657780/; classtype:trojan-activity;sid:84520880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657778)"; flow:established,from_client; content:"GET"; http_method; content:"/f2e3c40595504038a1900698eb78ea5a_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657778/; classtype:trojan-activity;sid:84520878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657775)"; flow:established,from_client; content:"GET"; http_method; content:"/file/sourcetree.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657775/; classtype:trojan-activity;sid:84520875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657776)"; flow:established,from_client; content:"GET"; http_method; content:"/21bb7bb55e9f4135a043a2d6e783216b_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657776/; classtype:trojan-activity;sid:84520876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657777)"; flow:established,from_client; content:"GET"; http_method; content:"/e6bc761b995d49628fdc56f52a4ac780_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657777/; classtype:trojan-activity;sid:84520877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657770)"; flow:established,from_client; content:"GET"; http_method; content:"/ae398be3fc4745c097c3e1003846ce05_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657770/; classtype:trojan-activity;sid:84520870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657771)"; flow:established,from_client; content:"GET"; http_method; content:"/04866d9cf72f437187f791a847040774_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657771/; classtype:trojan-activity;sid:84520871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657772)"; flow:established,from_client; content:"GET"; http_method; content:"/3074850e10f44959aef8995471cdfced_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657772/; classtype:trojan-activity;sid:84520872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657773)"; flow:established,from_client; content:"GET"; http_method; content:"/60d25956c6cb4df38868bf1d604861b3_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657773/; classtype:trojan-activity;sid:84520873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657774)"; flow:established,from_client; content:"GET"; http_method; content:"/f641efb3c3d04eb996984fbc0098e9ad_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657774/; classtype:trojan-activity;sid:84520874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657763)"; flow:established,from_client; content:"GET"; http_method; content:"/6571e11111ad4da18ed71a9275800062_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657763/; classtype:trojan-activity;sid:84520863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657764)"; flow:established,from_client; content:"GET"; http_method; content:"/914cf5da09ca4e9da309443ad7e5e13b_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657764/; classtype:trojan-activity;sid:84520864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657765)"; flow:established,from_client; content:"GET"; http_method; content:"/6a1c5881aa22442a85892ac093c10e12_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657765/; classtype:trojan-activity;sid:84520865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657766)"; flow:established,from_client; content:"GET"; http_method; content:"/78dbc280468a4ab3a3675ff6a1d28efd_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657766/; classtype:trojan-activity;sid:84520866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657767)"; flow:established,from_client; content:"GET"; http_method; content:"/741413b0b9cf4d058a1ae62a2b886365_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657767/; classtype:trojan-activity;sid:84520867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657769)"; flow:established,from_client; content:"GET"; http_method; content:"/ac3409e25721489087143770aed94645_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657769/; classtype:trojan-activity;sid:84520869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657751)"; flow:established,from_client; content:"GET"; http_method; content:"/d10c0c3f963d40e69fb8149615dde1b4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657751/; classtype:trojan-activity;sid:84520851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657752)"; flow:established,from_client; content:"GET"; http_method; content:"/a4e6e3b9453445448a124d3f62f020ec_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657752/; classtype:trojan-activity;sid:84520852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657753)"; flow:established,from_client; content:"GET"; http_method; content:"/708e36a28435404ca3653b39a963e9f8_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657753/; classtype:trojan-activity;sid:84520853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657754)"; flow:established,from_client; content:"GET"; http_method; content:"/7dbc521760fa460191532ca77b4ca23a_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657754/; classtype:trojan-activity;sid:84520854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657755)"; flow:established,from_client; content:"GET"; http_method; content:"/88dc2d944efc4dc19545353b94ce594a_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657755/; classtype:trojan-activity;sid:84520855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657756)"; flow:established,from_client; content:"GET"; http_method; content:"/7077db60aea6421d9e95cc0222df9a31_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657756/; classtype:trojan-activity;sid:84520856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657757)"; flow:established,from_client; content:"GET"; http_method; content:"/301cc0439aaa45a1a80ef7ed23f6e7c8_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657757/; classtype:trojan-activity;sid:84520857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657758)"; flow:established,from_client; content:"GET"; http_method; content:"/4af237735cc742a3a2d84baf69eecb85_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657758/; classtype:trojan-activity;sid:84520858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657759)"; flow:established,from_client; content:"GET"; http_method; content:"/0c482097516c4490ad4d005ffb73e076_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657759/; classtype:trojan-activity;sid:84520859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657760)"; flow:established,from_client; content:"GET"; http_method; content:"/3398ffa279fd4a7aabcac3657cb98378_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657760/; classtype:trojan-activity;sid:84520860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657761)"; flow:established,from_client; content:"GET"; http_method; content:"/c6143ceb76d746eca1121b98c8254435_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657761/; classtype:trojan-activity;sid:84520861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657762)"; flow:established,from_client; content:"GET"; http_method; content:"/be44039d7da0443c857f94c005b5b8c4_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657762/; classtype:trojan-activity;sid:84520862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657749)"; flow:established,from_client; content:"GET"; http_method; content:"/736030f66a1e437fa58d8a166f9f1422_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657749/; classtype:trojan-activity;sid:84520849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657750)"; flow:established,from_client; content:"GET"; http_method; content:"/30222e26c45741c0a06521bd3f5e28f9_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657750/; classtype:trojan-activity;sid:84520850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657747)"; flow:established,from_client; content:"GET"; http_method; content:"/074d8797ddac4bcdbd05e8c0d5941ed8_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657747/; classtype:trojan-activity;sid:84520847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657748)"; flow:established,from_client; content:"GET"; http_method; content:"/c2a521ec278b41a38950679597766f2a_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657748/; classtype:trojan-activity;sid:84520848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657744)"; flow:established,from_client; content:"GET"; http_method; content:"/bd8e62239c594aeca5e0785b8f5fa368_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657744/; classtype:trojan-activity;sid:84520844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657745)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fontdrvhost.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657745/; classtype:trojan-activity;sid:84520845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657746)"; flow:established,from_client; content:"GET"; http_method; content:"/9abf81ae282b4f398bba7c945e657624_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657746/; classtype:trojan-activity;sid:84520846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657737)"; flow:established,from_client; content:"GET"; http_method; content:"/7a6f948f35bd41c88546db3ead53990c_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657737/; classtype:trojan-activity;sid:84520837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657738)"; flow:established,from_client; content:"GET"; http_method; content:"/32d9a97901e441e08f883b071cb324c4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657738/; classtype:trojan-activity;sid:84520838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657740)"; flow:established,from_client; content:"GET"; http_method; content:"/7bef0f44fba54f0ea5c9ada8b5115b73_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657740/; classtype:trojan-activity;sid:84520840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657741)"; flow:established,from_client; content:"GET"; http_method; content:"/e6ca62d6172b4f619e59d374e8567a27_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657741/; classtype:trojan-activity;sid:84520841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657743)"; flow:established,from_client; content:"GET"; http_method; content:"/ddcff2bd3604444f8055d57736f29d09_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657743/; classtype:trojan-activity;sid:84520843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657714)"; flow:established,from_client; content:"GET"; http_method; content:"/f06045973f2043538aaa269bee4cb02b_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657714/; classtype:trojan-activity;sid:84520814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657715)"; flow:established,from_client; content:"GET"; http_method; content:"/c78591f50b0041d599151771426a0758_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657715/; classtype:trojan-activity;sid:84520815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657717)"; flow:established,from_client; content:"GET"; http_method; content:"/29ff59a137ef4f108807614deeb0b58d_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657717/; classtype:trojan-activity;sid:84520817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657718)"; flow:established,from_client; content:"GET"; http_method; content:"/acf7c76677cc44eb92156ce0f29fa6f5_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657718/; classtype:trojan-activity;sid:84520818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657719)"; flow:established,from_client; content:"GET"; http_method; content:"/64195ea194c845a4b31dde94b658b0bb_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657719/; classtype:trojan-activity;sid:84520819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657720)"; flow:established,from_client; content:"GET"; http_method; content:"/1a855032e1fc46c7ab073ff58918f943_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657720/; classtype:trojan-activity;sid:84520820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657721)"; flow:established,from_client; content:"GET"; http_method; content:"/4331b8e42fcf454580be7f5929dd3776_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657721/; classtype:trojan-activity;sid:84520821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657722)"; flow:established,from_client; content:"GET"; http_method; content:"/20b319db40e149f1b0438f4ac9aef542_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657722/; classtype:trojan-activity;sid:84520822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657723)"; flow:established,from_client; content:"GET"; http_method; content:"/892bfb297a93470fbcf073b510534165_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657723/; classtype:trojan-activity;sid:84520823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657724)"; flow:established,from_client; content:"GET"; http_method; content:"/63df703358414f308eac15cd4a75c1ee_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657724/; classtype:trojan-activity;sid:84520824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657725)"; flow:established,from_client; content:"GET"; http_method; content:"/1631740674234e668a663a08ce980aa5_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657725/; classtype:trojan-activity;sid:84520825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657726)"; flow:established,from_client; content:"GET"; http_method; content:"/e09694d98f9b43c89ac373a5bae28b82_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657726/; classtype:trojan-activity;sid:84520826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657727)"; flow:established,from_client; content:"GET"; http_method; content:"/8c861213f929421eb98979781a255507_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657727/; classtype:trojan-activity;sid:84520827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657728)"; flow:established,from_client; content:"GET"; http_method; content:"/a9679536cfd04bdc87927190200292d9_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657728/; classtype:trojan-activity;sid:84520828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657729)"; flow:established,from_client; content:"GET"; http_method; content:"/918613bf6a6f4ff8a18d51d68bcd6503_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657729/; classtype:trojan-activity;sid:84520829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657730)"; flow:established,from_client; content:"GET"; http_method; content:"/889585280bd240d3a73a63e90498e289_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657730/; classtype:trojan-activity;sid:84520830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657731)"; flow:established,from_client; content:"GET"; http_method; content:"/501855b4ed734aaebd9cd9599a2ba038_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657731/; classtype:trojan-activity;sid:84520831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657732)"; flow:established,from_client; content:"GET"; http_method; content:"/9b11c23d5a4e4873823ad6ef03ff2875_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657732/; classtype:trojan-activity;sid:84520832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657733)"; flow:established,from_client; content:"GET"; http_method; content:"/b45a428a9f514d019b4548e9d61394af_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657733/; classtype:trojan-activity;sid:84520833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657734)"; flow:established,from_client; content:"GET"; http_method; content:"/1c826e8f7e5a4fef9e4f63ec87b80bf5_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657734/; classtype:trojan-activity;sid:84520834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657735)"; flow:established,from_client; content:"GET"; http_method; content:"/2bd4c57657c643a48fcc33885aa924f2_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657735/; classtype:trojan-activity;sid:84520835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657736)"; flow:established,from_client; content:"GET"; http_method; content:"/2813f891633e4b7a8216ad6dcfe4a175_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657736/; classtype:trojan-activity;sid:84520836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657711)"; flow:established,from_client; content:"GET"; http_method; content:"/1249c71b75e546be9ea2f089b1c87335_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657711/; classtype:trojan-activity;sid:84520811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657712)"; flow:established,from_client; content:"GET"; http_method; content:"/725cb442dd0b44b393f4bf381cce2eb7_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657712/; classtype:trojan-activity;sid:84520812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657713)"; flow:established,from_client; content:"GET"; http_method; content:"/15bd76f3de7148078d13b134436e8d3a_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657713/; classtype:trojan-activity;sid:84520813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657704)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657704/; classtype:trojan-activity;sid:84520804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657706)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657706/; classtype:trojan-activity;sid:84520806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657688)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657688/; classtype:trojan-activity;sid:84520788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657689)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657689/; classtype:trojan-activity;sid:84520789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657692)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657692/; classtype:trojan-activity;sid:84520792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657684)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657684/; classtype:trojan-activity;sid:84520784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657685)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657685/; classtype:trojan-activity;sid:84520785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657686)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.242.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657686/; classtype:trojan-activity;sid:84520786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657656)"; flow:established,from_client; content:"GET"; http_method; content:"/d/vipx69930"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657656/; classtype:trojan-activity;sid:84520756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657648)"; flow:established,from_client; content:"GET"; http_method; content:"/d/vipx18685"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657648/; classtype:trojan-activity;sid:84520748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657582)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/reklamortak-hub/tmlaa@main/chromeguncelleme.apk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657582/; classtype:trojan-activity;sid:84520682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657583)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/reklamortak-hub/axma@main/chromeguncelleme.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657583/; classtype:trojan-activity;sid:84520683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657580)"; flow:established,from_client; content:"GET"; http_method; content:"/excel.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bmh-global.myfirewall.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657580/; classtype:trojan-activity;sid:84520680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657581)"; flow:established,from_client; content:"GET"; http_method; content:"/voucherwonderland.js"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"js-storage.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657581/; classtype:trojan-activity;sid:84520681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657568)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/clip64.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.242.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657568/; classtype:trojan-activity;sid:84520668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657571)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/clip.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"91.92.242.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657571/; classtype:trojan-activity;sid:84520671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657572)"; flow:established,from_client; content:"GET"; http_method; content:"/log/ce574991.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.16.52.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657572/; classtype:trojan-activity;sid:84520672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657573)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/cred.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"91.92.242.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657573/; classtype:trojan-activity;sid:84520673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657574)"; flow:established,from_client; content:"GET"; http_method; content:"/kawt2qxfppuenm/plugins/cred64.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.242.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657574/; classtype:trojan-activity;sid:84520674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657566)"; flow:established,from_client; content:"GET"; http_method; content:"/min2/ce510697.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"178.16.52.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657566/; classtype:trojan-activity;sid:84520666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657567)"; flow:established,from_client; content:"GET"; http_method; content:"/taqumn21pwtffka.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657567/; classtype:trojan-activity;sid:84520667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657563)"; flow:established,from_client; content:"GET"; http_method; content:"/lrcnaco7v7vkgmm.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657563/; classtype:trojan-activity;sid:84520663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657561)"; flow:established,from_client; content:"GET"; http_method; content:"/e55gjjtfitxysh4.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657561/; classtype:trojan-activity;sid:84520661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657562)"; flow:established,from_client; content:"GET"; http_method; content:"/umn21taqpwtaffk.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657562/; classtype:trojan-activity;sid:84520662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657392/; classtype:trojan-activity;sid:84520492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657328/; classtype:trojan-activity;sid:84520428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657139/; classtype:trojan-activity;sid:84520239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656729)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656729/; classtype:trojan-activity;sid:84519829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656728)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656728/; classtype:trojan-activity;sid:84519828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656727)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656727/; classtype:trojan-activity;sid:84519827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656726)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656726/; classtype:trojan-activity;sid:84519826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656725)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.96.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656725/; classtype:trojan-activity;sid:84519825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656720)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656720/; classtype:trojan-activity;sid:84519820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656716)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656716/; classtype:trojan-activity;sid:84519816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656717/; classtype:trojan-activity;sid:84519817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656718/; classtype:trojan-activity;sid:84519818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.110.187.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656713/; classtype:trojan-activity;sid:84519813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656708)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656708/; classtype:trojan-activity;sid:84519808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656709)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656709/; classtype:trojan-activity;sid:84519809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656710)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656710/; classtype:trojan-activity;sid:84519810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656707/; classtype:trojan-activity;sid:84519807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656704/; classtype:trojan-activity;sid:84519804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656702)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656702/; classtype:trojan-activity;sid:84519802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656703/; classtype:trojan-activity;sid:84519803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656701/; classtype:trojan-activity;sid:84519801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656699)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656699/; classtype:trojan-activity;sid:84519799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656696)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656696/; classtype:trojan-activity;sid:84519796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656693)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656693/; classtype:trojan-activity;sid:84519793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656689)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656689/; classtype:trojan-activity;sid:84519789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656692)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656692/; classtype:trojan-activity;sid:84519792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656687)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.134.158.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656687/; classtype:trojan-activity;sid:84519787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656677/; classtype:trojan-activity;sid:84519777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656675)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656675/; classtype:trojan-activity;sid:84519775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656672)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656672/; classtype:trojan-activity;sid:84519772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656674)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656674/; classtype:trojan-activity;sid:84519774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656667)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656667/; classtype:trojan-activity;sid:84519767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656665)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656665/; classtype:trojan-activity;sid:84519765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656662)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656662/; classtype:trojan-activity;sid:84519762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656663)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656663/; classtype:trojan-activity;sid:84519763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656660)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656660/; classtype:trojan-activity;sid:84519760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656661/; classtype:trojan-activity;sid:84519761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656658)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656658/; classtype:trojan-activity;sid:84519758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656649)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656649/; classtype:trojan-activity;sid:84519749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656652)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656652/; classtype:trojan-activity;sid:84519752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656654)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656654/; classtype:trojan-activity;sid:84519754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656648)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656648/; classtype:trojan-activity;sid:84519748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656645)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656645/; classtype:trojan-activity;sid:84519745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656646)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656646/; classtype:trojan-activity;sid:84519746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656643)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656643/; classtype:trojan-activity;sid:84519743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656641)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"119.45.161.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656641/; classtype:trojan-activity;sid:84519741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656638)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656638/; classtype:trojan-activity;sid:84519738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656639/; classtype:trojan-activity;sid:84519739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656640/; classtype:trojan-activity;sid:84519740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656637)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.221.70.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656637/; classtype:trojan-activity;sid:84519737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656634/; classtype:trojan-activity;sid:84519734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656635)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656635/; classtype:trojan-activity;sid:84519735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656636)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656636/; classtype:trojan-activity;sid:84519736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656632)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656632/; classtype:trojan-activity;sid:84519732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656630)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656630/; classtype:trojan-activity;sid:84519730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656629)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656629/; classtype:trojan-activity;sid:84519729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656627/; classtype:trojan-activity;sid:84519727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656628/; classtype:trojan-activity;sid:84519728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656621)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656621/; classtype:trojan-activity;sid:84519721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656623)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.146.21.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656623/; classtype:trojan-activity;sid:84519723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656620)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.4.41.113"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656620/; classtype:trojan-activity;sid:84519720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656614)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656614/; classtype:trojan-activity;sid:84519714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656606)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.124.112.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656606/; classtype:trojan-activity;sid:84519706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656607)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656607/; classtype:trojan-activity;sid:84519707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656608)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656608/; classtype:trojan-activity;sid:84519708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656609)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656609/; classtype:trojan-activity;sid:84519709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656605)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656605/; classtype:trojan-activity;sid:84519705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656601)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656601/; classtype:trojan-activity;sid:84519701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656602)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656602/; classtype:trojan-activity;sid:84519702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656596)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656596/; classtype:trojan-activity;sid:84519696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656597)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656597/; classtype:trojan-activity;sid:84519697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656592)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656592/; classtype:trojan-activity;sid:84519692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656594)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656594/; classtype:trojan-activity;sid:84519694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656595)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656595/; classtype:trojan-activity;sid:84519695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656586)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656586/; classtype:trojan-activity;sid:84519686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656581)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656581/; classtype:trojan-activity;sid:84519681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656583)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656583/; classtype:trojan-activity;sid:84519683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656584)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656584/; classtype:trojan-activity;sid:84519684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656578)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656578/; classtype:trojan-activity;sid:84519678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656576)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"184.105.33.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656576/; classtype:trojan-activity;sid:84519676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656577)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656577/; classtype:trojan-activity;sid:84519677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656574)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.130.209.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656574/; classtype:trojan-activity;sid:84519674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656572)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656572/; classtype:trojan-activity;sid:84519672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656569)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656569/; classtype:trojan-activity;sid:84519669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656564)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656564/; classtype:trojan-activity;sid:84519664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656558)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.134.158.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656558/; classtype:trojan-activity;sid:84519658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656559)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656559/; classtype:trojan-activity;sid:84519659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656561)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656561/; classtype:trojan-activity;sid:84519661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656562/; classtype:trojan-activity;sid:84519662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656563)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656563/; classtype:trojan-activity;sid:84519663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656552)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656552/; classtype:trojan-activity;sid:84519652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656555/; classtype:trojan-activity;sid:84519655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656503/; classtype:trojan-activity;sid:84519603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656466)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656466/; classtype:trojan-activity;sid:84519566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656454)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656454/; classtype:trojan-activity;sid:84519554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656456/; classtype:trojan-activity;sid:84519556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656428)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656428/; classtype:trojan-activity;sid:84519528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656380)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656380/; classtype:trojan-activity;sid:84519480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656373)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656373/; classtype:trojan-activity;sid:84519473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656363)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656363/; classtype:trojan-activity;sid:84519463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656366)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656366/; classtype:trojan-activity;sid:84519466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656367)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656367/; classtype:trojan-activity;sid:84519467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656368)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656368/; classtype:trojan-activity;sid:84519468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656362)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"draft247.redirectme.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656362/; classtype:trojan-activity;sid:84519462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656345)"; flow:established,from_client; content:"GET"; http_method; content:"/139assicc.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.157.70.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656345/; classtype:trojan-activity;sid:84519445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.190.212.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656200/; classtype:trojan-activity;sid:84519300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656190)"; flow:established,from_client; content:"GET"; http_method; content:"/wget2.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656190/; classtype:trojan-activity;sid:84519290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656154/; classtype:trojan-activity;sid:84519254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656140)"; flow:established,from_client; content:"GET"; http_method; content:"/christian%20cg17042021%20xpanel.c3prj/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656140/; classtype:trojan-activity;sid:84519240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656061/; classtype:trojan-activity;sid:84519161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656060/; classtype:trojan-activity;sid:84519160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656059/; classtype:trojan-activity;sid:84519159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656058)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656058/; classtype:trojan-activity;sid:84519158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656056/; classtype:trojan-activity;sid:84519156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656054/; classtype:trojan-activity;sid:84519154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656051/; classtype:trojan-activity;sid:84519151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656049)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656049/; classtype:trojan-activity;sid:84519149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656050)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656050/; classtype:trojan-activity;sid:84519150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656048)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656048/; classtype:trojan-activity;sid:84519148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656044)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656044/; classtype:trojan-activity;sid:84519144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656045/; classtype:trojan-activity;sid:84519145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230518-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656046/; classtype:trojan-activity;sid:84519146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656047)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656047/; classtype:trojan-activity;sid:84519147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656041)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656041/; classtype:trojan-activity;sid:84519141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656043)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656043/; classtype:trojan-activity;sid:84519143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656035)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656035/; classtype:trojan-activity;sid:84519135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656036)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656036/; classtype:trojan-activity;sid:84519136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656037/; classtype:trojan-activity;sid:84519137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656039)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656039/; classtype:trojan-activity;sid:84519139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656040)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656040/; classtype:trojan-activity;sid:84519140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656030/; classtype:trojan-activity;sid:84519130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656032/; classtype:trojan-activity;sid:84519132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250308-120/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656033/; classtype:trojan-activity;sid:84519133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656034)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656034/; classtype:trojan-activity;sid:84519134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656027)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656027/; classtype:trojan-activity;sid:84519127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656028)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656028/; classtype:trojan-activity;sid:84519128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656025)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656025/; classtype:trojan-activity;sid:84519125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656026)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656026/; classtype:trojan-activity;sid:84519126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656022)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x86/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656022/; classtype:trojan-activity;sid:84519122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656023)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656023/; classtype:trojan-activity;sid:84519123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656020)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656020/; classtype:trojan-activity;sid:84519120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656019/; classtype:trojan-activity;sid:84519119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656011)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656011/; classtype:trojan-activity;sid:84519111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656012)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656012/; classtype:trojan-activity;sid:84519112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656013/; classtype:trojan-activity;sid:84519113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231101-141/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656014/; classtype:trojan-activity;sid:84519114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656004)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656004/; classtype:trojan-activity;sid:84519104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656005)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656005/; classtype:trojan-activity;sid:84519105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656006)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656006/; classtype:trojan-activity;sid:84519106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656007)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656007/; classtype:trojan-activity;sid:84519107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656009)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656009/; classtype:trojan-activity;sid:84519109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655993)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655993/; classtype:trojan-activity;sid:84519093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655994)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655994/; classtype:trojan-activity;sid:84519094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655995)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221110-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655995/; classtype:trojan-activity;sid:84519095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655996)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655996/; classtype:trojan-activity;sid:84519096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655998)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655998/; classtype:trojan-activity;sid:84519098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656000/; classtype:trojan-activity;sid:84519100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656001/; classtype:trojan-activity;sid:84519101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656002)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656002/; classtype:trojan-activity;sid:84519102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655990)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655990/; classtype:trojan-activity;sid:84519090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655991)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655991/; classtype:trojan-activity;sid:84519091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655992)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655992/; classtype:trojan-activity;sid:84519092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655986/; classtype:trojan-activity;sid:84519086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655987)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655987/; classtype:trojan-activity;sid:84519087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655988)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655988/; classtype:trojan-activity;sid:84519088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/ia64/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655989/; classtype:trojan-activity;sid:84519089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655982)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655982/; classtype:trojan-activity;sid:84519082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655983)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-119/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655983/; classtype:trojan-activity;sid:84519083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655984)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655984/; classtype:trojan-activity;sid:84519084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655981)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655981/; classtype:trojan-activity;sid:84519081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655977/; classtype:trojan-activity;sid:84519077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655975/; classtype:trojan-activity;sid:84519075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655976)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655976/; classtype:trojan-activity;sid:84519076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655973)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.43.45.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655973/; classtype:trojan-activity;sid:84519073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655969)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655969/; classtype:trojan-activity;sid:84519069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655970)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655970/; classtype:trojan-activity;sid:84519070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655964)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655964/; classtype:trojan-activity;sid:84519064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655966)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655966/; classtype:trojan-activity;sid:84519066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655954)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655954/; classtype:trojan-activity;sid:84519054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655955)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655955/; classtype:trojan-activity;sid:84519055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655956)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655956/; classtype:trojan-activity;sid:84519056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655961)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655961/; classtype:trojan-activity;sid:84519061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655941)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655941/; classtype:trojan-activity;sid:84519041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655942)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655942/; classtype:trojan-activity;sid:84519042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655943)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655943/; classtype:trojan-activity;sid:84519043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655944/; classtype:trojan-activity;sid:84519044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655945)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655945/; classtype:trojan-activity;sid:84519045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655946/; classtype:trojan-activity;sid:84519046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655947)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655947/; classtype:trojan-activity;sid:84519047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655948)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655948/; classtype:trojan-activity;sid:84519048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655949)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655949/; classtype:trojan-activity;sid:84519049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655950)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655950/; classtype:trojan-activity;sid:84519050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655951/; classtype:trojan-activity;sid:84519051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655952)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655952/; classtype:trojan-activity;sid:84519052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655953)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655953/; classtype:trojan-activity;sid:84519053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655928)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655928/; classtype:trojan-activity;sid:84519028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655929)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655929/; classtype:trojan-activity;sid:84519029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655931)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655931/; classtype:trojan-activity;sid:84519031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655932)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655932/; classtype:trojan-activity;sid:84519032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655933)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655933/; classtype:trojan-activity;sid:84519033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655934/; classtype:trojan-activity;sid:84519034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655935)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240918-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655935/; classtype:trojan-activity;sid:84519035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655936)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655936/; classtype:trojan-activity;sid:84519036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655937)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250219-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655937/; classtype:trojan-activity;sid:84519037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655938)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655938/; classtype:trojan-activity;sid:84519038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655939)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655939/; classtype:trojan-activity;sid:84519039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655940)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655940/; classtype:trojan-activity;sid:84519040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655923)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655923/; classtype:trojan-activity;sid:84519023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655924)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655924/; classtype:trojan-activity;sid:84519024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655925/; classtype:trojan-activity;sid:84519025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655926)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655926/; classtype:trojan-activity;sid:84519026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655927)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655927/; classtype:trojan-activity;sid:84519027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655919)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655919/; classtype:trojan-activity;sid:84519019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655920/; classtype:trojan-activity;sid:84519020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655917)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655917/; classtype:trojan-activity;sid:84519017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655918)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655918/; classtype:trojan-activity;sid:84519018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655916)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655916/; classtype:trojan-activity;sid:84519016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655914)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655914/; classtype:trojan-activity;sid:84519014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655912)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655912/; classtype:trojan-activity;sid:84519012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655913)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655913/; classtype:trojan-activity;sid:84519013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655911)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655911/; classtype:trojan-activity;sid:84519011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655909)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655909/; classtype:trojan-activity;sid:84519009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655908)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655908/; classtype:trojan-activity;sid:84519008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655905/; classtype:trojan-activity;sid:84519005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655904)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240711-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655904/; classtype:trojan-activity;sid:84519004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655903)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655903/; classtype:trojan-activity;sid:84519003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655901)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655901/; classtype:trojan-activity;sid:84519001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655899)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655899/; classtype:trojan-activity;sid:84518999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655896)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655896/; classtype:trojan-activity;sid:84518996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655894)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655894/; classtype:trojan-activity;sid:84518994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655895)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655895/; classtype:trojan-activity;sid:84518995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655891)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655891/; classtype:trojan-activity;sid:84518991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655892)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655892/; classtype:trojan-activity;sid:84518992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655893)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655893/; classtype:trojan-activity;sid:84518993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655890)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655890/; classtype:trojan-activity;sid:84518990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655889)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655889/; classtype:trojan-activity;sid:84518989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655888)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655888/; classtype:trojan-activity;sid:84518988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655887/; classtype:trojan-activity;sid:84518987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655881/; classtype:trojan-activity;sid:84518981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655880/; classtype:trojan-activity;sid:84518980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655879)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655879/; classtype:trojan-activity;sid:84518979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655876)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655876/; classtype:trojan-activity;sid:84518976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655877)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655877/; classtype:trojan-activity;sid:84518977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655875)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655875/; classtype:trojan-activity;sid:84518975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655872)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655872/; classtype:trojan-activity;sid:84518972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655873)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655873/; classtype:trojan-activity;sid:84518973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655870)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655870/; classtype:trojan-activity;sid:84518970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655867/; classtype:trojan-activity;sid:84518967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655868)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655868/; classtype:trojan-activity;sid:84518968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655866)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655866/; classtype:trojan-activity;sid:84518966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655864)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655864/; classtype:trojan-activity;sid:84518964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655862/; classtype:trojan-activity;sid:84518962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655860/; classtype:trojan-activity;sid:84518960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655861)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655861/; classtype:trojan-activity;sid:84518961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655859)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655859/; classtype:trojan-activity;sid:84518959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655856)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655856/; classtype:trojan-activity;sid:84518956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655851)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655851/; classtype:trojan-activity;sid:84518951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655849)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655849/; classtype:trojan-activity;sid:84518949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655848)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655848/; classtype:trojan-activity;sid:84518948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655846)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655846/; classtype:trojan-activity;sid:84518946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655844/; classtype:trojan-activity;sid:84518944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655845/; classtype:trojan-activity;sid:84518945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655842)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655842/; classtype:trojan-activity;sid:84518942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655838/; classtype:trojan-activity;sid:84518938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655839)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655839/; classtype:trojan-activity;sid:84518939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655837)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655837/; classtype:trojan-activity;sid:84518937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655834)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655834/; classtype:trojan-activity;sid:84518934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655832)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655832/; classtype:trojan-activity;sid:84518932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231024-129/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655830/; classtype:trojan-activity;sid:84518930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655828)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655828/; classtype:trojan-activity;sid:84518928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655829/; classtype:trojan-activity;sid:84518929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655827)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655827/; classtype:trojan-activity;sid:84518927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655825)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655825/; classtype:trojan-activity;sid:84518925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655824/; classtype:trojan-activity;sid:84518924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655823)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655823/; classtype:trojan-activity;sid:84518923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655822)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655822/; classtype:trojan-activity;sid:84518922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655819)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655819/; classtype:trojan-activity;sid:84518919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655817)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655817/; classtype:trojan-activity;sid:84518917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655816)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655816/; classtype:trojan-activity;sid:84518916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655812/; classtype:trojan-activity;sid:84518912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655807/; classtype:trojan-activity;sid:84518907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655808)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655808/; classtype:trojan-activity;sid:84518908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655809/; classtype:trojan-activity;sid:84518909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655810)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655810/; classtype:trojan-activity;sid:84518910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655806/; classtype:trojan-activity;sid:84518906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-01-31/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655803/; classtype:trojan-activity;sid:84518903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655801/; classtype:trojan-activity;sid:84518901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655799/; classtype:trojan-activity;sid:84518899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655797/; classtype:trojan-activity;sid:84518897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655794/; classtype:trojan-activity;sid:84518894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655792)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655792/; classtype:trojan-activity;sid:84518892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655790)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655790/; classtype:trojan-activity;sid:84518890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655791/; classtype:trojan-activity;sid:84518891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655789)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655789/; classtype:trojan-activity;sid:84518889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655787/; classtype:trojan-activity;sid:84518887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655784)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655784/; classtype:trojan-activity;sid:84518884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655782/; classtype:trojan-activity;sid:84518882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655783)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655783/; classtype:trojan-activity;sid:84518883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655781)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655781/; classtype:trojan-activity;sid:84518881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655778/; classtype:trojan-activity;sid:84518878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655775/; classtype:trojan-activity;sid:84518875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655774)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655774/; classtype:trojan-activity;sid:84518874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655770/; classtype:trojan-activity;sid:84518870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655768/; classtype:trojan-activity;sid:84518868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655766/; classtype:trojan-activity;sid:84518866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655763)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655763/; classtype:trojan-activity;sid:84518863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655757)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655757/; classtype:trojan-activity;sid:84518857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655756)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655756/; classtype:trojan-activity;sid:84518856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655754/; classtype:trojan-activity;sid:84518854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655755)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655755/; classtype:trojan-activity;sid:84518855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655753/; classtype:trojan-activity;sid:84518853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655751)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655751/; classtype:trojan-activity;sid:84518851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655750)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655750/; classtype:trojan-activity;sid:84518850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655748)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655748/; classtype:trojan-activity;sid:84518848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655749)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655749/; classtype:trojan-activity;sid:84518849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655746/; classtype:trojan-activity;sid:84518846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655747)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655747/; classtype:trojan-activity;sid:84518847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655743/; classtype:trojan-activity;sid:84518843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655744)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655744/; classtype:trojan-activity;sid:84518844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655745)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655745/; classtype:trojan-activity;sid:84518845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655738/; classtype:trojan-activity;sid:84518838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655739)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655739/; classtype:trojan-activity;sid:84518839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655740/; classtype:trojan-activity;sid:84518840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655741)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655741/; classtype:trojan-activity;sid:84518841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655742)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231228-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655742/; classtype:trojan-activity;sid:84518842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655735)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655735/; classtype:trojan-activity;sid:84518835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655736/; classtype:trojan-activity;sid:84518836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655731)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655731/; classtype:trojan-activity;sid:84518831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655732/; classtype:trojan-activity;sid:84518832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655730)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655730/; classtype:trojan-activity;sid:84518830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655726)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655726/; classtype:trojan-activity;sid:84518826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655728/; classtype:trojan-activity;sid:84518828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655724)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655724/; classtype:trojan-activity;sid:84518824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655722)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655722/; classtype:trojan-activity;sid:84518822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655719)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655719/; classtype:trojan-activity;sid:84518819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655720)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655720/; classtype:trojan-activity;sid:84518820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655718/; classtype:trojan-activity;sid:84518818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655717/; classtype:trojan-activity;sid:84518817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655713)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655713/; classtype:trojan-activity;sid:84518813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655715)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655715/; classtype:trojan-activity;sid:84518815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655711)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655711/; classtype:trojan-activity;sid:84518811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-12-01/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655712/; classtype:trojan-activity;sid:84518812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655706)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655706/; classtype:trojan-activity;sid:84518806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655707)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655707/; classtype:trojan-activity;sid:84518807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655699/; classtype:trojan-activity;sid:84518799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655701)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655701/; classtype:trojan-activity;sid:84518801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655703)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655703/; classtype:trojan-activity;sid:84518803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655704)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655704/; classtype:trojan-activity;sid:84518804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655705)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655705/; classtype:trojan-activity;sid:84518805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655696)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655696/; classtype:trojan-activity;sid:84518796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655697)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655697/; classtype:trojan-activity;sid:84518797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230817-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655698/; classtype:trojan-activity;sid:84518798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655690)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655690/; classtype:trojan-activity;sid:84518790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655691)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655691/; classtype:trojan-activity;sid:84518791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655692)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655692/; classtype:trojan-activity;sid:84518792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655693)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655693/; classtype:trojan-activity;sid:84518793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655686)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655686/; classtype:trojan-activity;sid:84518786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655687)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655687/; classtype:trojan-activity;sid:84518787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655688/; classtype:trojan-activity;sid:84518788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655685)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655685/; classtype:trojan-activity;sid:84518785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655673)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655673/; classtype:trojan-activity;sid:84518773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655674)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655674/; classtype:trojan-activity;sid:84518774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655675)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655675/; classtype:trojan-activity;sid:84518775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655676)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655676/; classtype:trojan-activity;sid:84518776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655670)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655670/; classtype:trojan-activity;sid:84518770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655671/; classtype:trojan-activity;sid:84518771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655672)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655672/; classtype:trojan-activity;sid:84518772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655668)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655668/; classtype:trojan-activity;sid:84518768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655662/; classtype:trojan-activity;sid:84518762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655663)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655663/; classtype:trojan-activity;sid:84518763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655665)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655665/; classtype:trojan-activity;sid:84518765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655657/; classtype:trojan-activity;sid:84518757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655658)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655658/; classtype:trojan-activity;sid:84518758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655659)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655659/; classtype:trojan-activity;sid:84518759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655660)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655660/; classtype:trojan-activity;sid:84518760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655654/; classtype:trojan-activity;sid:84518754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655655)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655655/; classtype:trojan-activity;sid:84518755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655648)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655648/; classtype:trojan-activity;sid:84518748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655649)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655649/; classtype:trojan-activity;sid:84518749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655651/; classtype:trojan-activity;sid:84518751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655642)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655642/; classtype:trojan-activity;sid:84518742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655645)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655645/; classtype:trojan-activity;sid:84518745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655646/; classtype:trojan-activity;sid:84518746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655647)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/remoteblobstore/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655647/; classtype:trojan-activity;sid:84518747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655638)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655638/; classtype:trojan-activity;sid:84518738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655633)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655633/; classtype:trojan-activity;sid:84518733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655634)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655634/; classtype:trojan-activity;sid:84518734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655635)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655635/; classtype:trojan-activity;sid:84518735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655631)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655631/; classtype:trojan-activity;sid:84518731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655626)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655626/; classtype:trojan-activity;sid:84518726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655627)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655627/; classtype:trojan-activity;sid:84518727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655630)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655630/; classtype:trojan-activity;sid:84518730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655623)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655623/; classtype:trojan-activity;sid:84518723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655624)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655624/; classtype:trojan-activity;sid:84518724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655625)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655625/; classtype:trojan-activity;sid:84518725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655621/; classtype:trojan-activity;sid:84518721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655619)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655619/; classtype:trojan-activity;sid:84518719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655620/; classtype:trojan-activity;sid:84518720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655614)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655614/; classtype:trojan-activity;sid:84518714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655616)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250310-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655616/; classtype:trojan-activity;sid:84518716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655617)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655617/; classtype:trojan-activity;sid:84518717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655610/; classtype:trojan-activity;sid:84518710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655607)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655607/; classtype:trojan-activity;sid:84518707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655601)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655601/; classtype:trojan-activity;sid:84518701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655597)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655597/; classtype:trojan-activity;sid:84518697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655596)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655596/; classtype:trojan-activity;sid:84518696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655592)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655592/; classtype:trojan-activity;sid:84518692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655593)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655593/; classtype:trojan-activity;sid:84518693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655594)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655594/; classtype:trojan-activity;sid:84518694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655595)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655595/; classtype:trojan-activity;sid:84518695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655590)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655590/; classtype:trojan-activity;sid:84518690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655587)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655587/; classtype:trojan-activity;sid:84518687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655588)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655588/; classtype:trojan-activity;sid:84518688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655589)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655589/; classtype:trojan-activity;sid:84518689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655581)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655581/; classtype:trojan-activity;sid:84518681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655583)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655583/; classtype:trojan-activity;sid:84518683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-29/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655586/; classtype:trojan-activity;sid:84518686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655579)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655579/; classtype:trojan-activity;sid:84518679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655580)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655580/; classtype:trojan-activity;sid:84518680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655565)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655565/; classtype:trojan-activity;sid:84518665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655566)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655566/; classtype:trojan-activity;sid:84518666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655567)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655567/; classtype:trojan-activity;sid:84518667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655568)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655568/; classtype:trojan-activity;sid:84518668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655572)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655572/; classtype:trojan-activity;sid:84518672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655574/; classtype:trojan-activity;sid:84518674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655576)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655576/; classtype:trojan-activity;sid:84518676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655577)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655577/; classtype:trojan-activity;sid:84518677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655564)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655564/; classtype:trojan-activity;sid:84518664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655561/; classtype:trojan-activity;sid:84518661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655562/; classtype:trojan-activity;sid:84518662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655563)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655563/; classtype:trojan-activity;sid:84518663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655560)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655560/; classtype:trojan-activity;sid:84518660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655556/; classtype:trojan-activity;sid:84518656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655557)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655557/; classtype:trojan-activity;sid:84518657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655558)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655558/; classtype:trojan-activity;sid:84518658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655559)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655559/; classtype:trojan-activity;sid:84518659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655553)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655553/; classtype:trojan-activity;sid:84518653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655547)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655547/; classtype:trojan-activity;sid:84518647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655541)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655541/; classtype:trojan-activity;sid:84518641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655542/; classtype:trojan-activity;sid:84518642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655543/; classtype:trojan-activity;sid:84518643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655544)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655544/; classtype:trojan-activity;sid:84518644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655545/; classtype:trojan-activity;sid:84518645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655529)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655529/; classtype:trojan-activity;sid:84518629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655530)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655530/; classtype:trojan-activity;sid:84518630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655531)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655531/; classtype:trojan-activity;sid:84518631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655532)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655532/; classtype:trojan-activity;sid:84518632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655534)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655534/; classtype:trojan-activity;sid:84518634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655535)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655535/; classtype:trojan-activity;sid:84518635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655538/; classtype:trojan-activity;sid:84518638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655539/; classtype:trojan-activity;sid:84518639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655521)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655521/; classtype:trojan-activity;sid:84518621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655522)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655522/; classtype:trojan-activity;sid:84518622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655523/; classtype:trojan-activity;sid:84518623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655524)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655524/; classtype:trojan-activity;sid:84518624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655525)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655525/; classtype:trojan-activity;sid:84518625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655526)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655526/; classtype:trojan-activity;sid:84518626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655527)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655527/; classtype:trojan-activity;sid:84518627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655528)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655528/; classtype:trojan-activity;sid:84518628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655513)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655513/; classtype:trojan-activity;sid:84518613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655514)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655514/; classtype:trojan-activity;sid:84518614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655515)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655515/; classtype:trojan-activity;sid:84518615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655516)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655516/; classtype:trojan-activity;sid:84518616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655517/; classtype:trojan-activity;sid:84518617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655518)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655518/; classtype:trojan-activity;sid:84518618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655519)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655519/; classtype:trojan-activity;sid:84518619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655520)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655520/; classtype:trojan-activity;sid:84518620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655509/; classtype:trojan-activity;sid:84518609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655510/; classtype:trojan-activity;sid:84518610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655511)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655511/; classtype:trojan-activity;sid:84518611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655507)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655507/; classtype:trojan-activity;sid:84518607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655505/; classtype:trojan-activity;sid:84518605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655503/; classtype:trojan-activity;sid:84518603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655504)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655504/; classtype:trojan-activity;sid:84518604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655502)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655502/; classtype:trojan-activity;sid:84518602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655501)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655501/; classtype:trojan-activity;sid:84518601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655499/; classtype:trojan-activity;sid:84518599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655500)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655500/; classtype:trojan-activity;sid:84518600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655498)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655498/; classtype:trojan-activity;sid:84518598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655497/; classtype:trojan-activity;sid:84518597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655496)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655496/; classtype:trojan-activity;sid:84518596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655493)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655493/; classtype:trojan-activity;sid:84518593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655492)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655492/; classtype:trojan-activity;sid:84518592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655491)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655491/; classtype:trojan-activity;sid:84518591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655490/; classtype:trojan-activity;sid:84518590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655489)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655489/; classtype:trojan-activity;sid:84518589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655482)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655482/; classtype:trojan-activity;sid:84518582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655483)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655483/; classtype:trojan-activity;sid:84518583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655479)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655479/; classtype:trojan-activity;sid:84518579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655474)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655474/; classtype:trojan-activity;sid:84518574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655471/; classtype:trojan-activity;sid:84518571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655468)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655468/; classtype:trojan-activity;sid:84518568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655469)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655469/; classtype:trojan-activity;sid:84518569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655464)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655464/; classtype:trojan-activity;sid:84518564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655466)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655466/; classtype:trojan-activity;sid:84518566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655467/; classtype:trojan-activity;sid:84518567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655462/; classtype:trojan-activity;sid:84518562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655461)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655461/; classtype:trojan-activity;sid:84518561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655458)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655458/; classtype:trojan-activity;sid:84518558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655459)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655459/; classtype:trojan-activity;sid:84518559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655453)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655453/; classtype:trojan-activity;sid:84518553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655447/; classtype:trojan-activity;sid:84518547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655440)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655440/; classtype:trojan-activity;sid:84518540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655441)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655441/; classtype:trojan-activity;sid:84518541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655442/; classtype:trojan-activity;sid:84518542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655443/; classtype:trojan-activity;sid:84518543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655430)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655430/; classtype:trojan-activity;sid:84518530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655436)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655436/; classtype:trojan-activity;sid:84518536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655426)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655426/; classtype:trojan-activity;sid:84518526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655421/; classtype:trojan-activity;sid:84518521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655422)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655422/; classtype:trojan-activity;sid:84518522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655423)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655423/; classtype:trojan-activity;sid:84518523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655420)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655420/; classtype:trojan-activity;sid:84518520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655418)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655418/; classtype:trojan-activity;sid:84518518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655417)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655417/; classtype:trojan-activity;sid:84518517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655413/; classtype:trojan-activity;sid:84518513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655414)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655414/; classtype:trojan-activity;sid:84518514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655412)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655412/; classtype:trojan-activity;sid:84518512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655411/; classtype:trojan-activity;sid:84518511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655410)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655410/; classtype:trojan-activity;sid:84518510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655408)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655408/; classtype:trojan-activity;sid:84518508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655407)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655407/; classtype:trojan-activity;sid:84518507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655406)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655406/; classtype:trojan-activity;sid:84518506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655403)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655403/; classtype:trojan-activity;sid:84518503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655404/; classtype:trojan-activity;sid:84518504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655402)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655402/; classtype:trojan-activity;sid:84518502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655398)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655398/; classtype:trojan-activity;sid:84518498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655399)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655399/; classtype:trojan-activity;sid:84518499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655396)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241021-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655396/; classtype:trojan-activity;sid:84518496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655392)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655392/; classtype:trojan-activity;sid:84518492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655389)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655389/; classtype:trojan-activity;sid:84518489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655390)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655390/; classtype:trojan-activity;sid:84518490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655388)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655388/; classtype:trojan-activity;sid:84518488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655387/; classtype:trojan-activity;sid:84518487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655385)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655385/; classtype:trojan-activity;sid:84518485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655383)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655383/; classtype:trojan-activity;sid:84518483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-10-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655384/; classtype:trojan-activity;sid:84518484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655382)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240413-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655382/; classtype:trojan-activity;sid:84518482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655380)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655380/; classtype:trojan-activity;sid:84518480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655379)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655379/; classtype:trojan-activity;sid:84518479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655378/; classtype:trojan-activity;sid:84518478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655377)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655377/; classtype:trojan-activity;sid:84518477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655376)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655376/; classtype:trojan-activity;sid:84518476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655373/; classtype:trojan-activity;sid:84518473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655374)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655374/; classtype:trojan-activity;sid:84518474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-05-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655367/; classtype:trojan-activity;sid:84518467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655365)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655365/; classtype:trojan-activity;sid:84518465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655362)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655362/; classtype:trojan-activity;sid:84518462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655359)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655359/; classtype:trojan-activity;sid:84518459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655360)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655360/; classtype:trojan-activity;sid:84518460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655361)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655361/; classtype:trojan-activity;sid:84518461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655357)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655357/; classtype:trojan-activity;sid:84518457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655356)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655356/; classtype:trojan-activity;sid:84518456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655354)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655354/; classtype:trojan-activity;sid:84518454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655353/; classtype:trojan-activity;sid:84518453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655350)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655350/; classtype:trojan-activity;sid:84518450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655348)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655348/; classtype:trojan-activity;sid:84518448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655347)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655347/; classtype:trojan-activity;sid:84518447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655346)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655346/; classtype:trojan-activity;sid:84518446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-02-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655345/; classtype:trojan-activity;sid:84518445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655343)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655343/; classtype:trojan-activity;sid:84518443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655342)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655342/; classtype:trojan-activity;sid:84518442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655341)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655341/; classtype:trojan-activity;sid:84518441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655340)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655340/; classtype:trojan-activity;sid:84518440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655339/; classtype:trojan-activity;sid:84518439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655338)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655338/; classtype:trojan-activity;sid:84518438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655335)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655335/; classtype:trojan-activity;sid:84518435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655334)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655334/; classtype:trojan-activity;sid:84518434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655332)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655332/; classtype:trojan-activity;sid:84518432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655330/; classtype:trojan-activity;sid:84518430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655331/; classtype:trojan-activity;sid:84518431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655329/; classtype:trojan-activity;sid:84518429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240423-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655324/; classtype:trojan-activity;sid:84518424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655322)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655322/; classtype:trojan-activity;sid:84518422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655323)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655323/; classtype:trojan-activity;sid:84518423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655321/; classtype:trojan-activity;sid:84518421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655318)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655318/; classtype:trojan-activity;sid:84518418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655319)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655319/; classtype:trojan-activity;sid:84518419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655317)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655317/; classtype:trojan-activity;sid:84518417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655315)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655315/; classtype:trojan-activity;sid:84518415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655312)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655312/; classtype:trojan-activity;sid:84518412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655313)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655313/; classtype:trojan-activity;sid:84518413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655314/; classtype:trojan-activity;sid:84518414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655311/; classtype:trojan-activity;sid:84518411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655309)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655309/; classtype:trojan-activity;sid:84518409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655310)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655310/; classtype:trojan-activity;sid:84518410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655307)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655307/; classtype:trojan-activity;sid:84518407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655306)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655306/; classtype:trojan-activity;sid:84518406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655303)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655303/; classtype:trojan-activity;sid:84518403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655302)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655302/; classtype:trojan-activity;sid:84518402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655300/; classtype:trojan-activity;sid:84518400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655295)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655295/; classtype:trojan-activity;sid:84518395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655296)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655296/; classtype:trojan-activity;sid:84518396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655294)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655294/; classtype:trojan-activity;sid:84518394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655293/; classtype:trojan-activity;sid:84518393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655292/; classtype:trojan-activity;sid:84518392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655290)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655290/; classtype:trojan-activity;sid:84518390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655291/; classtype:trojan-activity;sid:84518391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655285)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655285/; classtype:trojan-activity;sid:84518385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655286/; classtype:trojan-activity;sid:84518386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655284)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655284/; classtype:trojan-activity;sid:84518384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655280/; classtype:trojan-activity;sid:84518380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655278)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655278/; classtype:trojan-activity;sid:84518378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655279)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655279/; classtype:trojan-activity;sid:84518379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-28/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655274/; classtype:trojan-activity;sid:84518374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655275)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655275/; classtype:trojan-activity;sid:84518375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655276)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655276/; classtype:trojan-activity;sid:84518376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655273)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655273/; classtype:trojan-activity;sid:84518373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655271)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655271/; classtype:trojan-activity;sid:84518371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655272)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655272/; classtype:trojan-activity;sid:84518372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655267)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655267/; classtype:trojan-activity;sid:84518367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655269)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655269/; classtype:trojan-activity;sid:84518369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655266)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655266/; classtype:trojan-activity;sid:84518366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655265)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655265/; classtype:trojan-activity;sid:84518365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655260)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655260/; classtype:trojan-activity;sid:84518360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655259/; classtype:trojan-activity;sid:84518359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655257/; classtype:trojan-activity;sid:84518357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655258)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655258/; classtype:trojan-activity;sid:84518358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655255)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/document/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655255/; classtype:trojan-activity;sid:84518355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655256)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655256/; classtype:trojan-activity;sid:84518356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655252)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655252/; classtype:trojan-activity;sid:84518352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655253)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655253/; classtype:trojan-activity;sid:84518353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655254)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655254/; classtype:trojan-activity;sid:84518354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655249)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655249/; classtype:trojan-activity;sid:84518349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655250)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655250/; classtype:trojan-activity;sid:84518350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655248)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655248/; classtype:trojan-activity;sid:84518348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655244)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655244/; classtype:trojan-activity;sid:84518344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655245/; classtype:trojan-activity;sid:84518345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655243)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655243/; classtype:trojan-activity;sid:84518343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655237)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655237/; classtype:trojan-activity;sid:84518337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655238)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655238/; classtype:trojan-activity;sid:84518338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655239)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655239/; classtype:trojan-activity;sid:84518339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655236)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655236/; classtype:trojan-activity;sid:84518336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655234)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655234/; classtype:trojan-activity;sid:84518334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655229)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655229/; classtype:trojan-activity;sid:84518329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655230)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655230/; classtype:trojan-activity;sid:84518330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655231/; classtype:trojan-activity;sid:84518331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655228)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655228/; classtype:trojan-activity;sid:84518328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655224)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655224/; classtype:trojan-activity;sid:84518324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655223/; classtype:trojan-activity;sid:84518323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655221)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655221/; classtype:trojan-activity;sid:84518321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655220/; classtype:trojan-activity;sid:84518320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655219)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655219/; classtype:trojan-activity;sid:84518319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655212)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655212/; classtype:trojan-activity;sid:84518312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655213/; classtype:trojan-activity;sid:84518313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655211)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655211/; classtype:trojan-activity;sid:84518311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655204)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655204/; classtype:trojan-activity;sid:84518304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655205)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655205/; classtype:trojan-activity;sid:84518305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655206)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/catalog/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655206/; classtype:trojan-activity;sid:84518306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655207)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655207/; classtype:trojan-activity;sid:84518307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655202)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655202/; classtype:trojan-activity;sid:84518302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655203)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655203/; classtype:trojan-activity;sid:84518303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655201)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655201/; classtype:trojan-activity;sid:84518301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655200)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655200/; classtype:trojan-activity;sid:84518300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655199)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655199/; classtype:trojan-activity;sid:84518299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655198)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655198/; classtype:trojan-activity;sid:84518298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655196)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655196/; classtype:trojan-activity;sid:84518296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655192)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655192/; classtype:trojan-activity;sid:84518292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655193)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655193/; classtype:trojan-activity;sid:84518293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655194)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655194/; classtype:trojan-activity;sid:84518294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655191/; classtype:trojan-activity;sid:84518291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655190)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655190/; classtype:trojan-activity;sid:84518290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655188)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/ia64/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655188/; classtype:trojan-activity;sid:84518288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655187/; classtype:trojan-activity;sid:84518287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655185)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655185/; classtype:trojan-activity;sid:84518285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655184/; classtype:trojan-activity;sid:84518284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655181)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230424-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655181/; classtype:trojan-activity;sid:84518281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655179/; classtype:trojan-activity;sid:84518279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655174)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655174/; classtype:trojan-activity;sid:84518274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655172)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655172/; classtype:trojan-activity;sid:84518272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655171)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655171/; classtype:trojan-activity;sid:84518271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655169)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655169/; classtype:trojan-activity;sid:84518269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655170/; classtype:trojan-activity;sid:84518270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655168)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655168/; classtype:trojan-activity;sid:84518268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655164)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655164/; classtype:trojan-activity;sid:84518264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655162)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655162/; classtype:trojan-activity;sid:84518262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655161)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655161/; classtype:trojan-activity;sid:84518261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655160)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655160/; classtype:trojan-activity;sid:84518260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655157)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/ia64/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655157/; classtype:trojan-activity;sid:84518257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655158)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655158/; classtype:trojan-activity;sid:84518258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655159)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655159/; classtype:trojan-activity;sid:84518259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655156)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655156/; classtype:trojan-activity;sid:84518256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655155)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655155/; classtype:trojan-activity;sid:84518255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655154/; classtype:trojan-activity;sid:84518254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655153)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655153/; classtype:trojan-activity;sid:84518253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655152)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655152/; classtype:trojan-activity;sid:84518252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655149)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655149/; classtype:trojan-activity;sid:84518249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655148)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655148/; classtype:trojan-activity;sid:84518248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655146)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655146/; classtype:trojan-activity;sid:84518246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655144)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655144/; classtype:trojan-activity;sid:84518244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655140)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655140/; classtype:trojan-activity;sid:84518240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655138)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655138/; classtype:trojan-activity;sid:84518238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655139)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655139/; classtype:trojan-activity;sid:84518239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655137)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655137/; classtype:trojan-activity;sid:84518237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655130)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655130/; classtype:trojan-activity;sid:84518230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655132)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655132/; classtype:trojan-activity;sid:84518232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655128)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655128/; classtype:trojan-activity;sid:84518228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655127)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655127/; classtype:trojan-activity;sid:84518227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655126)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655126/; classtype:trojan-activity;sid:84518226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655124)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655124/; classtype:trojan-activity;sid:84518224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655118)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655118/; classtype:trojan-activity;sid:84518218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655117)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655117/; classtype:trojan-activity;sid:84518217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655116)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655116/; classtype:trojan-activity;sid:84518216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655111)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250104-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655111/; classtype:trojan-activity;sid:84518211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655110)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655110/; classtype:trojan-activity;sid:84518210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655109)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655109/; classtype:trojan-activity;sid:84518209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655107)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pdffactory_pro_setup/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655107/; classtype:trojan-activity;sid:84518207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655104)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655104/; classtype:trojan-activity;sid:84518204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655105/; classtype:trojan-activity;sid:84518205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655102)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655102/; classtype:trojan-activity;sid:84518202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655098)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655098/; classtype:trojan-activity;sid:84518198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655099/; classtype:trojan-activity;sid:84518199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655100)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655100/; classtype:trojan-activity;sid:84518200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655097)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655097/; classtype:trojan-activity;sid:84518197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655096)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655096/; classtype:trojan-activity;sid:84518196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655095)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655095/; classtype:trojan-activity;sid:84518195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655093)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655093/; classtype:trojan-activity;sid:84518193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655094)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655094/; classtype:trojan-activity;sid:84518194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655089)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655089/; classtype:trojan-activity;sid:84518189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655090)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655090/; classtype:trojan-activity;sid:84518190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250606-148/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655091/; classtype:trojan-activity;sid:84518191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655088/; classtype:trojan-activity;sid:84518188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655086)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655086/; classtype:trojan-activity;sid:84518186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655084)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655084/; classtype:trojan-activity;sid:84518184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655082)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250328-154/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655082/; classtype:trojan-activity;sid:84518182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655081)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655081/; classtype:trojan-activity;sid:84518181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655077)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655077/; classtype:trojan-activity;sid:84518177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655078)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655078/; classtype:trojan-activity;sid:84518178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655074/; classtype:trojan-activity;sid:84518174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655076)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655076/; classtype:trojan-activity;sid:84518176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655072/; classtype:trojan-activity;sid:84518172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655070/; classtype:trojan-activity;sid:84518170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655068/; classtype:trojan-activity;sid:84518168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655065/; classtype:trojan-activity;sid:84518165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655064)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655064/; classtype:trojan-activity;sid:84518164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655061/; classtype:trojan-activity;sid:84518161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655060/; classtype:trojan-activity;sid:84518160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655059)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655059/; classtype:trojan-activity;sid:84518159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655057/; classtype:trojan-activity;sid:84518157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655053/; classtype:trojan-activity;sid:84518153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655054)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655054/; classtype:trojan-activity;sid:84518154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655051)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655051/; classtype:trojan-activity;sid:84518151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655052)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655052/; classtype:trojan-activity;sid:84518152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655049/; classtype:trojan-activity;sid:84518149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655048)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655048/; classtype:trojan-activity;sid:84518148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655045)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655045/; classtype:trojan-activity;sid:84518145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655043/; classtype:trojan-activity;sid:84518143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655044/; classtype:trojan-activity;sid:84518144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655037)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655037/; classtype:trojan-activity;sid:84518137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655038)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655038/; classtype:trojan-activity;sid:84518138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655036)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655036/; classtype:trojan-activity;sid:84518136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655035/; classtype:trojan-activity;sid:84518135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655034/; classtype:trojan-activity;sid:84518134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-121/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655033/; classtype:trojan-activity;sid:84518133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655031)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655031/; classtype:trojan-activity;sid:84518131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655032/; classtype:trojan-activity;sid:84518132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655028/; classtype:trojan-activity;sid:84518128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/0011/28082019084303/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655026/; classtype:trojan-activity;sid:84518126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655024/; classtype:trojan-activity;sid:84518124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655023)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655023/; classtype:trojan-activity;sid:84518123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655021)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655021/; classtype:trojan-activity;sid:84518121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655019/; classtype:trojan-activity;sid:84518119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655020)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655020/; classtype:trojan-activity;sid:84518120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655015)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655015/; classtype:trojan-activity;sid:84518115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655016)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655016/; classtype:trojan-activity;sid:84518116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655013/; classtype:trojan-activity;sid:84518113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655010)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655010/; classtype:trojan-activity;sid:84518110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655008)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655008/; classtype:trojan-activity;sid:84518108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655006/; classtype:trojan-activity;sid:84518106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655007)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655007/; classtype:trojan-activity;sid:84518107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655005)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655005/; classtype:trojan-activity;sid:84518105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655004/; classtype:trojan-activity;sid:84518104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655001)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655001/; classtype:trojan-activity;sid:84518101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655000)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655000/; classtype:trojan-activity;sid:84518100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654999)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654999/; classtype:trojan-activity;sid:84518099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654998)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654998/; classtype:trojan-activity;sid:84518098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654997)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654997/; classtype:trojan-activity;sid:84518097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654996)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654996/; classtype:trojan-activity;sid:84518096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654994)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654994/; classtype:trojan-activity;sid:84518094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654992/; classtype:trojan-activity;sid:84518092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654991)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654991/; classtype:trojan-activity;sid:84518091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654989/; classtype:trojan-activity;sid:84518089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654985/; classtype:trojan-activity;sid:84518085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654986/; classtype:trojan-activity;sid:84518086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654981/; classtype:trojan-activity;sid:84518081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654982)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654982/; classtype:trojan-activity;sid:84518082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654977)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654977/; classtype:trojan-activity;sid:84518077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654975/; classtype:trojan-activity;sid:84518075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654976)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240905-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654976/; classtype:trojan-activity;sid:84518076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654973/; classtype:trojan-activity;sid:84518073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654971)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654971/; classtype:trojan-activity;sid:84518071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654972)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654972/; classtype:trojan-activity;sid:84518072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654969)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654969/; classtype:trojan-activity;sid:84518069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654966/; classtype:trojan-activity;sid:84518066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654964)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654964/; classtype:trojan-activity;sid:84518064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654963)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654963/; classtype:trojan-activity;sid:84518063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654962)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654962/; classtype:trojan-activity;sid:84518062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654960)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654960/; classtype:trojan-activity;sid:84518060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654958)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654958/; classtype:trojan-activity;sid:84518058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654957)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654957/; classtype:trojan-activity;sid:84518057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654946)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654946/; classtype:trojan-activity;sid:84518046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654941)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654941/; classtype:trojan-activity;sid:84518041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654940/; classtype:trojan-activity;sid:84518040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654937)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654937/; classtype:trojan-activity;sid:84518037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654936)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654936/; classtype:trojan-activity;sid:84518036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654935/; classtype:trojan-activity;sid:84518035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654934/; classtype:trojan-activity;sid:84518034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654932)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654932/; classtype:trojan-activity;sid:84518032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654931)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654931/; classtype:trojan-activity;sid:84518031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654928)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654928/; classtype:trojan-activity;sid:84518028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654927/; classtype:trojan-activity;sid:84518027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654926)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654926/; classtype:trojan-activity;sid:84518026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654925/; classtype:trojan-activity;sid:84518025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654922)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654922/; classtype:trojan-activity;sid:84518022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654921/; classtype:trojan-activity;sid:84518021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654919)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654919/; classtype:trojan-activity;sid:84518019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654920/; classtype:trojan-activity;sid:84518020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654917/; classtype:trojan-activity;sid:84518017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654912)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654912/; classtype:trojan-activity;sid:84518012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654902)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654902/; classtype:trojan-activity;sid:84518002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654905/; classtype:trojan-activity;sid:84518005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654901)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654901/; classtype:trojan-activity;sid:84518001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654898/; classtype:trojan-activity;sid:84517998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654899)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654899/; classtype:trojan-activity;sid:84517999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654900)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654900/; classtype:trojan-activity;sid:84518000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654896/; classtype:trojan-activity;sid:84517996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654893)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654893/; classtype:trojan-activity;sid:84517993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654894/; classtype:trojan-activity;sid:84517994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654892)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654892/; classtype:trojan-activity;sid:84517992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654889)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654889/; classtype:trojan-activity;sid:84517989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/images/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654887/; classtype:trojan-activity;sid:84517987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654885)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-096/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654885/; classtype:trojan-activity;sid:84517985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654883)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654883/; classtype:trojan-activity;sid:84517983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654882/; classtype:trojan-activity;sid:84517982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654878)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654878/; classtype:trojan-activity;sid:84517978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654877)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654877/; classtype:trojan-activity;sid:84517977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654874/; classtype:trojan-activity;sid:84517974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654876)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654876/; classtype:trojan-activity;sid:84517976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654870)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654870/; classtype:trojan-activity;sid:84517970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654871)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654871/; classtype:trojan-activity;sid:84517971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654868)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654868/; classtype:trojan-activity;sid:84517968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654865)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654865/; classtype:trojan-activity;sid:84517965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654866)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654866/; classtype:trojan-activity;sid:84517966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654862)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654862/; classtype:trojan-activity;sid:84517962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654863)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654863/; classtype:trojan-activity;sid:84517963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654860/; classtype:trojan-activity;sid:84517960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654857)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654857/; classtype:trojan-activity;sid:84517957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654858)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654858/; classtype:trojan-activity;sid:84517958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654854)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654854/; classtype:trojan-activity;sid:84517954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654855/; classtype:trojan-activity;sid:84517955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654853/; classtype:trojan-activity;sid:84517953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654852)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654852/; classtype:trojan-activity;sid:84517952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654851)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-136/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654851/; classtype:trojan-activity;sid:84517951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654850)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654850/; classtype:trojan-activity;sid:84517950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654848)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654848/; classtype:trojan-activity;sid:84517948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654844/; classtype:trojan-activity;sid:84517944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654842)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654842/; classtype:trojan-activity;sid:84517942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654836/; classtype:trojan-activity;sid:84517936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654834)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654834/; classtype:trojan-activity;sid:84517934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654829)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654829/; classtype:trojan-activity;sid:84517929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654826/; classtype:trojan-activity;sid:84517926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654820)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654820/; classtype:trojan-activity;sid:84517920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654818)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654818/; classtype:trojan-activity;sid:84517918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654817)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654817/; classtype:trojan-activity;sid:84517917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654814/; classtype:trojan-activity;sid:84517914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654813)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654813/; classtype:trojan-activity;sid:84517913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654812)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654812/; classtype:trojan-activity;sid:84517912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654811)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654811/; classtype:trojan-activity;sid:84517911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654810)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654810/; classtype:trojan-activity;sid:84517910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654809/; classtype:trojan-activity;sid:84517909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654807/; classtype:trojan-activity;sid:84517907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654806/; classtype:trojan-activity;sid:84517906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654804/; classtype:trojan-activity;sid:84517904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654803/; classtype:trojan-activity;sid:84517903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654799/; classtype:trojan-activity;sid:84517899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654796/; classtype:trojan-activity;sid:84517896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654797)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654797/; classtype:trojan-activity;sid:84517897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654791)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654791/; classtype:trojan-activity;sid:84517891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654792)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240328-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654792/; classtype:trojan-activity;sid:84517892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654793)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654793/; classtype:trojan-activity;sid:84517893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654788/; classtype:trojan-activity;sid:84517888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654783)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654783/; classtype:trojan-activity;sid:84517883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654781/; classtype:trojan-activity;sid:84517881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654776)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654776/; classtype:trojan-activity;sid:84517876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654775)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654775/; classtype:trojan-activity;sid:84517875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654769)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654769/; classtype:trojan-activity;sid:84517869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654770)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654770/; classtype:trojan-activity;sid:84517870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654771)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654771/; classtype:trojan-activity;sid:84517871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654772)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654772/; classtype:trojan-activity;sid:84517872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654773)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654773/; classtype:trojan-activity;sid:84517873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654768)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654768/; classtype:trojan-activity;sid:84517868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654767)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654767/; classtype:trojan-activity;sid:84517867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654766)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654766/; classtype:trojan-activity;sid:84517866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654765)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654765/; classtype:trojan-activity;sid:84517865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654763)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654763/; classtype:trojan-activity;sid:84517863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654762/; classtype:trojan-activity;sid:84517862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654761)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654761/; classtype:trojan-activity;sid:84517861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654760)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654760/; classtype:trojan-activity;sid:84517860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654758)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654758/; classtype:trojan-activity;sid:84517858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654757)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654757/; classtype:trojan-activity;sid:84517857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654756)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654756/; classtype:trojan-activity;sid:84517856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654755)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654755/; classtype:trojan-activity;sid:84517855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654753/; classtype:trojan-activity;sid:84517853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654751)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654751/; classtype:trojan-activity;sid:84517851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654750)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654750/; classtype:trojan-activity;sid:84517850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654748)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654748/; classtype:trojan-activity;sid:84517848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654747)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654747/; classtype:trojan-activity;sid:84517847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654746)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654746/; classtype:trojan-activity;sid:84517846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654743)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654743/; classtype:trojan-activity;sid:84517843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654745/; classtype:trojan-activity;sid:84517845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654742)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654742/; classtype:trojan-activity;sid:84517842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654740)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654740/; classtype:trojan-activity;sid:84517840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654738)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654738/; classtype:trojan-activity;sid:84517838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654736)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654736/; classtype:trojan-activity;sid:84517836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654735/; classtype:trojan-activity;sid:84517835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654734)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654734/; classtype:trojan-activity;sid:84517834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654732/; classtype:trojan-activity;sid:84517832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654731)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654731/; classtype:trojan-activity;sid:84517831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-02-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654729/; classtype:trojan-activity;sid:84517829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654730)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654730/; classtype:trojan-activity;sid:84517830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654728/; classtype:trojan-activity;sid:84517828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654727/; classtype:trojan-activity;sid:84517827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654725)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654725/; classtype:trojan-activity;sid:84517825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654726/; classtype:trojan-activity;sid:84517826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654721/; classtype:trojan-activity;sid:84517821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654720)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654720/; classtype:trojan-activity;sid:84517820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654719)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654719/; classtype:trojan-activity;sid:84517819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654718)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250416-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654718/; classtype:trojan-activity;sid:84517818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654717/; classtype:trojan-activity;sid:84517817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654716)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654716/; classtype:trojan-activity;sid:84517816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31082019084149/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654715/; classtype:trojan-activity;sid:84517815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654714/; classtype:trojan-activity;sid:84517814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654712)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654712/; classtype:trojan-activity;sid:84517812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654710)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654710/; classtype:trojan-activity;sid:84517810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654706/; classtype:trojan-activity;sid:84517806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654702)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654702/; classtype:trojan-activity;sid:84517802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654703)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654703/; classtype:trojan-activity;sid:84517803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654701)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654701/; classtype:trojan-activity;sid:84517801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654697)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654697/; classtype:trojan-activity;sid:84517797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654694/; classtype:trojan-activity;sid:84517794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654695/; classtype:trojan-activity;sid:84517795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654693)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654693/; classtype:trojan-activity;sid:84517793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654692)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654692/; classtype:trojan-activity;sid:84517792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654691)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654691/; classtype:trojan-activity;sid:84517791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654687/; classtype:trojan-activity;sid:84517787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654688/; classtype:trojan-activity;sid:84517788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654686)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654686/; classtype:trojan-activity;sid:84517786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654685)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241211-068/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654685/; classtype:trojan-activity;sid:84517785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654684)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654684/; classtype:trojan-activity;sid:84517784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654682/; classtype:trojan-activity;sid:84517782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654679)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654679/; classtype:trojan-activity;sid:84517779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654678/; classtype:trojan-activity;sid:84517778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654673)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654673/; classtype:trojan-activity;sid:84517773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654674/; classtype:trojan-activity;sid:84517774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654672/; classtype:trojan-activity;sid:84517772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654668/; classtype:trojan-activity;sid:84517768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654670)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/1033/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654670/; classtype:trojan-activity;sid:84517770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654666)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"108.6.137.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654666/; classtype:trojan-activity;sid:84517766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654665/; classtype:trojan-activity;sid:84517765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654663)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654663/; classtype:trojan-activity;sid:84517763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654661)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654661/; classtype:trojan-activity;sid:84517761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654659)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654659/; classtype:trojan-activity;sid:84517759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654658)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654658/; classtype:trojan-activity;sid:84517758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654657)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654657/; classtype:trojan-activity;sid:84517757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654655/; classtype:trojan-activity;sid:84517755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654652)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654652/; classtype:trojan-activity;sid:84517752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654653)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654653/; classtype:trojan-activity;sid:84517753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654654/; classtype:trojan-activity;sid:84517754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654651/; classtype:trojan-activity;sid:84517751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654649)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654649/; classtype:trojan-activity;sid:84517749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654647/; classtype:trojan-activity;sid:84517747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654645)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654645/; classtype:trojan-activity;sid:84517745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654643/; classtype:trojan-activity;sid:84517743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654642)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654642/; classtype:trojan-activity;sid:84517742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654641)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654641/; classtype:trojan-activity;sid:84517741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654640)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654640/; classtype:trojan-activity;sid:84517740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654638)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654638/; classtype:trojan-activity;sid:84517738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654634)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654634/; classtype:trojan-activity;sid:84517734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654632)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/office64.pt-br/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654632/; classtype:trojan-activity;sid:84517732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654629)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654629/; classtype:trojan-activity;sid:84517729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654630/; classtype:trojan-activity;sid:84517730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654626)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654626/; classtype:trojan-activity;sid:84517726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654625)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654625/; classtype:trojan-activity;sid:84517725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654621/; classtype:trojan-activity;sid:84517721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654622/; classtype:trojan-activity;sid:84517722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654619)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654619/; classtype:trojan-activity;sid:84517719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654620/; classtype:trojan-activity;sid:84517720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654618)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654618/; classtype:trojan-activity;sid:84517718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654615)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654615/; classtype:trojan-activity;sid:84517715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654610/; classtype:trojan-activity;sid:84517710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654611)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654611/; classtype:trojan-activity;sid:84517711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654612)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654612/; classtype:trojan-activity;sid:84517712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654609)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654609/; classtype:trojan-activity;sid:84517709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654608/; classtype:trojan-activity;sid:84517708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654606)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654606/; classtype:trojan-activity;sid:84517706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654604)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654604/; classtype:trojan-activity;sid:84517704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654600)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654600/; classtype:trojan-activity;sid:84517700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654599)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654599/; classtype:trojan-activity;sid:84517699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654596)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654596/; classtype:trojan-activity;sid:84517696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654593/; classtype:trojan-activity;sid:84517693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654592/; classtype:trojan-activity;sid:84517692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654590)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654590/; classtype:trojan-activity;sid:84517690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654591)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654591/; classtype:trojan-activity;sid:84517691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654588)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654588/; classtype:trojan-activity;sid:84517688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654589/; classtype:trojan-activity;sid:84517689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654585/; classtype:trojan-activity;sid:84517685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654582)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654582/; classtype:trojan-activity;sid:84517682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654583)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654583/; classtype:trojan-activity;sid:84517683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654581)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654581/; classtype:trojan-activity;sid:84517681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654579)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654579/; classtype:trojan-activity;sid:84517679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654578)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654578/; classtype:trojan-activity;sid:84517678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654575/; classtype:trojan-activity;sid:84517675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654574)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654574/; classtype:trojan-activity;sid:84517674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654573)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654573/; classtype:trojan-activity;sid:84517673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654571/; classtype:trojan-activity;sid:84517671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654570)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654570/; classtype:trojan-activity;sid:84517670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654568)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654568/; classtype:trojan-activity;sid:84517668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654567)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654567/; classtype:trojan-activity;sid:84517667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654565)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654565/; classtype:trojan-activity;sid:84517665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654566/; classtype:trojan-activity;sid:84517666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654562)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241113-091/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654562/; classtype:trojan-activity;sid:84517662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654560)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654560/; classtype:trojan-activity;sid:84517660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654558)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654558/; classtype:trojan-activity;sid:84517658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654557)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241114-115/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654557/; classtype:trojan-activity;sid:84517657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654556)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654556/; classtype:trojan-activity;sid:84517656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654555/; classtype:trojan-activity;sid:84517655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654553)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654553/; classtype:trojan-activity;sid:84517653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654549)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654549/; classtype:trojan-activity;sid:84517649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654548)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654548/; classtype:trojan-activity;sid:84517648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654547)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654547/; classtype:trojan-activity;sid:84517647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654543)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654543/; classtype:trojan-activity;sid:84517643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654541)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654541/; classtype:trojan-activity;sid:84517641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654542)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654542/; classtype:trojan-activity;sid:84517642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654539/; classtype:trojan-activity;sid:84517639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654538)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654538/; classtype:trojan-activity;sid:84517638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654536)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654536/; classtype:trojan-activity;sid:84517636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654537)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654537/; classtype:trojan-activity;sid:84517637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654535)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654535/; classtype:trojan-activity;sid:84517635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654533)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654533/; classtype:trojan-activity;sid:84517633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654531)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654531/; classtype:trojan-activity;sid:84517631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654530)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654530/; classtype:trojan-activity;sid:84517630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654529)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654529/; classtype:trojan-activity;sid:84517629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654527)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654527/; classtype:trojan-activity;sid:84517627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654528)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654528/; classtype:trojan-activity;sid:84517628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654526/; classtype:trojan-activity;sid:84517626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654525/; classtype:trojan-activity;sid:84517625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654522/; classtype:trojan-activity;sid:84517622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654519)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654519/; classtype:trojan-activity;sid:84517619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654517/; classtype:trojan-activity;sid:84517617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654518)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654518/; classtype:trojan-activity;sid:84517618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654513)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654513/; classtype:trojan-activity;sid:84517613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654514/; classtype:trojan-activity;sid:84517614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654511)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1050/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654511/; classtype:trojan-activity;sid:84517611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654510)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654510/; classtype:trojan-activity;sid:84517610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654509/; classtype:trojan-activity;sid:84517609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654508)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654508/; classtype:trojan-activity;sid:84517608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654507/; classtype:trojan-activity;sid:84517607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654506)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654506/; classtype:trojan-activity;sid:84517606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654504)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654504/; classtype:trojan-activity;sid:84517604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654499/; classtype:trojan-activity;sid:84517599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654500)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"145.249.186.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654500/; classtype:trojan-activity;sid:84517600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654501)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654501/; classtype:trojan-activity;sid:84517601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654502)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654502/; classtype:trojan-activity;sid:84517602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654503)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654503/; classtype:trojan-activity;sid:84517603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654498)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654498/; classtype:trojan-activity;sid:84517598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654494)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654494/; classtype:trojan-activity;sid:84517594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654495)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654495/; classtype:trojan-activity;sid:84517595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654497/; classtype:trojan-activity;sid:84517597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654493)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654493/; classtype:trojan-activity;sid:84517593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654491/; classtype:trojan-activity;sid:84517591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654490)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654490/; classtype:trojan-activity;sid:84517590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654488/; classtype:trojan-activity;sid:84517588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654489)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654489/; classtype:trojan-activity;sid:84517589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654486)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654486/; classtype:trojan-activity;sid:84517586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654487)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654487/; classtype:trojan-activity;sid:84517587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654483)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654483/; classtype:trojan-activity;sid:84517583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654484)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654484/; classtype:trojan-activity;sid:84517584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654481)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654481/; classtype:trojan-activity;sid:84517581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654478)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654478/; classtype:trojan-activity;sid:84517578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654477/; classtype:trojan-activity;sid:84517577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654475)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/2052/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654475/; classtype:trojan-activity;sid:84517575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654476)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654476/; classtype:trojan-activity;sid:84517576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654474)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654474/; classtype:trojan-activity;sid:84517574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654473)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654473/; classtype:trojan-activity;sid:84517573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654472)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654472/; classtype:trojan-activity;sid:84517572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654470)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654470/; classtype:trojan-activity;sid:84517570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654464)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.108.238.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654464/; classtype:trojan-activity;sid:84517564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654467)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654467/; classtype:trojan-activity;sid:84517567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654469)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654469/; classtype:trojan-activity;sid:84517569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654460)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654460/; classtype:trojan-activity;sid:84517560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654461)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654461/; classtype:trojan-activity;sid:84517561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654462)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654462/; classtype:trojan-activity;sid:84517562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654459)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654459/; classtype:trojan-activity;sid:84517559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654457)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654457/; classtype:trojan-activity;sid:84517557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654452)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654452/; classtype:trojan-activity;sid:84517552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654451)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654451/; classtype:trojan-activity;sid:84517551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654450)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654450/; classtype:trojan-activity;sid:84517550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654449)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/fonts/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654449/; classtype:trojan-activity;sid:84517549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654448)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654448/; classtype:trojan-activity;sid:84517548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654447/; classtype:trojan-activity;sid:84517547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654445)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654445/; classtype:trojan-activity;sid:84517545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654442)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654442/; classtype:trojan-activity;sid:84517542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654437)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654437/; classtype:trojan-activity;sid:84517537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654438)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654438/; classtype:trojan-activity;sid:84517538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654439)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654439/; classtype:trojan-activity;sid:84517539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654435)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654435/; classtype:trojan-activity;sid:84517535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654434)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654434/; classtype:trojan-activity;sid:84517534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654433)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654433/; classtype:trojan-activity;sid:84517533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654431)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654431/; classtype:trojan-activity;sid:84517531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654429)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654429/; classtype:trojan-activity;sid:84517529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654427)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654427/; classtype:trojan-activity;sid:84517527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654428/; classtype:trojan-activity;sid:84517528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654424)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654424/; classtype:trojan-activity;sid:84517524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654425)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654425/; classtype:trojan-activity;sid:84517525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654423)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654423/; classtype:trojan-activity;sid:84517523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654415)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654415/; classtype:trojan-activity;sid:84517515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654412)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654412/; classtype:trojan-activity;sid:84517512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654409)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654409/; classtype:trojan-activity;sid:84517509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654410)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654410/; classtype:trojan-activity;sid:84517510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654411)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654411/; classtype:trojan-activity;sid:84517511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654408/; classtype:trojan-activity;sid:84517508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654404)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654404/; classtype:trojan-activity;sid:84517504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654405)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654405/; classtype:trojan-activity;sid:84517505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654401)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654401/; classtype:trojan-activity;sid:84517501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654399)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654399/; classtype:trojan-activity;sid:84517499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654397)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/shared/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654397/; classtype:trojan-activity;sid:84517497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654392)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654392/; classtype:trojan-activity;sid:84517492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654390)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654390/; classtype:trojan-activity;sid:84517490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654391/; classtype:trojan-activity;sid:84517491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654387)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654387/; classtype:trojan-activity;sid:84517487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654388)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654388/; classtype:trojan-activity;sid:84517488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654386)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654386/; classtype:trojan-activity;sid:84517486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654385)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654385/; classtype:trojan-activity;sid:84517485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654383)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654383/; classtype:trojan-activity;sid:84517483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654384)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654384/; classtype:trojan-activity;sid:84517484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654381)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654381/; classtype:trojan-activity;sid:84517481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654380/; classtype:trojan-activity;sid:84517480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654378)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654378/; classtype:trojan-activity;sid:84517478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654375)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654375/; classtype:trojan-activity;sid:84517475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654376)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654376/; classtype:trojan-activity;sid:84517476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654377)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654377/; classtype:trojan-activity;sid:84517477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654374)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654374/; classtype:trojan-activity;sid:84517474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654372/; classtype:trojan-activity;sid:84517472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654373)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654373/; classtype:trojan-activity;sid:84517473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654371/; classtype:trojan-activity;sid:84517471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654365)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654365/; classtype:trojan-activity;sid:84517465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654364)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654364/; classtype:trojan-activity;sid:84517464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654362)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654362/; classtype:trojan-activity;sid:84517462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654361)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654361/; classtype:trojan-activity;sid:84517461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654359)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654359/; classtype:trojan-activity;sid:84517459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654357)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654357/; classtype:trojan-activity;sid:84517457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654356)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654356/; classtype:trojan-activity;sid:84517456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654354)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654354/; classtype:trojan-activity;sid:84517454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654353)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654353/; classtype:trojan-activity;sid:84517453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654351)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654351/; classtype:trojan-activity;sid:84517451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654352)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654352/; classtype:trojan-activity;sid:84517452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654349)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654349/; classtype:trojan-activity;sid:84517449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654347)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654347/; classtype:trojan-activity;sid:84517447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654345)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654345/; classtype:trojan-activity;sid:84517445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654342)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654342/; classtype:trojan-activity;sid:84517442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654341)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654341/; classtype:trojan-activity;sid:84517441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654340)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654340/; classtype:trojan-activity;sid:84517440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654338)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654338/; classtype:trojan-activity;sid:84517438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654339/; classtype:trojan-activity;sid:84517439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654336/; classtype:trojan-activity;sid:84517436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654337)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654337/; classtype:trojan-activity;sid:84517437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654334/; classtype:trojan-activity;sid:84517434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654333)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654333/; classtype:trojan-activity;sid:84517433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654332)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654332/; classtype:trojan-activity;sid:84517432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654331/; classtype:trojan-activity;sid:84517431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654327)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240521-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654327/; classtype:trojan-activity;sid:84517427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654326)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654326/; classtype:trojan-activity;sid:84517426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654324/; classtype:trojan-activity;sid:84517424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654325)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654325/; classtype:trojan-activity;sid:84517425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654322)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654322/; classtype:trojan-activity;sid:84517422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654321/; classtype:trojan-activity;sid:84517421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654320)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654320/; classtype:trojan-activity;sid:84517420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654318/; classtype:trojan-activity;sid:84517418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654317)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654317/; classtype:trojan-activity;sid:84517417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654316)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654316/; classtype:trojan-activity;sid:84517416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654314)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240830-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654314/; classtype:trojan-activity;sid:84517414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654311/; classtype:trojan-activity;sid:84517411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654309)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654309/; classtype:trojan-activity;sid:84517409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654308/; classtype:trojan-activity;sid:84517408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654304)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654304/; classtype:trojan-activity;sid:84517404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654303)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654303/; classtype:trojan-activity;sid:84517403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654302)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654302/; classtype:trojan-activity;sid:84517402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654299/; classtype:trojan-activity;sid:84517399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654298)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654298/; classtype:trojan-activity;sid:84517398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654297)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654297/; classtype:trojan-activity;sid:84517397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654293)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230317-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654293/; classtype:trojan-activity;sid:84517393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654288)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654288/; classtype:trojan-activity;sid:84517388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654289)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654289/; classtype:trojan-activity;sid:84517389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654285)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654285/; classtype:trojan-activity;sid:84517385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654283/; classtype:trojan-activity;sid:84517383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654279)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654279/; classtype:trojan-activity;sid:84517379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654280)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654280/; classtype:trojan-activity;sid:84517380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654277/; classtype:trojan-activity;sid:84517377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654276/; classtype:trojan-activity;sid:84517376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654275)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654275/; classtype:trojan-activity;sid:84517375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654272)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654272/; classtype:trojan-activity;sid:84517372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654270/; classtype:trojan-activity;sid:84517370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654268)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654268/; classtype:trojan-activity;sid:84517368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654267)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654267/; classtype:trojan-activity;sid:84517367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654266/; classtype:trojan-activity;sid:84517366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654264)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654264/; classtype:trojan-activity;sid:84517364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654261)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654261/; classtype:trojan-activity;sid:84517361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654259/; classtype:trojan-activity;sid:84517359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654258)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654258/; classtype:trojan-activity;sid:84517358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654257)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654257/; classtype:trojan-activity;sid:84517357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654256)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654256/; classtype:trojan-activity;sid:84517356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654255)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654255/; classtype:trojan-activity;sid:84517355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654252)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654252/; classtype:trojan-activity;sid:84517352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654253)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654253/; classtype:trojan-activity;sid:84517353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654250)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654250/; classtype:trojan-activity;sid:84517350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654246)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654246/; classtype:trojan-activity;sid:84517346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654247/; classtype:trojan-activity;sid:84517347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654243)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654243/; classtype:trojan-activity;sid:84517343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654242)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654242/; classtype:trojan-activity;sid:84517342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654241)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654241/; classtype:trojan-activity;sid:84517341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654239/; classtype:trojan-activity;sid:84517339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654237/; classtype:trojan-activity;sid:84517337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654235)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654235/; classtype:trojan-activity;sid:84517335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654234)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654234/; classtype:trojan-activity;sid:84517334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654233/; classtype:trojan-activity;sid:84517333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654230)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654230/; classtype:trojan-activity;sid:84517330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654229)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654229/; classtype:trojan-activity;sid:84517329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654225)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654225/; classtype:trojan-activity;sid:84517325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654226)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654226/; classtype:trojan-activity;sid:84517326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654221)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654221/; classtype:trojan-activity;sid:84517321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654223)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654223/; classtype:trojan-activity;sid:84517323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654218)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654218/; classtype:trojan-activity;sid:84517318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654219)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654219/; classtype:trojan-activity;sid:84517319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654220/; classtype:trojan-activity;sid:84517320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654215)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654215/; classtype:trojan-activity;sid:84517315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654216/; classtype:trojan-activity;sid:84517316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654213)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654213/; classtype:trojan-activity;sid:84517313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654208)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654208/; classtype:trojan-activity;sid:84517308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654209/; classtype:trojan-activity;sid:84517309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654205)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654205/; classtype:trojan-activity;sid:84517305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654203)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654203/; classtype:trojan-activity;sid:84517303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654201)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654201/; classtype:trojan-activity;sid:84517301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654202)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654202/; classtype:trojan-activity;sid:84517302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654200)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654200/; classtype:trojan-activity;sid:84517300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654197/; classtype:trojan-activity;sid:84517297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654198)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654198/; classtype:trojan-activity;sid:84517298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654195)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654195/; classtype:trojan-activity;sid:84517295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654194)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654194/; classtype:trojan-activity;sid:84517294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654192)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654192/; classtype:trojan-activity;sid:84517292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654193/; classtype:trojan-activity;sid:84517293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-10-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654187/; classtype:trojan-activity;sid:84517287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654183)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654183/; classtype:trojan-activity;sid:84517283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654181)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654181/; classtype:trojan-activity;sid:84517281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654177)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654177/; classtype:trojan-activity;sid:84517277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654167)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654167/; classtype:trojan-activity;sid:84517267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654165)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654165/; classtype:trojan-activity;sid:84517265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654166)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.63.148.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654166/; classtype:trojan-activity;sid:84517266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654161)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654161/; classtype:trojan-activity;sid:84517261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654159)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654159/; classtype:trojan-activity;sid:84517259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654153/; classtype:trojan-activity;sid:84517253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654154/; classtype:trojan-activity;sid:84517254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654155)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654155/; classtype:trojan-activity;sid:84517255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654152)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654152/; classtype:trojan-activity;sid:84517252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654151)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654151/; classtype:trojan-activity;sid:84517251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654150)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654150/; classtype:trojan-activity;sid:84517250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654149/; classtype:trojan-activity;sid:84517249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654148)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654148/; classtype:trojan-activity;sid:84517248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654146)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654146/; classtype:trojan-activity;sid:84517246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654147)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654147/; classtype:trojan-activity;sid:84517247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654145)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654145/; classtype:trojan-activity;sid:84517245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654144)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654144/; classtype:trojan-activity;sid:84517244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654143)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654143/; classtype:trojan-activity;sid:84517243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654141)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654141/; classtype:trojan-activity;sid:84517241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654139)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240828-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654139/; classtype:trojan-activity;sid:84517239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654140)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654140/; classtype:trojan-activity;sid:84517240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654137)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654137/; classtype:trojan-activity;sid:84517237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654134)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654134/; classtype:trojan-activity;sid:84517234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654133)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654133/; classtype:trojan-activity;sid:84517233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654126)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654126/; classtype:trojan-activity;sid:84517226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654127)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654127/; classtype:trojan-activity;sid:84517227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654125/; classtype:trojan-activity;sid:84517225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654122/; classtype:trojan-activity;sid:84517222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654123)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654123/; classtype:trojan-activity;sid:84517223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654121)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654121/; classtype:trojan-activity;sid:84517221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654120)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654120/; classtype:trojan-activity;sid:84517220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654119/; classtype:trojan-activity;sid:84517219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654118)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654118/; classtype:trojan-activity;sid:84517218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654117)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654117/; classtype:trojan-activity;sid:84517217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654113)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654113/; classtype:trojan-activity;sid:84517213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654114)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654114/; classtype:trojan-activity;sid:84517214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654110)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654110/; classtype:trojan-activity;sid:84517210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654108)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654108/; classtype:trojan-activity;sid:84517208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654109/; classtype:trojan-activity;sid:84517209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654103)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654103/; classtype:trojan-activity;sid:84517203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654104)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654104/; classtype:trojan-activity;sid:84517204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654101)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654101/; classtype:trojan-activity;sid:84517201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654100/; classtype:trojan-activity;sid:84517200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654098)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654098/; classtype:trojan-activity;sid:84517198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654099)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240807-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654099/; classtype:trojan-activity;sid:84517199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654097)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654097/; classtype:trojan-activity;sid:84517197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654095)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654095/; classtype:trojan-activity;sid:84517195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654096)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654096/; classtype:trojan-activity;sid:84517196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654093)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654093/; classtype:trojan-activity;sid:84517193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654091/; classtype:trojan-activity;sid:84517191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654089)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654089/; classtype:trojan-activity;sid:84517189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654090)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654090/; classtype:trojan-activity;sid:84517190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654088/; classtype:trojan-activity;sid:84517188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654087)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654087/; classtype:trojan-activity;sid:84517187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654085)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654085/; classtype:trojan-activity;sid:84517185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654083)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654083/; classtype:trojan-activity;sid:84517183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654082)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654082/; classtype:trojan-activity;sid:84517182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654081/; classtype:trojan-activity;sid:84517181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654080)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654080/; classtype:trojan-activity;sid:84517180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654079)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654079/; classtype:trojan-activity;sid:84517179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654078)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654078/; classtype:trojan-activity;sid:84517178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654077)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654077/; classtype:trojan-activity;sid:84517177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654076)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654076/; classtype:trojan-activity;sid:84517176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654073)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654073/; classtype:trojan-activity;sid:84517173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654074)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654074/; classtype:trojan-activity;sid:84517174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654072/; classtype:trojan-activity;sid:84517172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654070/; classtype:trojan-activity;sid:84517170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654071)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654071/; classtype:trojan-activity;sid:84517171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654069)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654069/; classtype:trojan-activity;sid:84517169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654068/; classtype:trojan-activity;sid:84517168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654067)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654067/; classtype:trojan-activity;sid:84517167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654066)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250305-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654066/; classtype:trojan-activity;sid:84517166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654065)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654065/; classtype:trojan-activity;sid:84517165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654059)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654059/; classtype:trojan-activity;sid:84517159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654062)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654062/; classtype:trojan-activity;sid:84517162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654063)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654063/; classtype:trojan-activity;sid:84517163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654058)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654058/; classtype:trojan-activity;sid:84517158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654055)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654055/; classtype:trojan-activity;sid:84517155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654056)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654056/; classtype:trojan-activity;sid:84517156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654057/; classtype:trojan-activity;sid:84517157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654053/; classtype:trojan-activity;sid:84517153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654054)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654054/; classtype:trojan-activity;sid:84517154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654052)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654052/; classtype:trojan-activity;sid:84517152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654051)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654051/; classtype:trojan-activity;sid:84517151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08102019085104/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654049/; classtype:trojan-activity;sid:84517149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654050)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654050/; classtype:trojan-activity;sid:84517150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654047)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654047/; classtype:trojan-activity;sid:84517147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654048)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654048/; classtype:trojan-activity;sid:84517148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654046/; classtype:trojan-activity;sid:84517146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654045)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230909-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654045/; classtype:trojan-activity;sid:84517145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654044)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654044/; classtype:trojan-activity;sid:84517144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654042)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654042/; classtype:trojan-activity;sid:84517142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654040)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654040/; classtype:trojan-activity;sid:84517140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654039)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654039/; classtype:trojan-activity;sid:84517139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654038)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654038/; classtype:trojan-activity;sid:84517138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654037)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654037/; classtype:trojan-activity;sid:84517137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654035)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654035/; classtype:trojan-activity;sid:84517135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654036)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240127-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654036/; classtype:trojan-activity;sid:84517136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654034/; classtype:trojan-activity;sid:84517134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654033/; classtype:trojan-activity;sid:84517133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654032)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654032/; classtype:trojan-activity;sid:84517132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654031)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654031/; classtype:trojan-activity;sid:84517131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654030)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654030/; classtype:trojan-activity;sid:84517130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654029)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654029/; classtype:trojan-activity;sid:84517129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654028)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250724-113/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654028/; classtype:trojan-activity;sid:84517128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654026)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654026/; classtype:trojan-activity;sid:84517126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654025/; classtype:trojan-activity;sid:84517125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654024)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654024/; classtype:trojan-activity;sid:84517124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654023/; classtype:trojan-activity;sid:84517123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654022)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654022/; classtype:trojan-activity;sid:84517122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654021/; classtype:trojan-activity;sid:84517121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654019/; classtype:trojan-activity;sid:84517119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654018)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654018/; classtype:trojan-activity;sid:84517118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654017/; classtype:trojan-activity;sid:84517117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654015)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654015/; classtype:trojan-activity;sid:84517115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654014/; classtype:trojan-activity;sid:84517114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654012)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654012/; classtype:trojan-activity;sid:84517112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654013)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654013/; classtype:trojan-activity;sid:84517113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654011/; classtype:trojan-activity;sid:84517111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654010)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654010/; classtype:trojan-activity;sid:84517110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654009)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654009/; classtype:trojan-activity;sid:84517109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654007)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654007/; classtype:trojan-activity;sid:84517107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654008)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654008/; classtype:trojan-activity;sid:84517108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250701-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654006/; classtype:trojan-activity;sid:84517106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654005/; classtype:trojan-activity;sid:84517105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654003/; classtype:trojan-activity;sid:84517103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654002)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654002/; classtype:trojan-activity;sid:84517102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654001/; classtype:trojan-activity;sid:84517101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654000)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654000/; classtype:trojan-activity;sid:84517100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653999)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653999/; classtype:trojan-activity;sid:84517099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653998)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653998/; classtype:trojan-activity;sid:84517098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653997)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653997/; classtype:trojan-activity;sid:84517097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653994)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653994/; classtype:trojan-activity;sid:84517094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653995)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653995/; classtype:trojan-activity;sid:84517095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653996)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653996/; classtype:trojan-activity;sid:84517096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653992/; classtype:trojan-activity;sid:84517092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653990)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653990/; classtype:trojan-activity;sid:84517090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653988/; classtype:trojan-activity;sid:84517088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653986)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653986/; classtype:trojan-activity;sid:84517086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653982)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653982/; classtype:trojan-activity;sid:84517082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653981)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653981/; classtype:trojan-activity;sid:84517081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653980)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653980/; classtype:trojan-activity;sid:84517080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653979)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653979/; classtype:trojan-activity;sid:84517079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653978)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653978/; classtype:trojan-activity;sid:84517078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653977)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653977/; classtype:trojan-activity;sid:84517077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653976)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653976/; classtype:trojan-activity;sid:84517076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653973)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653973/; classtype:trojan-activity;sid:84517073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653967)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653967/; classtype:trojan-activity;sid:84517067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653968)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653968/; classtype:trojan-activity;sid:84517068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653965)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653965/; classtype:trojan-activity;sid:84517065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653966)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653966/; classtype:trojan-activity;sid:84517066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653964)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653964/; classtype:trojan-activity;sid:84517064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653963)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653963/; classtype:trojan-activity;sid:84517063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653960)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653960/; classtype:trojan-activity;sid:84517060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653961)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653961/; classtype:trojan-activity;sid:84517061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653962)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653962/; classtype:trojan-activity;sid:84517062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653958)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653958/; classtype:trojan-activity;sid:84517058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653956)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653956/; classtype:trojan-activity;sid:84517056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653957)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653957/; classtype:trojan-activity;sid:84517057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653955)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653955/; classtype:trojan-activity;sid:84517055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653953)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653953/; classtype:trojan-activity;sid:84517053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653949)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653949/; classtype:trojan-activity;sid:84517049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653948/; classtype:trojan-activity;sid:84517048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653945)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653945/; classtype:trojan-activity;sid:84517045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653944)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653944/; classtype:trojan-activity;sid:84517044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653941)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653941/; classtype:trojan-activity;sid:84517041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653943/; classtype:trojan-activity;sid:84517043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653939)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653939/; classtype:trojan-activity;sid:84517039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653940)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x86/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653940/; classtype:trojan-activity;sid:84517040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653938)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653938/; classtype:trojan-activity;sid:84517038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653936)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653936/; classtype:trojan-activity;sid:84517036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653933)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653933/; classtype:trojan-activity;sid:84517033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653929)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653929/; classtype:trojan-activity;sid:84517029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653926)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653926/; classtype:trojan-activity;sid:84517026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653927)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653927/; classtype:trojan-activity;sid:84517027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653928/; classtype:trojan-activity;sid:84517028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/2052/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653925/; classtype:trojan-activity;sid:84517025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653924)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653924/; classtype:trojan-activity;sid:84517024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653922)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653922/; classtype:trojan-activity;sid:84517022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653920/; classtype:trojan-activity;sid:84517020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653917/; classtype:trojan-activity;sid:84517017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653918)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653918/; classtype:trojan-activity;sid:84517018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653915)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653915/; classtype:trojan-activity;sid:84517015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653916)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653916/; classtype:trojan-activity;sid:84517016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653914/; classtype:trojan-activity;sid:84517014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653913)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653913/; classtype:trojan-activity;sid:84517013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653911)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653911/; classtype:trojan-activity;sid:84517011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653912)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653912/; classtype:trojan-activity;sid:84517012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653910)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653910/; classtype:trojan-activity;sid:84517010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653909)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653909/; classtype:trojan-activity;sid:84517009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653905)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653905/; classtype:trojan-activity;sid:84517005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653904)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653904/; classtype:trojan-activity;sid:84517004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653903)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653903/; classtype:trojan-activity;sid:84517003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653901)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653901/; classtype:trojan-activity;sid:84517001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653900)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653900/; classtype:trojan-activity;sid:84517000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653898)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653898/; classtype:trojan-activity;sid:84516998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653896)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653896/; classtype:trojan-activity;sid:84516996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653895)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653895/; classtype:trojan-activity;sid:84516995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653892/; classtype:trojan-activity;sid:84516992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653893/; classtype:trojan-activity;sid:84516993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653891)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653891/; classtype:trojan-activity;sid:84516991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653890)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653890/; classtype:trojan-activity;sid:84516990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653889)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653889/; classtype:trojan-activity;sid:84516989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653888)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653888/; classtype:trojan-activity;sid:84516988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240724-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653887/; classtype:trojan-activity;sid:84516987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653885/; classtype:trojan-activity;sid:84516985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653882/; classtype:trojan-activity;sid:84516982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653884)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653884/; classtype:trojan-activity;sid:84516984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653880)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653880/; classtype:trojan-activity;sid:84516980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653881)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653881/; classtype:trojan-activity;sid:84516981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653879)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653879/; classtype:trojan-activity;sid:84516979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653878)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653878/; classtype:trojan-activity;sid:84516978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653875/; classtype:trojan-activity;sid:84516975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653871)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653871/; classtype:trojan-activity;sid:84516971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653872/; classtype:trojan-activity;sid:84516972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653869)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653869/; classtype:trojan-activity;sid:84516969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653870)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653870/; classtype:trojan-activity;sid:84516970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653867)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653867/; classtype:trojan-activity;sid:84516967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653864/; classtype:trojan-activity;sid:84516964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653865)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653865/; classtype:trojan-activity;sid:84516965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653863/; classtype:trojan-activity;sid:84516963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653862)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653862/; classtype:trojan-activity;sid:84516962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653861/; classtype:trojan-activity;sid:84516961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653859)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653859/; classtype:trojan-activity;sid:84516959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653860)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231206-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653860/; classtype:trojan-activity;sid:84516960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653858/; classtype:trojan-activity;sid:84516958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653857)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653857/; classtype:trojan-activity;sid:84516957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653856/; classtype:trojan-activity;sid:84516956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653855)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/watson/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653855/; classtype:trojan-activity;sid:84516955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653854)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653854/; classtype:trojan-activity;sid:84516954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653853)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653853/; classtype:trojan-activity;sid:84516953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653852/; classtype:trojan-activity;sid:84516952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653851)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653851/; classtype:trojan-activity;sid:84516951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653849/; classtype:trojan-activity;sid:84516949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653847/; classtype:trojan-activity;sid:84516947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653842/; classtype:trojan-activity;sid:84516942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653844)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653844/; classtype:trojan-activity;sid:84516944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-06-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653841/; classtype:trojan-activity;sid:84516941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653840)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653840/; classtype:trojan-activity;sid:84516940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653839/; classtype:trojan-activity;sid:84516939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653837)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/bjgl.pbd/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653837/; classtype:trojan-activity;sid:84516937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653836/; classtype:trojan-activity;sid:84516936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653834)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653834/; classtype:trojan-activity;sid:84516934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653833)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653833/; classtype:trojan-activity;sid:84516933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653832)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653832/; classtype:trojan-activity;sid:84516932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653831/; classtype:trojan-activity;sid:84516931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653830/; classtype:trojan-activity;sid:84516930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653829)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653829/; classtype:trojan-activity;sid:84516929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653826/; classtype:trojan-activity;sid:84516926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653824)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653824/; classtype:trojan-activity;sid:84516924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653823/; classtype:trojan-activity;sid:84516923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653822)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653822/; classtype:trojan-activity;sid:84516922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653820)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pdffactory_pro_setup/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653820/; classtype:trojan-activity;sid:84516920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653818/; classtype:trojan-activity;sid:84516918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653819/; classtype:trojan-activity;sid:84516919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653815)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653815/; classtype:trojan-activity;sid:84516915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653816)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653816/; classtype:trojan-activity;sid:84516916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653814)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653814/; classtype:trojan-activity;sid:84516914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653813)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653813/; classtype:trojan-activity;sid:84516913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653809/; classtype:trojan-activity;sid:84516909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653806/; classtype:trojan-activity;sid:84516906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653804/; classtype:trojan-activity;sid:84516904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653805/; classtype:trojan-activity;sid:84516905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653803)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653803/; classtype:trojan-activity;sid:84516903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653802)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653802/; classtype:trojan-activity;sid:84516902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653799)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653799/; classtype:trojan-activity;sid:84516899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653800)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653800/; classtype:trojan-activity;sid:84516900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.195.224.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653801/; classtype:trojan-activity;sid:84516901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653796/; classtype:trojan-activity;sid:84516896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653798)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653798/; classtype:trojan-activity;sid:84516898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653794/; classtype:trojan-activity;sid:84516894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653795)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250630-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653795/; classtype:trojan-activity;sid:84516895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653792/; classtype:trojan-activity;sid:84516892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653791)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653791/; classtype:trojan-activity;sid:84516891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653790/; classtype:trojan-activity;sid:84516890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653788)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653788/; classtype:trojan-activity;sid:84516888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653786)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653786/; classtype:trojan-activity;sid:84516886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653783/; classtype:trojan-activity;sid:84516883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653782/; classtype:trojan-activity;sid:84516882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653781)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653781/; classtype:trojan-activity;sid:84516881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653777)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653777/; classtype:trojan-activity;sid:84516877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653778/; classtype:trojan-activity;sid:84516878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653775)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653775/; classtype:trojan-activity;sid:84516875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653774/; classtype:trojan-activity;sid:84516874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653772)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653772/; classtype:trojan-activity;sid:84516872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653768)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653768/; classtype:trojan-activity;sid:84516868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653769)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241219-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653769/; classtype:trojan-activity;sid:84516869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653770)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653770/; classtype:trojan-activity;sid:84516870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653767)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653767/; classtype:trojan-activity;sid:84516867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653763)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653763/; classtype:trojan-activity;sid:84516863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653764)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653764/; classtype:trojan-activity;sid:84516864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653761/; classtype:trojan-activity;sid:84516861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653759)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653759/; classtype:trojan-activity;sid:84516859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653760)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653760/; classtype:trojan-activity;sid:84516860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653758/; classtype:trojan-activity;sid:84516858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653756)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653756/; classtype:trojan-activity;sid:84516856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653755)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653755/; classtype:trojan-activity;sid:84516855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653752)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653752/; classtype:trojan-activity;sid:84516852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653751/; classtype:trojan-activity;sid:84516851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653749)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653749/; classtype:trojan-activity;sid:84516849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653748)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653748/; classtype:trojan-activity;sid:84516848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653747)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653747/; classtype:trojan-activity;sid:84516847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653746/; classtype:trojan-activity;sid:84516846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653745)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653745/; classtype:trojan-activity;sid:84516845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653744)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653744/; classtype:trojan-activity;sid:84516844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653743)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653743/; classtype:trojan-activity;sid:84516843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653742)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653742/; classtype:trojan-activity;sid:84516842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653741/; classtype:trojan-activity;sid:84516841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tx/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653740/; classtype:trojan-activity;sid:84516840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653737/; classtype:trojan-activity;sid:84516837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653738/; classtype:trojan-activity;sid:84516838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653735/; classtype:trojan-activity;sid:84516835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653734/; classtype:trojan-activity;sid:84516834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653733)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653733/; classtype:trojan-activity;sid:84516833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653732/; classtype:trojan-activity;sid:84516832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653730/; classtype:trojan-activity;sid:84516830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653729)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653729/; classtype:trojan-activity;sid:84516829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653728/; classtype:trojan-activity;sid:84516828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653725/; classtype:trojan-activity;sid:84516825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653724)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653724/; classtype:trojan-activity;sid:84516824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653722/; classtype:trojan-activity;sid:84516822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653720)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653720/; classtype:trojan-activity;sid:84516820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653721)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653721/; classtype:trojan-activity;sid:84516821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653718/; classtype:trojan-activity;sid:84516818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653717)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653717/; classtype:trojan-activity;sid:84516817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653716)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653716/; classtype:trojan-activity;sid:84516816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653715)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653715/; classtype:trojan-activity;sid:84516815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653714)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653714/; classtype:trojan-activity;sid:84516814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653712)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653712/; classtype:trojan-activity;sid:84516812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653708)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653708/; classtype:trojan-activity;sid:84516808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653707/; classtype:trojan-activity;sid:84516807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653705)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653705/; classtype:trojan-activity;sid:84516805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653706)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653706/; classtype:trojan-activity;sid:84516806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653704/; classtype:trojan-activity;sid:84516804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653703/; classtype:trojan-activity;sid:84516803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653702/; classtype:trojan-activity;sid:84516802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653701/; classtype:trojan-activity;sid:84516801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653698)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653698/; classtype:trojan-activity;sid:84516798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653697)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653697/; classtype:trojan-activity;sid:84516797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653696/; classtype:trojan-activity;sid:84516796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653695/; classtype:trojan-activity;sid:84516795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653694)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653694/; classtype:trojan-activity;sid:84516794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653693/; classtype:trojan-activity;sid:84516793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653690)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653690/; classtype:trojan-activity;sid:84516790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653686)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653686/; classtype:trojan-activity;sid:84516786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653687)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653687/; classtype:trojan-activity;sid:84516787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653685/; classtype:trojan-activity;sid:84516785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653684)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653684/; classtype:trojan-activity;sid:84516784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653683/; classtype:trojan-activity;sid:84516783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653681/; classtype:trojan-activity;sid:84516781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653682)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653682/; classtype:trojan-activity;sid:84516782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653680)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653680/; classtype:trojan-activity;sid:84516780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653679)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653679/; classtype:trojan-activity;sid:84516779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653676)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653676/; classtype:trojan-activity;sid:84516776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653675/; classtype:trojan-activity;sid:84516775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653673)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653673/; classtype:trojan-activity;sid:84516773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653672)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653672/; classtype:trojan-activity;sid:84516772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653670)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653670/; classtype:trojan-activity;sid:84516770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653671/; classtype:trojan-activity;sid:84516771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653669)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653669/; classtype:trojan-activity;sid:84516769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653664)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653664/; classtype:trojan-activity;sid:84516764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653666)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653666/; classtype:trojan-activity;sid:84516766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653662/; classtype:trojan-activity;sid:84516762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653663)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653663/; classtype:trojan-activity;sid:84516763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653661/; classtype:trojan-activity;sid:84516761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653660)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653660/; classtype:trojan-activity;sid:84516760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653659)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653659/; classtype:trojan-activity;sid:84516759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653656)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653656/; classtype:trojan-activity;sid:84516756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653655)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653655/; classtype:trojan-activity;sid:84516755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653653)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653653/; classtype:trojan-activity;sid:84516753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653654)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653654/; classtype:trojan-activity;sid:84516754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653649/; classtype:trojan-activity;sid:84516749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653652)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653652/; classtype:trojan-activity;sid:84516752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653647/; classtype:trojan-activity;sid:84516747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653644)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653644/; classtype:trojan-activity;sid:84516744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653645)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653645/; classtype:trojan-activity;sid:84516745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653640/; classtype:trojan-activity;sid:84516740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653636/; classtype:trojan-activity;sid:84516736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653637)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653637/; classtype:trojan-activity;sid:84516737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653638)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653638/; classtype:trojan-activity;sid:84516738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653633/; classtype:trojan-activity;sid:84516733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653634/; classtype:trojan-activity;sid:84516734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653632)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653632/; classtype:trojan-activity;sid:84516732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653629)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653629/; classtype:trojan-activity;sid:84516729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653627)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653627/; classtype:trojan-activity;sid:84516727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653628/; classtype:trojan-activity;sid:84516728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653620/; classtype:trojan-activity;sid:84516720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653621)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653621/; classtype:trojan-activity;sid:84516721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653622)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653622/; classtype:trojan-activity;sid:84516722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653616/; classtype:trojan-activity;sid:84516716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653613/; classtype:trojan-activity;sid:84516713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653610)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653610/; classtype:trojan-activity;sid:84516710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653611)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653611/; classtype:trojan-activity;sid:84516711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653612)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653612/; classtype:trojan-activity;sid:84516712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653606/; classtype:trojan-activity;sid:84516706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653605/; classtype:trojan-activity;sid:84516705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653603/; classtype:trojan-activity;sid:84516703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653602/; classtype:trojan-activity;sid:84516702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653599/; classtype:trojan-activity;sid:84516699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653600)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653600/; classtype:trojan-activity;sid:84516700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653598/; classtype:trojan-activity;sid:84516698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653597)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250421-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653597/; classtype:trojan-activity;sid:84516697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653596)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653596/; classtype:trojan-activity;sid:84516696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653595/; classtype:trojan-activity;sid:84516695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653594)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653594/; classtype:trojan-activity;sid:84516694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653593/; classtype:trojan-activity;sid:84516693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653592)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-041/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653592/; classtype:trojan-activity;sid:84516692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653589)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653589/; classtype:trojan-activity;sid:84516689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653588)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653588/; classtype:trojan-activity;sid:84516688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653586/; classtype:trojan-activity;sid:84516686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653585/; classtype:trojan-activity;sid:84516685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653584)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653584/; classtype:trojan-activity;sid:84516684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653580)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653580/; classtype:trojan-activity;sid:84516680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653582)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653582/; classtype:trojan-activity;sid:84516682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653579)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653579/; classtype:trojan-activity;sid:84516679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653578/; classtype:trojan-activity;sid:84516678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653577/; classtype:trojan-activity;sid:84516677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653576)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653576/; classtype:trojan-activity;sid:84516676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653575)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653575/; classtype:trojan-activity;sid:84516675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653573)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653573/; classtype:trojan-activity;sid:84516673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653574/; classtype:trojan-activity;sid:84516674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653572)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653572/; classtype:trojan-activity;sid:84516672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653570)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653570/; classtype:trojan-activity;sid:84516670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653569)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653569/; classtype:trojan-activity;sid:84516669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653567)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241008-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653567/; classtype:trojan-activity;sid:84516667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653568)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653568/; classtype:trojan-activity;sid:84516668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653566)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653566/; classtype:trojan-activity;sid:84516666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653565)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653565/; classtype:trojan-activity;sid:84516665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653564)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653564/; classtype:trojan-activity;sid:84516664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653563)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653563/; classtype:trojan-activity;sid:84516663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653562)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653562/; classtype:trojan-activity;sid:84516662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653560)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653560/; classtype:trojan-activity;sid:84516660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653561)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250616-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653561/; classtype:trojan-activity;sid:84516661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653559/; classtype:trojan-activity;sid:84516659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653558)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653558/; classtype:trojan-activity;sid:84516658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653556)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653556/; classtype:trojan-activity;sid:84516656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653554)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653554/; classtype:trojan-activity;sid:84516654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653553)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653553/; classtype:trojan-activity;sid:84516653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653551)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653551/; classtype:trojan-activity;sid:84516651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653552)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653552/; classtype:trojan-activity;sid:84516652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653550/; classtype:trojan-activity;sid:84516650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653548)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653548/; classtype:trojan-activity;sid:84516648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653547/; classtype:trojan-activity;sid:84516647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653546/; classtype:trojan-activity;sid:84516646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653544)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241130-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653544/; classtype:trojan-activity;sid:84516644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653545/; classtype:trojan-activity;sid:84516645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653543/; classtype:trojan-activity;sid:84516643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653538)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653538/; classtype:trojan-activity;sid:84516638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653539)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653539/; classtype:trojan-activity;sid:84516639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653540)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653540/; classtype:trojan-activity;sid:84516640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653537/; classtype:trojan-activity;sid:84516637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653536)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653536/; classtype:trojan-activity;sid:84516636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653532)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653532/; classtype:trojan-activity;sid:84516632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653533/; classtype:trojan-activity;sid:84516633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653530/; classtype:trojan-activity;sid:84516630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653531/; classtype:trojan-activity;sid:84516631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653529)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653529/; classtype:trojan-activity;sid:84516629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653528)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653528/; classtype:trojan-activity;sid:84516628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653525/; classtype:trojan-activity;sid:84516625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653526/; classtype:trojan-activity;sid:84516626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653523/; classtype:trojan-activity;sid:84516623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653522/; classtype:trojan-activity;sid:84516622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653521)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653521/; classtype:trojan-activity;sid:84516621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653519)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653519/; classtype:trojan-activity;sid:84516619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653517/; classtype:trojan-activity;sid:84516617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653515)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653515/; classtype:trojan-activity;sid:84516615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653514)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653514/; classtype:trojan-activity;sid:84516614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653513)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653513/; classtype:trojan-activity;sid:84516613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653509/; classtype:trojan-activity;sid:84516609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653510)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653510/; classtype:trojan-activity;sid:84516610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653511)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653511/; classtype:trojan-activity;sid:84516611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653506)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653506/; classtype:trojan-activity;sid:84516606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653507)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653507/; classtype:trojan-activity;sid:84516607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653508/; classtype:trojan-activity;sid:84516608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653505/; classtype:trojan-activity;sid:84516605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653504/; classtype:trojan-activity;sid:84516604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653503)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653503/; classtype:trojan-activity;sid:84516603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653502/; classtype:trojan-activity;sid:84516602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653501)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653501/; classtype:trojan-activity;sid:84516601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653497/; classtype:trojan-activity;sid:84516597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653496)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653496/; classtype:trojan-activity;sid:84516596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653495/; classtype:trojan-activity;sid:84516595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653494/; classtype:trojan-activity;sid:84516594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653493)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653493/; classtype:trojan-activity;sid:84516593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653492/; classtype:trojan-activity;sid:84516592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653490)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653490/; classtype:trojan-activity;sid:84516590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653489/; classtype:trojan-activity;sid:84516589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653488)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653488/; classtype:trojan-activity;sid:84516588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653487/; classtype:trojan-activity;sid:84516587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653486)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653486/; classtype:trojan-activity;sid:84516586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653485/; classtype:trojan-activity;sid:84516585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653482/; classtype:trojan-activity;sid:84516582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653481)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653481/; classtype:trojan-activity;sid:84516581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653480)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653480/; classtype:trojan-activity;sid:84516580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653479/; classtype:trojan-activity;sid:84516579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653478)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653478/; classtype:trojan-activity;sid:84516578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653477)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653477/; classtype:trojan-activity;sid:84516577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653476)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250110-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653476/; classtype:trojan-activity;sid:84516576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653474)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653474/; classtype:trojan-activity;sid:84516574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653475)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653475/; classtype:trojan-activity;sid:84516575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653473/; classtype:trojan-activity;sid:84516573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653471)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653471/; classtype:trojan-activity;sid:84516571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653468)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653468/; classtype:trojan-activity;sid:84516568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653469)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653469/; classtype:trojan-activity;sid:84516569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653467)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653467/; classtype:trojan-activity;sid:84516567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653465/; classtype:trojan-activity;sid:84516565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653466/; classtype:trojan-activity;sid:84516566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653464/; classtype:trojan-activity;sid:84516564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653463)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653463/; classtype:trojan-activity;sid:84516563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653460)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653460/; classtype:trojan-activity;sid:84516560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653462)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653462/; classtype:trojan-activity;sid:84516562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653459)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653459/; classtype:trojan-activity;sid:84516559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653457)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653457/; classtype:trojan-activity;sid:84516557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653454)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653454/; classtype:trojan-activity;sid:84516554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653456)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241019-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653456/; classtype:trojan-activity;sid:84516556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653451)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653451/; classtype:trojan-activity;sid:84516551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653452)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653452/; classtype:trojan-activity;sid:84516552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653450)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653450/; classtype:trojan-activity;sid:84516550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653448)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653448/; classtype:trojan-activity;sid:84516548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653449)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653449/; classtype:trojan-activity;sid:84516549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653445)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653445/; classtype:trojan-activity;sid:84516545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653447)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653447/; classtype:trojan-activity;sid:84516547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653444)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653444/; classtype:trojan-activity;sid:84516544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653443)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653443/; classtype:trojan-activity;sid:84516543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653442)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653442/; classtype:trojan-activity;sid:84516542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653440/; classtype:trojan-activity;sid:84516540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653441)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653441/; classtype:trojan-activity;sid:84516541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653438)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653438/; classtype:trojan-activity;sid:84516538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653436)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653436/; classtype:trojan-activity;sid:84516536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653437)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653437/; classtype:trojan-activity;sid:84516537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653434)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653434/; classtype:trojan-activity;sid:84516534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653431)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653431/; classtype:trojan-activity;sid:84516531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653433)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653433/; classtype:trojan-activity;sid:84516533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653428)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653428/; classtype:trojan-activity;sid:84516528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653429)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653429/; classtype:trojan-activity;sid:84516529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653430)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653430/; classtype:trojan-activity;sid:84516530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653427/; classtype:trojan-activity;sid:84516527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653426)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653426/; classtype:trojan-activity;sid:84516526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653425)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653425/; classtype:trojan-activity;sid:84516525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653422)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653422/; classtype:trojan-activity;sid:84516522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653423)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653423/; classtype:trojan-activity;sid:84516523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653424)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653424/; classtype:trojan-activity;sid:84516524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653419)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653419/; classtype:trojan-activity;sid:84516519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653420)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653420/; classtype:trojan-activity;sid:84516520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653421)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653421/; classtype:trojan-activity;sid:84516521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653416)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250331-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653416/; classtype:trojan-activity;sid:84516516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653418)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653418/; classtype:trojan-activity;sid:84516518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653415)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653415/; classtype:trojan-activity;sid:84516515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653412)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653412/; classtype:trojan-activity;sid:84516512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653413)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653413/; classtype:trojan-activity;sid:84516513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653414)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241105-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653414/; classtype:trojan-activity;sid:84516514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653411)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653411/; classtype:trojan-activity;sid:84516511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653409)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653409/; classtype:trojan-activity;sid:84516509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653410)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653410/; classtype:trojan-activity;sid:84516510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653408/; classtype:trojan-activity;sid:84516508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653401)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/scd/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653401/; classtype:trojan-activity;sid:84516501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653403)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653403/; classtype:trojan-activity;sid:84516503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653404/; classtype:trojan-activity;sid:84516504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653406)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653406/; classtype:trojan-activity;sid:84516506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653400/; classtype:trojan-activity;sid:84516500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653397)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653397/; classtype:trojan-activity;sid:84516497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653394)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653394/; classtype:trojan-activity;sid:84516494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653395)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653395/; classtype:trojan-activity;sid:84516495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653396)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653396/; classtype:trojan-activity;sid:84516496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653392)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653392/; classtype:trojan-activity;sid:84516492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-25/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653391/; classtype:trojan-activity;sid:84516491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653384/; classtype:trojan-activity;sid:84516484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653385)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653385/; classtype:trojan-activity;sid:84516485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653386)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653386/; classtype:trojan-activity;sid:84516486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653388)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653388/; classtype:trojan-activity;sid:84516488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653382)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653382/; classtype:trojan-activity;sid:84516482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653383/; classtype:trojan-activity;sid:84516483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653380/; classtype:trojan-activity;sid:84516480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653381)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653381/; classtype:trojan-activity;sid:84516481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653377)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653377/; classtype:trojan-activity;sid:84516477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653378)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653378/; classtype:trojan-activity;sid:84516478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653379)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653379/; classtype:trojan-activity;sid:84516479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653374/; classtype:trojan-activity;sid:84516474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653376)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653376/; classtype:trojan-activity;sid:84516476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653372)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241230-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653372/; classtype:trojan-activity;sid:84516472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653370/; classtype:trojan-activity;sid:84516470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653367)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653367/; classtype:trojan-activity;sid:84516467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653368)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/ylcgd/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653368/; classtype:trojan-activity;sid:84516468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653369)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653369/; classtype:trojan-activity;sid:84516469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653366/; classtype:trojan-activity;sid:84516466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653365/; classtype:trojan-activity;sid:84516465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653363/; classtype:trojan-activity;sid:84516463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653364)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653364/; classtype:trojan-activity;sid:84516464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653358)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653358/; classtype:trojan-activity;sid:84516458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653359)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653359/; classtype:trojan-activity;sid:84516459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653360)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653360/; classtype:trojan-activity;sid:84516460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653361)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653361/; classtype:trojan-activity;sid:84516461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653362)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653362/; classtype:trojan-activity;sid:84516462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653357)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653357/; classtype:trojan-activity;sid:84516457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653355)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653355/; classtype:trojan-activity;sid:84516455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653356)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653356/; classtype:trojan-activity;sid:84516456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653353)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653353/; classtype:trojan-activity;sid:84516453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653352/; classtype:trojan-activity;sid:84516452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653350)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653350/; classtype:trojan-activity;sid:84516450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653349/; classtype:trojan-activity;sid:84516449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653344)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653344/; classtype:trojan-activity;sid:84516444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653345)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653345/; classtype:trojan-activity;sid:84516445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653346)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653346/; classtype:trojan-activity;sid:84516446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653347/; classtype:trojan-activity;sid:84516447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653343/; classtype:trojan-activity;sid:84516443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653336)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653336/; classtype:trojan-activity;sid:84516436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653337)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653337/; classtype:trojan-activity;sid:84516437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653338)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653338/; classtype:trojan-activity;sid:84516438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653340)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653340/; classtype:trojan-activity;sid:84516440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653341)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653341/; classtype:trojan-activity;sid:84516441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653334)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653334/; classtype:trojan-activity;sid:84516434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653335)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653335/; classtype:trojan-activity;sid:84516435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653333/; classtype:trojan-activity;sid:84516433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653328)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653328/; classtype:trojan-activity;sid:84516428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653329)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653329/; classtype:trojan-activity;sid:84516429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653330)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653330/; classtype:trojan-activity;sid:84516430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653331)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653331/; classtype:trojan-activity;sid:84516431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653332)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653332/; classtype:trojan-activity;sid:84516432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653327)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653327/; classtype:trojan-activity;sid:84516427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653326)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653326/; classtype:trojan-activity;sid:84516426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653325)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653325/; classtype:trojan-activity;sid:84516425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653324)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653324/; classtype:trojan-activity;sid:84516424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653321)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653321/; classtype:trojan-activity;sid:84516421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653322)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653322/; classtype:trojan-activity;sid:84516422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653323/; classtype:trojan-activity;sid:84516423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653320)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653320/; classtype:trojan-activity;sid:84516420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653319)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250617-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653319/; classtype:trojan-activity;sid:84516419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653317)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653317/; classtype:trojan-activity;sid:84516417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653318)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653318/; classtype:trojan-activity;sid:84516418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653316)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-114/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653316/; classtype:trojan-activity;sid:84516416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653315)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653315/; classtype:trojan-activity;sid:84516415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653308)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653308/; classtype:trojan-activity;sid:84516408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653309)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653309/; classtype:trojan-activity;sid:84516409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653306)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653306/; classtype:trojan-activity;sid:84516406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653307)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653307/; classtype:trojan-activity;sid:84516407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653304/; classtype:trojan-activity;sid:84516404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-09-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653302/; classtype:trojan-activity;sid:84516402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653301/; classtype:trojan-activity;sid:84516401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653295)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653295/; classtype:trojan-activity;sid:84516395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653297/; classtype:trojan-activity;sid:84516397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653298)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653298/; classtype:trojan-activity;sid:84516398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653299)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653299/; classtype:trojan-activity;sid:84516399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653293/; classtype:trojan-activity;sid:84516393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653294)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653294/; classtype:trojan-activity;sid:84516394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653292)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653292/; classtype:trojan-activity;sid:84516392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653291)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230904-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653291/; classtype:trojan-activity;sid:84516391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653290/; classtype:trojan-activity;sid:84516390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653289/; classtype:trojan-activity;sid:84516389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653287)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653287/; classtype:trojan-activity;sid:84516387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653288/; classtype:trojan-activity;sid:84516388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653283)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653283/; classtype:trojan-activity;sid:84516383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653284)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653284/; classtype:trojan-activity;sid:84516384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653285)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653285/; classtype:trojan-activity;sid:84516385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653286)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653286/; classtype:trojan-activity;sid:84516386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653281/; classtype:trojan-activity;sid:84516381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653282)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653282/; classtype:trojan-activity;sid:84516382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653280)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653280/; classtype:trojan-activity;sid:84516380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653278/; classtype:trojan-activity;sid:84516378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653273)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653273/; classtype:trojan-activity;sid:84516373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653275)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653275/; classtype:trojan-activity;sid:84516375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653276)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250628-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653276/; classtype:trojan-activity;sid:84516376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240914-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653277/; classtype:trojan-activity;sid:84516377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653271/; classtype:trojan-activity;sid:84516371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653269)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653269/; classtype:trojan-activity;sid:84516369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653270)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653270/; classtype:trojan-activity;sid:84516370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653268)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653268/; classtype:trojan-activity;sid:84516368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653265)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653265/; classtype:trojan-activity;sid:84516365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653266)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653266/; classtype:trojan-activity;sid:84516366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653264/; classtype:trojan-activity;sid:84516364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653262)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653262/; classtype:trojan-activity;sid:84516362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653263)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-088/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653263/; classtype:trojan-activity;sid:84516363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653261)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653261/; classtype:trojan-activity;sid:84516361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653259)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653259/; classtype:trojan-activity;sid:84516359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653258)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653258/; classtype:trojan-activity;sid:84516358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653256)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653256/; classtype:trojan-activity;sid:84516356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653255)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653255/; classtype:trojan-activity;sid:84516355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653253)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653253/; classtype:trojan-activity;sid:84516353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653254)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/ia64/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653254/; classtype:trojan-activity;sid:84516354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653252)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653252/; classtype:trojan-activity;sid:84516352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653251)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653251/; classtype:trojan-activity;sid:84516351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653247)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653247/; classtype:trojan-activity;sid:84516347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653248/; classtype:trojan-activity;sid:84516348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653250/; classtype:trojan-activity;sid:84516350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-23/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653244/; classtype:trojan-activity;sid:84516344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653245)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250610-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653245/; classtype:trojan-activity;sid:84516345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653246)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653246/; classtype:trojan-activity;sid:84516346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653242)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653242/; classtype:trojan-activity;sid:84516342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653243/; classtype:trojan-activity;sid:84516343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653241)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240913-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653241/; classtype:trojan-activity;sid:84516341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653240)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653240/; classtype:trojan-activity;sid:84516340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653239)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653239/; classtype:trojan-activity;sid:84516339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653238/; classtype:trojan-activity;sid:84516338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653235)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653235/; classtype:trojan-activity;sid:84516335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653236)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653236/; classtype:trojan-activity;sid:84516336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653237)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653237/; classtype:trojan-activity;sid:84516337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653232)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653232/; classtype:trojan-activity;sid:84516332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653233)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653233/; classtype:trojan-activity;sid:84516333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653234/; classtype:trojan-activity;sid:84516334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653230)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653230/; classtype:trojan-activity;sid:84516330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653231)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653231/; classtype:trojan-activity;sid:84516331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653229)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653229/; classtype:trojan-activity;sid:84516329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653226/; classtype:trojan-activity;sid:84516326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653227)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653227/; classtype:trojan-activity;sid:84516327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653225)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241031-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653225/; classtype:trojan-activity;sid:84516325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653219)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653219/; classtype:trojan-activity;sid:84516319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653220/; classtype:trojan-activity;sid:84516320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653222)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653222/; classtype:trojan-activity;sid:84516322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653216)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653216/; classtype:trojan-activity;sid:84516316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653217)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653217/; classtype:trojan-activity;sid:84516317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653214)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653214/; classtype:trojan-activity;sid:84516314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653212)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653212/; classtype:trojan-activity;sid:84516312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653213)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653213/; classtype:trojan-activity;sid:84516313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653210)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653210/; classtype:trojan-activity;sid:84516310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653211)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653211/; classtype:trojan-activity;sid:84516311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653208/; classtype:trojan-activity;sid:84516308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653209)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653209/; classtype:trojan-activity;sid:84516309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653205/; classtype:trojan-activity;sid:84516305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653204/; classtype:trojan-activity;sid:84516304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653203)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653203/; classtype:trojan-activity;sid:84516303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653199)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653199/; classtype:trojan-activity;sid:84516299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653201)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653201/; classtype:trojan-activity;sid:84516301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653202)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653202/; classtype:trojan-activity;sid:84516302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653198)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653198/; classtype:trojan-activity;sid:84516298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653195)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653195/; classtype:trojan-activity;sid:84516295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653194)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653194/; classtype:trojan-activity;sid:84516294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653191)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653191/; classtype:trojan-activity;sid:84516291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653189)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653189/; classtype:trojan-activity;sid:84516289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653187)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653187/; classtype:trojan-activity;sid:84516287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653188)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653188/; classtype:trojan-activity;sid:84516288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653182)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653182/; classtype:trojan-activity;sid:84516282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653183/; classtype:trojan-activity;sid:84516283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653184/; classtype:trojan-activity;sid:84516284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653185)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653185/; classtype:trojan-activity;sid:84516285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653186)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653186/; classtype:trojan-activity;sid:84516286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653180)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653180/; classtype:trojan-activity;sid:84516280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653181)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653181/; classtype:trojan-activity;sid:84516281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653179/; classtype:trojan-activity;sid:84516279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653178/; classtype:trojan-activity;sid:84516278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653176/; classtype:trojan-activity;sid:84516276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653177/; classtype:trojan-activity;sid:84516277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653174)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250513-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653174/; classtype:trojan-activity;sid:84516274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653175)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653175/; classtype:trojan-activity;sid:84516275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653173/; classtype:trojan-activity;sid:84516273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653169/; classtype:trojan-activity;sid:84516269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653171/; classtype:trojan-activity;sid:84516271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653172/; classtype:trojan-activity;sid:84516272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653162)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653162/; classtype:trojan-activity;sid:84516262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653163/; classtype:trojan-activity;sid:84516263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653164)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653164/; classtype:trojan-activity;sid:84516264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653165/; classtype:trojan-activity;sid:84516265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653166/; classtype:trojan-activity;sid:84516266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653159/; classtype:trojan-activity;sid:84516259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653160/; classtype:trojan-activity;sid:84516260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653161/; classtype:trojan-activity;sid:84516261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653156/; classtype:trojan-activity;sid:84516256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653157)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653157/; classtype:trojan-activity;sid:84516257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653158)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653158/; classtype:trojan-activity;sid:84516258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653154/; classtype:trojan-activity;sid:84516254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653155/; classtype:trojan-activity;sid:84516255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653153/; classtype:trojan-activity;sid:84516253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653152/; classtype:trojan-activity;sid:84516252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653151/; classtype:trojan-activity;sid:84516251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653150)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653150/; classtype:trojan-activity;sid:84516250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653149/; classtype:trojan-activity;sid:84516249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653147)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653147/; classtype:trojan-activity;sid:84516247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653148/; classtype:trojan-activity;sid:84516248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653145)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653145/; classtype:trojan-activity;sid:84516245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653144)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653144/; classtype:trojan-activity;sid:84516244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653143/; classtype:trojan-activity;sid:84516243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653141)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240827-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653141/; classtype:trojan-activity;sid:84516241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653142)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653142/; classtype:trojan-activity;sid:84516242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653140/; classtype:trojan-activity;sid:84516240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653138)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x86/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653138/; classtype:trojan-activity;sid:84516238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653139)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653139/; classtype:trojan-activity;sid:84516239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653137/; classtype:trojan-activity;sid:84516237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653135)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653135/; classtype:trojan-activity;sid:84516235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653136/; classtype:trojan-activity;sid:84516236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653134)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653134/; classtype:trojan-activity;sid:84516234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653133)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653133/; classtype:trojan-activity;sid:84516233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653132/; classtype:trojan-activity;sid:84516232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653129)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653129/; classtype:trojan-activity;sid:84516229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653128)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sbillno/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653128/; classtype:trojan-activity;sid:84516228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653122)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653122/; classtype:trojan-activity;sid:84516222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653123)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241024-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653123/; classtype:trojan-activity;sid:84516223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653124)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653124/; classtype:trojan-activity;sid:84516224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653125)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653125/; classtype:trojan-activity;sid:84516225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653121/; classtype:trojan-activity;sid:84516221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653119)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653119/; classtype:trojan-activity;sid:84516219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653120)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653120/; classtype:trojan-activity;sid:84516220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653114/; classtype:trojan-activity;sid:84516214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653115)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653115/; classtype:trojan-activity;sid:84516215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653116)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653116/; classtype:trojan-activity;sid:84516216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653117)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/zh-chs/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653117/; classtype:trojan-activity;sid:84516217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653112)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653112/; classtype:trojan-activity;sid:84516212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653113/; classtype:trojan-activity;sid:84516213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/2052/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653109/; classtype:trojan-activity;sid:84516209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653111/; classtype:trojan-activity;sid:84516211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653107/; classtype:trojan-activity;sid:84516207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653108)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250702-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653108/; classtype:trojan-activity;sid:84516208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653105)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653105/; classtype:trojan-activity;sid:84516205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653102)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/1033/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653102/; classtype:trojan-activity;sid:84516202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653103)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653103/; classtype:trojan-activity;sid:84516203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653101)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653101/; classtype:trojan-activity;sid:84516201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653100/; classtype:trojan-activity;sid:84516200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653099)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653099/; classtype:trojan-activity;sid:84516199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653097/; classtype:trojan-activity;sid:84516197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653098)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653098/; classtype:trojan-activity;sid:84516198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653095)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653095/; classtype:trojan-activity;sid:84516195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653096)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653096/; classtype:trojan-activity;sid:84516196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653094/; classtype:trojan-activity;sid:84516194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653092)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231008-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653092/; classtype:trojan-activity;sid:84516192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653090)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653090/; classtype:trojan-activity;sid:84516190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653088)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653088/; classtype:trojan-activity;sid:84516188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653089)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653089/; classtype:trojan-activity;sid:84516189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653085)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250626-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653085/; classtype:trojan-activity;sid:84516185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653086)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653086/; classtype:trojan-activity;sid:84516186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653082)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653082/; classtype:trojan-activity;sid:84516182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653081/; classtype:trojan-activity;sid:84516181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653080)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230712-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653080/; classtype:trojan-activity;sid:84516180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653078)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653078/; classtype:trojan-activity;sid:84516178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653077)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653077/; classtype:trojan-activity;sid:84516177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653074/; classtype:trojan-activity;sid:84516174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653073/; classtype:trojan-activity;sid:84516173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653071)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653071/; classtype:trojan-activity;sid:84516171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653072/; classtype:trojan-activity;sid:84516172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653070)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653070/; classtype:trojan-activity;sid:84516170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653069/; classtype:trojan-activity;sid:84516169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653067)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653067/; classtype:trojan-activity;sid:84516167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653068/; classtype:trojan-activity;sid:84516168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653066/; classtype:trojan-activity;sid:84516166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653064)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653064/; classtype:trojan-activity;sid:84516164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653060/; classtype:trojan-activity;sid:84516160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653061)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653061/; classtype:trojan-activity;sid:84516161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653062)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653062/; classtype:trojan-activity;sid:84516162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653063)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653063/; classtype:trojan-activity;sid:84516163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653057/; classtype:trojan-activity;sid:84516157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653056/; classtype:trojan-activity;sid:84516156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653054/; classtype:trojan-activity;sid:84516154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653050)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653050/; classtype:trojan-activity;sid:84516150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653051/; classtype:trojan-activity;sid:84516151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653047/; classtype:trojan-activity;sid:84516147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653048)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653048/; classtype:trojan-activity;sid:84516148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-05-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653049/; classtype:trojan-activity;sid:84516149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653046/; classtype:trojan-activity;sid:84516146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653045/; classtype:trojan-activity;sid:84516145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653044/; classtype:trojan-activity;sid:84516144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653043/; classtype:trojan-activity;sid:84516143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653041/; classtype:trojan-activity;sid:84516141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653042/; classtype:trojan-activity;sid:84516142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653036)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653036/; classtype:trojan-activity;sid:84516136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653037/; classtype:trojan-activity;sid:84516137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653038/; classtype:trojan-activity;sid:84516138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653033/; classtype:trojan-activity;sid:84516133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653034)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653034/; classtype:trojan-activity;sid:84516134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653035)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653035/; classtype:trojan-activity;sid:84516135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653032/; classtype:trojan-activity;sid:84516132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653027)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-165/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653027/; classtype:trojan-activity;sid:84516127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653028)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653028/; classtype:trojan-activity;sid:84516128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653029/; classtype:trojan-activity;sid:84516129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653025/; classtype:trojan-activity;sid:84516125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653026)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653026/; classtype:trojan-activity;sid:84516126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653024/; classtype:trojan-activity;sid:84516124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653016/; classtype:trojan-activity;sid:84516116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653018/; classtype:trojan-activity;sid:84516118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653019/; classtype:trojan-activity;sid:84516119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653020)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653020/; classtype:trojan-activity;sid:84516120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653021/; classtype:trojan-activity;sid:84516121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653013/; classtype:trojan-activity;sid:84516113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653014)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653014/; classtype:trojan-activity;sid:84516114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653015)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653015/; classtype:trojan-activity;sid:84516115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-02-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653011/; classtype:trojan-activity;sid:84516111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653012)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653012/; classtype:trojan-activity;sid:84516112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653009)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653009/; classtype:trojan-activity;sid:84516109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653010)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653010/; classtype:trojan-activity;sid:84516110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653007)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653007/; classtype:trojan-activity;sid:84516107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653006/; classtype:trojan-activity;sid:84516106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652999/; classtype:trojan-activity;sid:84516099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653000)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653000/; classtype:trojan-activity;sid:84516100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653001)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653001/; classtype:trojan-activity;sid:84516101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653002)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653002/; classtype:trojan-activity;sid:84516102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653003)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653003/; classtype:trojan-activity;sid:84516103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653004/; classtype:trojan-activity;sid:84516104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653005)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653005/; classtype:trojan-activity;sid:84516105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652998/; classtype:trojan-activity;sid:84516098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-12-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652997/; classtype:trojan-activity;sid:84516097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652996)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652996/; classtype:trojan-activity;sid:84516096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652995)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652995/; classtype:trojan-activity;sid:84516095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652992)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652992/; classtype:trojan-activity;sid:84516092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652993/; classtype:trojan-activity;sid:84516093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652994/; classtype:trojan-activity;sid:84516094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652990/; classtype:trojan-activity;sid:84516090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652991/; classtype:trojan-activity;sid:84516091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652988/; classtype:trojan-activity;sid:84516088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652985/; classtype:trojan-activity;sid:84516085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652986/; classtype:trojan-activity;sid:84516086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652987)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652987/; classtype:trojan-activity;sid:84516087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652978)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652978/; classtype:trojan-activity;sid:84516078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652979)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652979/; classtype:trojan-activity;sid:84516079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652980/; classtype:trojan-activity;sid:84516080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652982)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652982/; classtype:trojan-activity;sid:84516082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652983/; classtype:trojan-activity;sid:84516083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652976/; classtype:trojan-activity;sid:84516076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652977/; classtype:trojan-activity;sid:84516077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652975/; classtype:trojan-activity;sid:84516075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652970/; classtype:trojan-activity;sid:84516070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652971)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652971/; classtype:trojan-activity;sid:84516071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652972)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652972/; classtype:trojan-activity;sid:84516072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652968)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/powerpoint.pt-br/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652968/; classtype:trojan-activity;sid:84516068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652969)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652969/; classtype:trojan-activity;sid:84516069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652963)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652963/; classtype:trojan-activity;sid:84516063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652964)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652964/; classtype:trojan-activity;sid:84516064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652966)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241106-151/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652966/; classtype:trojan-activity;sid:84516066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652962/; classtype:trojan-activity;sid:84516062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652961)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652961/; classtype:trojan-activity;sid:84516061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652960/; classtype:trojan-activity;sid:84516060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652958)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652958/; classtype:trojan-activity;sid:84516058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652955)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652955/; classtype:trojan-activity;sid:84516055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652956)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652956/; classtype:trojan-activity;sid:84516056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652957)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652957/; classtype:trojan-activity;sid:84516057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652954/; classtype:trojan-activity;sid:84516054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652950)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652950/; classtype:trojan-activity;sid:84516050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652951/; classtype:trojan-activity;sid:84516051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652952)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652952/; classtype:trojan-activity;sid:84516052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652953/; classtype:trojan-activity;sid:84516053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652948/; classtype:trojan-activity;sid:84516048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652947)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652947/; classtype:trojan-activity;sid:84516047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652944/; classtype:trojan-activity;sid:84516044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652945)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652945/; classtype:trojan-activity;sid:84516045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652940/; classtype:trojan-activity;sid:84516040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652941)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652941/; classtype:trojan-activity;sid:84516041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652939/; classtype:trojan-activity;sid:84516039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652936)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652936/; classtype:trojan-activity;sid:84516036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652937)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652937/; classtype:trojan-activity;sid:84516037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652934/; classtype:trojan-activity;sid:84516034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652932/; classtype:trojan-activity;sid:84516032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652933/; classtype:trojan-activity;sid:84516033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652928)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241016-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652928/; classtype:trojan-activity;sid:84516028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652930)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652930/; classtype:trojan-activity;sid:84516030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652931)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652931/; classtype:trojan-activity;sid:84516031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652927)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652927/; classtype:trojan-activity;sid:84516027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652926/; classtype:trojan-activity;sid:84516026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652925)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652925/; classtype:trojan-activity;sid:84516025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652922)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652922/; classtype:trojan-activity;sid:84516022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652923/; classtype:trojan-activity;sid:84516023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652924)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652924/; classtype:trojan-activity;sid:84516024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652921/; classtype:trojan-activity;sid:84516021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652919/; classtype:trojan-activity;sid:84516019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652920/; classtype:trojan-activity;sid:84516020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652915)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652915/; classtype:trojan-activity;sid:84516015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652916)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652916/; classtype:trojan-activity;sid:84516016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652918)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652918/; classtype:trojan-activity;sid:84516018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652914)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652914/; classtype:trojan-activity;sid:84516014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652913)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652913/; classtype:trojan-activity;sid:84516013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652911)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652911/; classtype:trojan-activity;sid:84516011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652906)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652906/; classtype:trojan-activity;sid:84516006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652908/; classtype:trojan-activity;sid:84516008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652909)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652909/; classtype:trojan-activity;sid:84516009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652910)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652910/; classtype:trojan-activity;sid:84516010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652905/; classtype:trojan-activity;sid:84516005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652902)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652902/; classtype:trojan-activity;sid:84516002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652903)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652903/; classtype:trojan-activity;sid:84516003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652901)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652901/; classtype:trojan-activity;sid:84516001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652898)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652898/; classtype:trojan-activity;sid:84515998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652899)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652899/; classtype:trojan-activity;sid:84515999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652900)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652900/; classtype:trojan-activity;sid:84516000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652897)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652897/; classtype:trojan-activity;sid:84515997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652892)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652892/; classtype:trojan-activity;sid:84515992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652893)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652893/; classtype:trojan-activity;sid:84515993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652894)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241128-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652894/; classtype:trojan-activity;sid:84515994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652895/; classtype:trojan-activity;sid:84515995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652889)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240625-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652889/; classtype:trojan-activity;sid:84515989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652890)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652890/; classtype:trojan-activity;sid:84515990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652887/; classtype:trojan-activity;sid:84515987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652888)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652888/; classtype:trojan-activity;sid:84515988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652886)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652886/; classtype:trojan-activity;sid:84515986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652885)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652885/; classtype:trojan-activity;sid:84515985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652883)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652883/; classtype:trojan-activity;sid:84515983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652884)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652884/; classtype:trojan-activity;sid:84515984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652878)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652878/; classtype:trojan-activity;sid:84515978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652879)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652879/; classtype:trojan-activity;sid:84515979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652880)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652880/; classtype:trojan-activity;sid:84515980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652881)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652881/; classtype:trojan-activity;sid:84515981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652882)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652882/; classtype:trojan-activity;sid:84515982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652875)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652875/; classtype:trojan-activity;sid:84515975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652876)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652876/; classtype:trojan-activity;sid:84515976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652877)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652877/; classtype:trojan-activity;sid:84515977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652873)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652873/; classtype:trojan-activity;sid:84515973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652871/; classtype:trojan-activity;sid:84515971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652872/; classtype:trojan-activity;sid:84515972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652869/; classtype:trojan-activity;sid:84515969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652870)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652870/; classtype:trojan-activity;sid:84515970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652868)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652868/; classtype:trojan-activity;sid:84515968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652865/; classtype:trojan-activity;sid:84515965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652866)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652866/; classtype:trojan-activity;sid:84515966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652862)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652862/; classtype:trojan-activity;sid:84515962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652861)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652861/; classtype:trojan-activity;sid:84515961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652860)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652860/; classtype:trojan-activity;sid:84515960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652855/; classtype:trojan-activity;sid:84515955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652856)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250604-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652856/; classtype:trojan-activity;sid:84515956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652846/; classtype:trojan-activity;sid:84515946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652847)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652847/; classtype:trojan-activity;sid:84515947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652848)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652848/; classtype:trojan-activity;sid:84515948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652850)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652850/; classtype:trojan-activity;sid:84515950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652851/; classtype:trojan-activity;sid:84515951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652853)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652853/; classtype:trojan-activity;sid:84515953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652844/; classtype:trojan-activity;sid:84515944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652845)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652845/; classtype:trojan-activity;sid:84515945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652841)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652841/; classtype:trojan-activity;sid:84515941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652843/; classtype:trojan-activity;sid:84515943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652840)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652840/; classtype:trojan-activity;sid:84515940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652832)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652832/; classtype:trojan-activity;sid:84515932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652833)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/1033/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652833/; classtype:trojan-activity;sid:84515933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652835)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652835/; classtype:trojan-activity;sid:84515935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652836)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652836/; classtype:trojan-activity;sid:84515936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652837/; classtype:trojan-activity;sid:84515937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652829)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652829/; classtype:trojan-activity;sid:84515929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-126/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652830/; classtype:trojan-activity;sid:84515930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652831)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652831/; classtype:trojan-activity;sid:84515931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652824)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652824/; classtype:trojan-activity;sid:84515924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652825)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652825/; classtype:trojan-activity;sid:84515925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652826)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250726-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652826/; classtype:trojan-activity;sid:84515926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652828)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652828/; classtype:trojan-activity;sid:84515928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652823)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652823/; classtype:trojan-activity;sid:84515923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652821/; classtype:trojan-activity;sid:84515921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652819)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652819/; classtype:trojan-activity;sid:84515919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652815)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652815/; classtype:trojan-activity;sid:84515915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652816)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652816/; classtype:trojan-activity;sid:84515916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652812)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652812/; classtype:trojan-activity;sid:84515912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652813)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652813/; classtype:trojan-activity;sid:84515913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652811)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652811/; classtype:trojan-activity;sid:84515911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652807)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652807/; classtype:trojan-activity;sid:84515907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652808)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652808/; classtype:trojan-activity;sid:84515908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241112-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652809/; classtype:trojan-activity;sid:84515909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652802)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652802/; classtype:trojan-activity;sid:84515902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652803/; classtype:trojan-activity;sid:84515903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250408-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652804/; classtype:trojan-activity;sid:84515904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652805/; classtype:trojan-activity;sid:84515905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652801)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652801/; classtype:trojan-activity;sid:84515901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652798)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652798/; classtype:trojan-activity;sid:84515898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652797)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652797/; classtype:trojan-activity;sid:84515897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652796/; classtype:trojan-activity;sid:84515896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652794/; classtype:trojan-activity;sid:84515894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652790)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652790/; classtype:trojan-activity;sid:84515890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652791)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652791/; classtype:trojan-activity;sid:84515891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652792/; classtype:trojan-activity;sid:84515892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652793)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652793/; classtype:trojan-activity;sid:84515893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652788/; classtype:trojan-activity;sid:84515888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652789/; classtype:trojan-activity;sid:84515889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652786)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652786/; classtype:trojan-activity;sid:84515886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250516-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652787/; classtype:trojan-activity;sid:84515887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652783)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652783/; classtype:trojan-activity;sid:84515883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652784)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652784/; classtype:trojan-activity;sid:84515884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652780)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652780/; classtype:trojan-activity;sid:84515880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652778)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652778/; classtype:trojan-activity;sid:84515878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652779)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652779/; classtype:trojan-activity;sid:84515879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652777/; classtype:trojan-activity;sid:84515877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652776/; classtype:trojan-activity;sid:84515876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652772/; classtype:trojan-activity;sid:84515872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652773)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652773/; classtype:trojan-activity;sid:84515873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652774)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652774/; classtype:trojan-activity;sid:84515874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652775)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652775/; classtype:trojan-activity;sid:84515875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652771)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/ia64/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652771/; classtype:trojan-activity;sid:84515871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652767/; classtype:trojan-activity;sid:84515867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652768)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652768/; classtype:trojan-activity;sid:84515868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652766)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652766/; classtype:trojan-activity;sid:84515866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652765)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652765/; classtype:trojan-activity;sid:84515865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652763)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652763/; classtype:trojan-activity;sid:84515863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652751)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240919-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652751/; classtype:trojan-activity;sid:84515851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652752)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652752/; classtype:trojan-activity;sid:84515852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652753/; classtype:trojan-activity;sid:84515853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652754)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652754/; classtype:trojan-activity;sid:84515854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652756)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652756/; classtype:trojan-activity;sid:84515856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652757)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652757/; classtype:trojan-activity;sid:84515857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652758)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652758/; classtype:trojan-activity;sid:84515858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652759)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652759/; classtype:trojan-activity;sid:84515859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652760)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652760/; classtype:trojan-activity;sid:84515860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652750)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240608-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652750/; classtype:trojan-activity;sid:84515850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652749)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652749/; classtype:trojan-activity;sid:84515849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652747)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652747/; classtype:trojan-activity;sid:84515847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652748)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652748/; classtype:trojan-activity;sid:84515848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652745)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652745/; classtype:trojan-activity;sid:84515845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652746/; classtype:trojan-activity;sid:84515846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652743/; classtype:trojan-activity;sid:84515843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652744)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652744/; classtype:trojan-activity;sid:84515844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652741)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652741/; classtype:trojan-activity;sid:84515841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652740/; classtype:trojan-activity;sid:84515840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652734)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652734/; classtype:trojan-activity;sid:84515834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652735/; classtype:trojan-activity;sid:84515835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652736/; classtype:trojan-activity;sid:84515836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652737)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652737/; classtype:trojan-activity;sid:84515837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652739)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652739/; classtype:trojan-activity;sid:84515839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652731)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652731/; classtype:trojan-activity;sid:84515831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652732/; classtype:trojan-activity;sid:84515832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652733)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652733/; classtype:trojan-activity;sid:84515833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652730)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652730/; classtype:trojan-activity;sid:84515830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652727)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652727/; classtype:trojan-activity;sid:84515827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652728/; classtype:trojan-activity;sid:84515828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652726)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652726/; classtype:trojan-activity;sid:84515826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652725/; classtype:trojan-activity;sid:84515825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652723/; classtype:trojan-activity;sid:84515823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652722)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652722/; classtype:trojan-activity;sid:84515822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652718/; classtype:trojan-activity;sid:84515818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652719/; classtype:trojan-activity;sid:84515819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652720/; classtype:trojan-activity;sid:84515820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652721/; classtype:trojan-activity;sid:84515821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652716/; classtype:trojan-activity;sid:84515816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652717/; classtype:trojan-activity;sid:84515817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652713)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652713/; classtype:trojan-activity;sid:84515813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652705/; classtype:trojan-activity;sid:84515805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652706/; classtype:trojan-activity;sid:84515806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652707/; classtype:trojan-activity;sid:84515807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652708)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652708/; classtype:trojan-activity;sid:84515808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652709/; classtype:trojan-activity;sid:84515809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652710)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652710/; classtype:trojan-activity;sid:84515810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652711)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652711/; classtype:trojan-activity;sid:84515811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652712)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652712/; classtype:trojan-activity;sid:84515812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652704)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652704/; classtype:trojan-activity;sid:84515804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652702/; classtype:trojan-activity;sid:84515802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652703)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652703/; classtype:trojan-activity;sid:84515803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652700/; classtype:trojan-activity;sid:84515800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652699)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652699/; classtype:trojan-activity;sid:84515799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652698)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652698/; classtype:trojan-activity;sid:84515798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652696/; classtype:trojan-activity;sid:84515796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652697/; classtype:trojan-activity;sid:84515797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652694)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652694/; classtype:trojan-activity;sid:84515794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652689)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652689/; classtype:trojan-activity;sid:84515789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652691)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652691/; classtype:trojan-activity;sid:84515791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652692/; classtype:trojan-activity;sid:84515792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652684)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652684/; classtype:trojan-activity;sid:84515784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652682)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652682/; classtype:trojan-activity;sid:84515782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652683/; classtype:trojan-activity;sid:84515783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652678)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652678/; classtype:trojan-activity;sid:84515778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652679)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652679/; classtype:trojan-activity;sid:84515779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652680)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652680/; classtype:trojan-activity;sid:84515780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652681)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652681/; classtype:trojan-activity;sid:84515781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652677)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652677/; classtype:trojan-activity;sid:84515777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652673)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652673/; classtype:trojan-activity;sid:84515773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652675/; classtype:trojan-activity;sid:84515775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652676)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652676/; classtype:trojan-activity;sid:84515776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652671/; classtype:trojan-activity;sid:84515771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652669)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652669/; classtype:trojan-activity;sid:84515769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652670)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240224-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652670/; classtype:trojan-activity;sid:84515770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652664/; classtype:trojan-activity;sid:84515764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652665/; classtype:trojan-activity;sid:84515765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652666)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652666/; classtype:trojan-activity;sid:84515766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652667)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652667/; classtype:trojan-activity;sid:84515767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652668)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652668/; classtype:trojan-activity;sid:84515768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652662)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652662/; classtype:trojan-activity;sid:84515762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652663)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652663/; classtype:trojan-activity;sid:84515763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652661/; classtype:trojan-activity;sid:84515761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652658)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652658/; classtype:trojan-activity;sid:84515758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652659)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240402-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652659/; classtype:trojan-activity;sid:84515759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652660)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652660/; classtype:trojan-activity;sid:84515760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652652)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250111-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652652/; classtype:trojan-activity;sid:84515752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652653)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652653/; classtype:trojan-activity;sid:84515753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652654)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652654/; classtype:trojan-activity;sid:84515754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652655)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652655/; classtype:trojan-activity;sid:84515755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652657/; classtype:trojan-activity;sid:84515757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652651)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652651/; classtype:trojan-activity;sid:84515751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652649)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652649/; classtype:trojan-activity;sid:84515749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652650)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652650/; classtype:trojan-activity;sid:84515750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652646)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652646/; classtype:trojan-activity;sid:84515746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652647)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652647/; classtype:trojan-activity;sid:84515747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652648/; classtype:trojan-activity;sid:84515748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652645/; classtype:trojan-activity;sid:84515745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652643)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652643/; classtype:trojan-activity;sid:84515743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652644)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652644/; classtype:trojan-activity;sid:84515744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652637/; classtype:trojan-activity;sid:84515737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652638)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652638/; classtype:trojan-activity;sid:84515738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652639)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652639/; classtype:trojan-activity;sid:84515739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-03-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652640/; classtype:trojan-activity;sid:84515740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652641/; classtype:trojan-activity;sid:84515741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652634)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652634/; classtype:trojan-activity;sid:84515734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652635)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652635/; classtype:trojan-activity;sid:84515735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652636/; classtype:trojan-activity;sid:84515736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652631/; classtype:trojan-activity;sid:84515731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652632)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652632/; classtype:trojan-activity;sid:84515732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652629/; classtype:trojan-activity;sid:84515729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652626/; classtype:trojan-activity;sid:84515726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652627)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652627/; classtype:trojan-activity;sid:84515727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652628)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652628/; classtype:trojan-activity;sid:84515728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652623)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652623/; classtype:trojan-activity;sid:84515723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652624)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652624/; classtype:trojan-activity;sid:84515724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652625)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652625/; classtype:trojan-activity;sid:84515725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652621/; classtype:trojan-activity;sid:84515721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652622)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652622/; classtype:trojan-activity;sid:84515722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652618/; classtype:trojan-activity;sid:84515718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652617/; classtype:trojan-activity;sid:84515717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652614)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652614/; classtype:trojan-activity;sid:84515714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652608)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652608/; classtype:trojan-activity;sid:84515708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652609)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652609/; classtype:trojan-activity;sid:84515709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652610/; classtype:trojan-activity;sid:84515710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652611)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652611/; classtype:trojan-activity;sid:84515711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652612)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652612/; classtype:trojan-activity;sid:84515712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652613)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652613/; classtype:trojan-activity;sid:84515713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652605)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652605/; classtype:trojan-activity;sid:84515705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652606)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652606/; classtype:trojan-activity;sid:84515706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652607)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652607/; classtype:trojan-activity;sid:84515707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652600)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652600/; classtype:trojan-activity;sid:84515700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652601)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652601/; classtype:trojan-activity;sid:84515701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652602)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652602/; classtype:trojan-activity;sid:84515702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652603/; classtype:trojan-activity;sid:84515703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652598)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240823-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652598/; classtype:trojan-activity;sid:84515698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652599)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652599/; classtype:trojan-activity;sid:84515699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652597)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652597/; classtype:trojan-activity;sid:84515697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652596)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652596/; classtype:trojan-activity;sid:84515696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652593/; classtype:trojan-activity;sid:84515693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652594)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652594/; classtype:trojan-activity;sid:84515694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652595)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652595/; classtype:trojan-activity;sid:84515695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652591/; classtype:trojan-activity;sid:84515691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652590)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652590/; classtype:trojan-activity;sid:84515690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652587)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652587/; classtype:trojan-activity;sid:84515687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652588)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652588/; classtype:trojan-activity;sid:84515688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652589)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652589/; classtype:trojan-activity;sid:84515689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652584)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652584/; classtype:trojan-activity;sid:84515684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652585)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652585/; classtype:trojan-activity;sid:84515685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652586)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652586/; classtype:trojan-activity;sid:84515686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652583)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652583/; classtype:trojan-activity;sid:84515683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652582)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652582/; classtype:trojan-activity;sid:84515682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652580)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652580/; classtype:trojan-activity;sid:84515680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652578/; classtype:trojan-activity;sid:84515678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652574/; classtype:trojan-activity;sid:84515674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652575)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652575/; classtype:trojan-activity;sid:84515675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652576)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652576/; classtype:trojan-activity;sid:84515676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652577)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652577/; classtype:trojan-activity;sid:84515677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652571)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652571/; classtype:trojan-activity;sid:84515671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652572)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652572/; classtype:trojan-activity;sid:84515672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652573/; classtype:trojan-activity;sid:84515673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652568)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652568/; classtype:trojan-activity;sid:84515668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652564/; classtype:trojan-activity;sid:84515664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652565)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652565/; classtype:trojan-activity;sid:84515665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652567)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652567/; classtype:trojan-activity;sid:84515667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652563)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652563/; classtype:trojan-activity;sid:84515663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652559/; classtype:trojan-activity;sid:84515659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652560)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230818-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652560/; classtype:trojan-activity;sid:84515660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652561)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652561/; classtype:trojan-activity;sid:84515661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652557)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652557/; classtype:trojan-activity;sid:84515657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652558/; classtype:trojan-activity;sid:84515658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652554)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/images/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652554/; classtype:trojan-activity;sid:84515654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652555)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652555/; classtype:trojan-activity;sid:84515655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652552)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652552/; classtype:trojan-activity;sid:84515652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652553)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652553/; classtype:trojan-activity;sid:84515653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652549)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652549/; classtype:trojan-activity;sid:84515649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652550)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652550/; classtype:trojan-activity;sid:84515650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652551)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652551/; classtype:trojan-activity;sid:84515651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652547/; classtype:trojan-activity;sid:84515647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652548)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652548/; classtype:trojan-activity;sid:84515648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240907-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652542/; classtype:trojan-activity;sid:84515642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652543/; classtype:trojan-activity;sid:84515643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652544)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652544/; classtype:trojan-activity;sid:84515644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250621-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652545/; classtype:trojan-activity;sid:84515645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652546)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/upgrade%20advisor/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652546/; classtype:trojan-activity;sid:84515646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652539)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652539/; classtype:trojan-activity;sid:84515639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250212-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652540/; classtype:trojan-activity;sid:84515640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652536)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652536/; classtype:trojan-activity;sid:84515636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652537)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652537/; classtype:trojan-activity;sid:84515637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652538/; classtype:trojan-activity;sid:84515638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652532)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652532/; classtype:trojan-activity;sid:84515632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652533/; classtype:trojan-activity;sid:84515633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652534)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652534/; classtype:trojan-activity;sid:84515634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652530)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652530/; classtype:trojan-activity;sid:84515630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652528)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652528/; classtype:trojan-activity;sid:84515628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652525/; classtype:trojan-activity;sid:84515625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652526)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652526/; classtype:trojan-activity;sid:84515626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652521)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652521/; classtype:trojan-activity;sid:84515621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652522/; classtype:trojan-activity;sid:84515622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652523/; classtype:trojan-activity;sid:84515623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652518)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652518/; classtype:trojan-activity;sid:84515618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652519)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652519/; classtype:trojan-activity;sid:84515619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652520)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652520/; classtype:trojan-activity;sid:84515620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652514)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652514/; classtype:trojan-activity;sid:84515614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652515)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652515/; classtype:trojan-activity;sid:84515615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652516)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652516/; classtype:trojan-activity;sid:84515616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652517/; classtype:trojan-activity;sid:84515617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652509/; classtype:trojan-activity;sid:84515609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652510)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652510/; classtype:trojan-activity;sid:84515610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652511)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652511/; classtype:trojan-activity;sid:84515611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652512)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652512/; classtype:trojan-activity;sid:84515612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652513)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652513/; classtype:trojan-activity;sid:84515613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652503)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652503/; classtype:trojan-activity;sid:84515603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652504/; classtype:trojan-activity;sid:84515604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652506)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652506/; classtype:trojan-activity;sid:84515606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652507)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652507/; classtype:trojan-activity;sid:84515607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652501)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652501/; classtype:trojan-activity;sid:84515601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652502)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250403-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652502/; classtype:trojan-activity;sid:84515602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652496/; classtype:trojan-activity;sid:84515596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652497)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652497/; classtype:trojan-activity;sid:84515597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652498)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240718-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652498/; classtype:trojan-activity;sid:84515598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652499)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652499/; classtype:trojan-activity;sid:84515599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652494)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652494/; classtype:trojan-activity;sid:84515594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652495)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652495/; classtype:trojan-activity;sid:84515595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652485/; classtype:trojan-activity;sid:84515585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652483/; classtype:trojan-activity;sid:84515583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652482/; classtype:trojan-activity;sid:84515582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652481/; classtype:trojan-activity;sid:84515581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652480/; classtype:trojan-activity;sid:84515580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652478/; classtype:trojan-activity;sid:84515578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652479)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652479/; classtype:trojan-activity;sid:84515579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652476/; classtype:trojan-activity;sid:84515576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652477)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230526-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652477/; classtype:trojan-activity;sid:84515577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652474/; classtype:trojan-activity;sid:84515574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652475/; classtype:trojan-activity;sid:84515575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652473/; classtype:trojan-activity;sid:84515573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652471/; classtype:trojan-activity;sid:84515571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652470/; classtype:trojan-activity;sid:84515570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652467/; classtype:trojan-activity;sid:84515567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652468/; classtype:trojan-activity;sid:84515568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652469/; classtype:trojan-activity;sid:84515569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652466)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652466/; classtype:trojan-activity;sid:84515566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-04-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652465/; classtype:trojan-activity;sid:84515565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652463/; classtype:trojan-activity;sid:84515563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652462/; classtype:trojan-activity;sid:84515562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652461/; classtype:trojan-activity;sid:84515561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652460/; classtype:trojan-activity;sid:84515560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652458/; classtype:trojan-activity;sid:84515558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652459/; classtype:trojan-activity;sid:84515559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652457/; classtype:trojan-activity;sid:84515557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652456/; classtype:trojan-activity;sid:84515556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652455/; classtype:trojan-activity;sid:84515555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-03-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652454/; classtype:trojan-activity;sid:84515554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652453/; classtype:trojan-activity;sid:84515553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652451/; classtype:trojan-activity;sid:84515551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652452/; classtype:trojan-activity;sid:84515552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652450)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221015-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652450/; classtype:trojan-activity;sid:84515550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652449/; classtype:trojan-activity;sid:84515549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652445/; classtype:trojan-activity;sid:84515545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652446/; classtype:trojan-activity;sid:84515546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652447/; classtype:trojan-activity;sid:84515547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652442/; classtype:trojan-activity;sid:84515542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652443)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240326-093/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652443/; classtype:trojan-activity;sid:84515543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652444/; classtype:trojan-activity;sid:84515544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652440)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652440/; classtype:trojan-activity;sid:84515540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652441/; classtype:trojan-activity;sid:84515541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652439/; classtype:trojan-activity;sid:84515539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652437/; classtype:trojan-activity;sid:84515537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652438/; classtype:trojan-activity;sid:84515538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652436/; classtype:trojan-activity;sid:84515536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652434/; classtype:trojan-activity;sid:84515534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652433/; classtype:trojan-activity;sid:84515533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652431/; classtype:trojan-activity;sid:84515531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652429/; classtype:trojan-activity;sid:84515529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652427/; classtype:trojan-activity;sid:84515527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652428/; classtype:trojan-activity;sid:84515528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652426/; classtype:trojan-activity;sid:84515526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652425/; classtype:trojan-activity;sid:84515525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652424/; classtype:trojan-activity;sid:84515524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652423/; classtype:trojan-activity;sid:84515523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652421/; classtype:trojan-activity;sid:84515521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652422/; classtype:trojan-activity;sid:84515522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652419/; classtype:trojan-activity;sid:84515519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652420/; classtype:trojan-activity;sid:84515520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652415/; classtype:trojan-activity;sid:84515515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652416/; classtype:trojan-activity;sid:84515516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652414/; classtype:trojan-activity;sid:84515514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652413/; classtype:trojan-activity;sid:84515513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652412/; classtype:trojan-activity;sid:84515512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652411/; classtype:trojan-activity;sid:84515511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652409)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652409/; classtype:trojan-activity;sid:84515509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652410)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-098/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652410/; classtype:trojan-activity;sid:84515510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652408/; classtype:trojan-activity;sid:84515508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652404/; classtype:trojan-activity;sid:84515504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652405)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240912-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652405/; classtype:trojan-activity;sid:84515505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652406)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652406/; classtype:trojan-activity;sid:84515506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652407/; classtype:trojan-activity;sid:84515507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652402/; classtype:trojan-activity;sid:84515502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652403/; classtype:trojan-activity;sid:84515503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652401/; classtype:trojan-activity;sid:84515501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652399/; classtype:trojan-activity;sid:84515499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652400/; classtype:trojan-activity;sid:84515500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652397/; classtype:trojan-activity;sid:84515497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652398/; classtype:trojan-activity;sid:84515498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652395/; classtype:trojan-activity;sid:84515495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652396/; classtype:trojan-activity;sid:84515496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652394)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/otherup/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652394/; classtype:trojan-activity;sid:84515494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652391/; classtype:trojan-activity;sid:84515491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652392/; classtype:trojan-activity;sid:84515492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652390/; classtype:trojan-activity;sid:84515490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652388)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652388/; classtype:trojan-activity;sid:84515488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652389/; classtype:trojan-activity;sid:84515489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652387/; classtype:trojan-activity;sid:84515487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-11-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652384/; classtype:trojan-activity;sid:84515484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652385)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652385/; classtype:trojan-activity;sid:84515485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652383/; classtype:trojan-activity;sid:84515483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652381/; classtype:trojan-activity;sid:84515481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652382/; classtype:trojan-activity;sid:84515482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652377/; classtype:trojan-activity;sid:84515477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652378/; classtype:trojan-activity;sid:84515478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652376/; classtype:trojan-activity;sid:84515476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652375/; classtype:trojan-activity;sid:84515475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652373/; classtype:trojan-activity;sid:84515473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652374/; classtype:trojan-activity;sid:84515474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652372/; classtype:trojan-activity;sid:84515472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652371/; classtype:trojan-activity;sid:84515471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652370/; classtype:trojan-activity;sid:84515470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652368/; classtype:trojan-activity;sid:84515468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652369/; classtype:trojan-activity;sid:84515469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652367/; classtype:trojan-activity;sid:84515467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652366/; classtype:trojan-activity;sid:84515466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652364/; classtype:trojan-activity;sid:84515464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652362)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221201-071/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652362/; classtype:trojan-activity;sid:84515462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652361)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652361/; classtype:trojan-activity;sid:84515461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652360/; classtype:trojan-activity;sid:84515460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652359/; classtype:trojan-activity;sid:84515459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652358/; classtype:trojan-activity;sid:84515458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652357/; classtype:trojan-activity;sid:84515457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652355)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652355/; classtype:trojan-activity;sid:84515455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652356/; classtype:trojan-activity;sid:84515456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652353/; classtype:trojan-activity;sid:84515453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652354/; classtype:trojan-activity;sid:84515454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652349/; classtype:trojan-activity;sid:84515449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652350)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240701-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652350/; classtype:trojan-activity;sid:84515450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652351/; classtype:trojan-activity;sid:84515451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652352/; classtype:trojan-activity;sid:84515452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652347/; classtype:trojan-activity;sid:84515447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652346/; classtype:trojan-activity;sid:84515446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652342/; classtype:trojan-activity;sid:84515442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652343/; classtype:trojan-activity;sid:84515443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652344/; classtype:trojan-activity;sid:84515444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652345/; classtype:trojan-activity;sid:84515445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652340/; classtype:trojan-activity;sid:84515440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652336/; classtype:trojan-activity;sid:84515436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652337/; classtype:trojan-activity;sid:84515437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652338/; classtype:trojan-activity;sid:84515438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652339/; classtype:trojan-activity;sid:84515439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652334)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230705-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652334/; classtype:trojan-activity;sid:84515434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652333/; classtype:trojan-activity;sid:84515433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652332)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/js/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652332/; classtype:trojan-activity;sid:84515432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652331/; classtype:trojan-activity;sid:84515431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652326/; classtype:trojan-activity;sid:84515426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652327/; classtype:trojan-activity;sid:84515427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652328/; classtype:trojan-activity;sid:84515428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652329/; classtype:trojan-activity;sid:84515429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652330/; classtype:trojan-activity;sid:84515430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652325/; classtype:trojan-activity;sid:84515425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-09-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652324/; classtype:trojan-activity;sid:84515424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652323/; classtype:trojan-activity;sid:84515423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652322/; classtype:trojan-activity;sid:84515422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652321/; classtype:trojan-activity;sid:84515421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652318/; classtype:trojan-activity;sid:84515418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652319/; classtype:trojan-activity;sid:84515419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652317/; classtype:trojan-activity;sid:84515417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652316/; classtype:trojan-activity;sid:84515416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652315)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652315/; classtype:trojan-activity;sid:84515415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652312/; classtype:trojan-activity;sid:84515412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652313/; classtype:trojan-activity;sid:84515413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652311)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230403-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652311/; classtype:trojan-activity;sid:84515411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652310/; classtype:trojan-activity;sid:84515410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652309/; classtype:trojan-activity;sid:84515409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652308)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652308/; classtype:trojan-activity;sid:84515408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652307/; classtype:trojan-activity;sid:84515407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652305/; classtype:trojan-activity;sid:84515405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652306/; classtype:trojan-activity;sid:84515406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652303/; classtype:trojan-activity;sid:84515403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652300/; classtype:trojan-activity;sid:84515400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652301/; classtype:trojan-activity;sid:84515401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652302/; classtype:trojan-activity;sid:84515402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652299)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652299/; classtype:trojan-activity;sid:84515399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652298/; classtype:trojan-activity;sid:84515398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652297)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231114-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652297/; classtype:trojan-activity;sid:84515397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652294/; classtype:trojan-activity;sid:84515394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652295/; classtype:trojan-activity;sid:84515395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652293/; classtype:trojan-activity;sid:84515393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652291/; classtype:trojan-activity;sid:84515391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652290/; classtype:trojan-activity;sid:84515390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652289/; classtype:trojan-activity;sid:84515389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652288/; classtype:trojan-activity;sid:84515388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652287/; classtype:trojan-activity;sid:84515387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652286/; classtype:trojan-activity;sid:84515386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652285/; classtype:trojan-activity;sid:84515385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652284/; classtype:trojan-activity;sid:84515384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652282/; classtype:trojan-activity;sid:84515382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652283/; classtype:trojan-activity;sid:84515383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652280/; classtype:trojan-activity;sid:84515380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652281/; classtype:trojan-activity;sid:84515381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652279/; classtype:trojan-activity;sid:84515379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652277/; classtype:trojan-activity;sid:84515377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652278/; classtype:trojan-activity;sid:84515378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652275/; classtype:trojan-activity;sid:84515375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652276/; classtype:trojan-activity;sid:84515376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652273/; classtype:trojan-activity;sid:84515373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652274/; classtype:trojan-activity;sid:84515374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652272/; classtype:trojan-activity;sid:84515372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652271)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220825-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652271/; classtype:trojan-activity;sid:84515371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652270/; classtype:trojan-activity;sid:84515370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652269/; classtype:trojan-activity;sid:84515369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652268/; classtype:trojan-activity;sid:84515368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652267)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652267/; classtype:trojan-activity;sid:84515367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652266)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231016-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652266/; classtype:trojan-activity;sid:84515366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652265/; classtype:trojan-activity;sid:84515365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652264/; classtype:trojan-activity;sid:84515364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652263/; classtype:trojan-activity;sid:84515363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652262/; classtype:trojan-activity;sid:84515362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652261/; classtype:trojan-activity;sid:84515361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652259/; classtype:trojan-activity;sid:84515359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652260/; classtype:trojan-activity;sid:84515360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652257/; classtype:trojan-activity;sid:84515357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652256/; classtype:trojan-activity;sid:84515356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652255/; classtype:trojan-activity;sid:84515355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652251)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652251/; classtype:trojan-activity;sid:84515351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652250/; classtype:trojan-activity;sid:84515350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652247/; classtype:trojan-activity;sid:84515347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652248/; classtype:trojan-activity;sid:84515348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652249/; classtype:trojan-activity;sid:84515349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652246/; classtype:trojan-activity;sid:84515346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652245/; classtype:trojan-activity;sid:84515345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652244/; classtype:trojan-activity;sid:84515344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652243/; classtype:trojan-activity;sid:84515343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652241/; classtype:trojan-activity;sid:84515341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652242/; classtype:trojan-activity;sid:84515342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652239/; classtype:trojan-activity;sid:84515339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652240/; classtype:trojan-activity;sid:84515340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652238/; classtype:trojan-activity;sid:84515338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652237/; classtype:trojan-activity;sid:84515337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652236/; classtype:trojan-activity;sid:84515336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652235/; classtype:trojan-activity;sid:84515335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652234/; classtype:trojan-activity;sid:84515334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652232/; classtype:trojan-activity;sid:84515332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652233/; classtype:trojan-activity;sid:84515333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652230/; classtype:trojan-activity;sid:84515330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652231/; classtype:trojan-activity;sid:84515331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652227)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-108/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652227/; classtype:trojan-activity;sid:84515327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652228)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652228/; classtype:trojan-activity;sid:84515328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652229/; classtype:trojan-activity;sid:84515329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652226)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230728-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652226/; classtype:trojan-activity;sid:84515326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652224)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652224/; classtype:trojan-activity;sid:84515324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652225/; classtype:trojan-activity;sid:84515325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652223/; classtype:trojan-activity;sid:84515323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652221/; classtype:trojan-activity;sid:84515321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652222/; classtype:trojan-activity;sid:84515322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652219/; classtype:trojan-activity;sid:84515319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652220/; classtype:trojan-activity;sid:84515320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652218/; classtype:trojan-activity;sid:84515318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652217/; classtype:trojan-activity;sid:84515317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652216/; classtype:trojan-activity;sid:84515316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652214/; classtype:trojan-activity;sid:84515314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652215/; classtype:trojan-activity;sid:84515315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652213/; classtype:trojan-activity;sid:84515313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652212)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652212/; classtype:trojan-activity;sid:84515312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652211/; classtype:trojan-activity;sid:84515311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652209/; classtype:trojan-activity;sid:84515309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652208/; classtype:trojan-activity;sid:84515308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652206/; classtype:trojan-activity;sid:84515306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652207/; classtype:trojan-activity;sid:84515307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652205/; classtype:trojan-activity;sid:84515305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652204/; classtype:trojan-activity;sid:84515304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652202)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652202/; classtype:trojan-activity;sid:84515302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652203/; classtype:trojan-activity;sid:84515303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652201/; classtype:trojan-activity;sid:84515301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652199)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652199/; classtype:trojan-activity;sid:84515299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652200/; classtype:trojan-activity;sid:84515300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652197/; classtype:trojan-activity;sid:84515297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652195)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231120-099/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652195/; classtype:trojan-activity;sid:84515295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652196/; classtype:trojan-activity;sid:84515296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652193/; classtype:trojan-activity;sid:84515293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652194/; classtype:trojan-activity;sid:84515294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652192/; classtype:trojan-activity;sid:84515292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652186/; classtype:trojan-activity;sid:84515286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652187/; classtype:trojan-activity;sid:84515287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652188/; classtype:trojan-activity;sid:84515288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652189/; classtype:trojan-activity;sid:84515289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652190/; classtype:trojan-activity;sid:84515290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652191/; classtype:trojan-activity;sid:84515291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652185/; classtype:trojan-activity;sid:84515285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652184/; classtype:trojan-activity;sid:84515284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652183/; classtype:trojan-activity;sid:84515283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652182)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652182/; classtype:trojan-activity;sid:84515282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652181/; classtype:trojan-activity;sid:84515281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652180/; classtype:trojan-activity;sid:84515280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652179/; classtype:trojan-activity;sid:84515279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652176/; classtype:trojan-activity;sid:84515276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652177/; classtype:trojan-activity;sid:84515277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652178/; classtype:trojan-activity;sid:84515278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652175/; classtype:trojan-activity;sid:84515275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652174/; classtype:trojan-activity;sid:84515274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652173/; classtype:trojan-activity;sid:84515273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652172)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230307-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652172/; classtype:trojan-activity;sid:84515272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652169/; classtype:trojan-activity;sid:84515269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652170/; classtype:trojan-activity;sid:84515270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652168)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652168/; classtype:trojan-activity;sid:84515268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652167/; classtype:trojan-activity;sid:84515267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652166/; classtype:trojan-activity;sid:84515266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652165/; classtype:trojan-activity;sid:84515265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652164/; classtype:trojan-activity;sid:84515264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652163/; classtype:trojan-activity;sid:84515263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652162/; classtype:trojan-activity;sid:84515262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652161/; classtype:trojan-activity;sid:84515261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652160/; classtype:trojan-activity;sid:84515260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652157/; classtype:trojan-activity;sid:84515257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652158/; classtype:trojan-activity;sid:84515258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652159/; classtype:trojan-activity;sid:84515259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652156/; classtype:trojan-activity;sid:84515256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652155)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240315-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652155/; classtype:trojan-activity;sid:84515255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652154/; classtype:trojan-activity;sid:84515254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652152/; classtype:trojan-activity;sid:84515252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652153/; classtype:trojan-activity;sid:84515253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652151/; classtype:trojan-activity;sid:84515251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652150/; classtype:trojan-activity;sid:84515250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652147/; classtype:trojan-activity;sid:84515247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652148/; classtype:trojan-activity;sid:84515248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652149/; classtype:trojan-activity;sid:84515249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652144/; classtype:trojan-activity;sid:84515244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652145/; classtype:trojan-activity;sid:84515245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652146/; classtype:trojan-activity;sid:84515246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652141/; classtype:trojan-activity;sid:84515241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652138/; classtype:trojan-activity;sid:84515238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652139)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652139/; classtype:trojan-activity;sid:84515239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652140/; classtype:trojan-activity;sid:84515240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652136/; classtype:trojan-activity;sid:84515236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652137/; classtype:trojan-activity;sid:84515237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652135/; classtype:trojan-activity;sid:84515235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652132/; classtype:trojan-activity;sid:84515232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652133/; classtype:trojan-activity;sid:84515233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652128/; classtype:trojan-activity;sid:84515228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652129/; classtype:trojan-activity;sid:84515229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652130/; classtype:trojan-activity;sid:84515230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652131/; classtype:trojan-activity;sid:84515231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652125)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/cpbz/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652125/; classtype:trojan-activity;sid:84515225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652126/; classtype:trojan-activity;sid:84515226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652127)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240122-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652127/; classtype:trojan-activity;sid:84515227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652122/; classtype:trojan-activity;sid:84515222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652123)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652123/; classtype:trojan-activity;sid:84515223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652124/; classtype:trojan-activity;sid:84515224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-24/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652121/; classtype:trojan-activity;sid:84515221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652120/; classtype:trojan-activity;sid:84515220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652119/; classtype:trojan-activity;sid:84515219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652112/; classtype:trojan-activity;sid:84515212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652113/; classtype:trojan-activity;sid:84515213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652114/; classtype:trojan-activity;sid:84515214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652115/; classtype:trojan-activity;sid:84515215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652116/; classtype:trojan-activity;sid:84515216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652117)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652117/; classtype:trojan-activity;sid:84515217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652118/; classtype:trojan-activity;sid:84515218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652108/; classtype:trojan-activity;sid:84515208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652109/; classtype:trojan-activity;sid:84515209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652110/; classtype:trojan-activity;sid:84515210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652111/; classtype:trojan-activity;sid:84515211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652107/; classtype:trojan-activity;sid:84515207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652105/; classtype:trojan-activity;sid:84515205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652106/; classtype:trojan-activity;sid:84515206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652102/; classtype:trojan-activity;sid:84515202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652103/; classtype:trojan-activity;sid:84515203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652104/; classtype:trojan-activity;sid:84515204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652101/; classtype:trojan-activity;sid:84515201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652099/; classtype:trojan-activity;sid:84515199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652100/; classtype:trojan-activity;sid:84515200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652098/; classtype:trojan-activity;sid:84515198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652097/; classtype:trojan-activity;sid:84515197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652096)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230829-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652096/; classtype:trojan-activity;sid:84515196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652095/; classtype:trojan-activity;sid:84515195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-04-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652094/; classtype:trojan-activity;sid:84515194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652091/; classtype:trojan-activity;sid:84515191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652092/; classtype:trojan-activity;sid:84515192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652093)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652093/; classtype:trojan-activity;sid:84515193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652090/; classtype:trojan-activity;sid:84515190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-01-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652084/; classtype:trojan-activity;sid:84515184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652085)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230719-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652085/; classtype:trojan-activity;sid:84515185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652086/; classtype:trojan-activity;sid:84515186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652087)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652087/; classtype:trojan-activity;sid:84515187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652088/; classtype:trojan-activity;sid:84515188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652089/; classtype:trojan-activity;sid:84515189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652081/; classtype:trojan-activity;sid:84515181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652082/; classtype:trojan-activity;sid:84515182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652083/; classtype:trojan-activity;sid:84515183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652078/; classtype:trojan-activity;sid:84515178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652079/; classtype:trojan-activity;sid:84515179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652080)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240618-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652080/; classtype:trojan-activity;sid:84515180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652074)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240717-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652074/; classtype:trojan-activity;sid:84515174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652075/; classtype:trojan-activity;sid:84515175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652076/; classtype:trojan-activity;sid:84515176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652077/; classtype:trojan-activity;sid:84515177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652072)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/aspjpeg_setup/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652072/; classtype:trojan-activity;sid:84515172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652073)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652073/; classtype:trojan-activity;sid:84515173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652070/; classtype:trojan-activity;sid:84515170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652071/; classtype:trojan-activity;sid:84515171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652067/; classtype:trojan-activity;sid:84515167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652068/; classtype:trojan-activity;sid:84515168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652069)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230309-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652069/; classtype:trojan-activity;sid:84515169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220917-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652059/; classtype:trojan-activity;sid:84515159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652060/; classtype:trojan-activity;sid:84515160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652061/; classtype:trojan-activity;sid:84515161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652062)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250523-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652062/; classtype:trojan-activity;sid:84515162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652063/; classtype:trojan-activity;sid:84515163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652064/; classtype:trojan-activity;sid:84515164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652065/; classtype:trojan-activity;sid:84515165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652066/; classtype:trojan-activity;sid:84515166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652057/; classtype:trojan-activity;sid:84515157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652058/; classtype:trojan-activity;sid:84515158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652056)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240312-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652056/; classtype:trojan-activity;sid:84515156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652053/; classtype:trojan-activity;sid:84515153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652054/; classtype:trojan-activity;sid:84515154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652055)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230826-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652055/; classtype:trojan-activity;sid:84515155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652048/; classtype:trojan-activity;sid:84515148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652049/; classtype:trojan-activity;sid:84515149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652050/; classtype:trojan-activity;sid:84515150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652051/; classtype:trojan-activity;sid:84515151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652052/; classtype:trojan-activity;sid:84515152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652045/; classtype:trojan-activity;sid:84515145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652046/; classtype:trojan-activity;sid:84515146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652042/; classtype:trojan-activity;sid:84515142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652043/; classtype:trojan-activity;sid:84515143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652044)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240219-116/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652044/; classtype:trojan-activity;sid:84515144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652041/; classtype:trojan-activity;sid:84515141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652039/; classtype:trojan-activity;sid:84515139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652040/; classtype:trojan-activity;sid:84515140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652035)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221227-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652035/; classtype:trojan-activity;sid:84515135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652036/; classtype:trojan-activity;sid:84515136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652037/; classtype:trojan-activity;sid:84515137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652038/; classtype:trojan-activity;sid:84515138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652033)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652033/; classtype:trojan-activity;sid:84515133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652034/; classtype:trojan-activity;sid:84515134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652026/; classtype:trojan-activity;sid:84515126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652027/; classtype:trojan-activity;sid:84515127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652029/; classtype:trojan-activity;sid:84515129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652030/; classtype:trojan-activity;sid:84515130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652031/; classtype:trojan-activity;sid:84515131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652032)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652032/; classtype:trojan-activity;sid:84515132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652024/; classtype:trojan-activity;sid:84515124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652023/; classtype:trojan-activity;sid:84515123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652022/; classtype:trojan-activity;sid:84515122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652021/; classtype:trojan-activity;sid:84515121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652014/; classtype:trojan-activity;sid:84515114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652015/; classtype:trojan-activity;sid:84515115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652017/; classtype:trojan-activity;sid:84515117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652018/; classtype:trojan-activity;sid:84515118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652019/; classtype:trojan-activity;sid:84515119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652020/; classtype:trojan-activity;sid:84515120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652012/; classtype:trojan-activity;sid:84515112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652013/; classtype:trojan-activity;sid:84515113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652007/; classtype:trojan-activity;sid:84515107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652008/; classtype:trojan-activity;sid:84515108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652009/; classtype:trojan-activity;sid:84515109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652010/; classtype:trojan-activity;sid:84515110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652004)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221125-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652004/; classtype:trojan-activity;sid:84515104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652005/; classtype:trojan-activity;sid:84515105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652003/; classtype:trojan-activity;sid:84515103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652001/; classtype:trojan-activity;sid:84515101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652002/; classtype:trojan-activity;sid:84515102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652000/; classtype:trojan-activity;sid:84515100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651998/; classtype:trojan-activity;sid:84515098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651999/; classtype:trojan-activity;sid:84515099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651993/; classtype:trojan-activity;sid:84515093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651994/; classtype:trojan-activity;sid:84515094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651996/; classtype:trojan-activity;sid:84515096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651997/; classtype:trojan-activity;sid:84515097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651991/; classtype:trojan-activity;sid:84515091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651992/; classtype:trojan-activity;sid:84515092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651989/; classtype:trojan-activity;sid:84515089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651990/; classtype:trojan-activity;sid:84515090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651987/; classtype:trojan-activity;sid:84515087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651988/; classtype:trojan-activity;sid:84515088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651981/; classtype:trojan-activity;sid:84515081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651982/; classtype:trojan-activity;sid:84515082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651983/; classtype:trojan-activity;sid:84515083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651984)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651984/; classtype:trojan-activity;sid:84515084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651985/; classtype:trojan-activity;sid:84515085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651986/; classtype:trojan-activity;sid:84515086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651978/; classtype:trojan-activity;sid:84515078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651979)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221017-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651979/; classtype:trojan-activity;sid:84515079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651980/; classtype:trojan-activity;sid:84515080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651969/; classtype:trojan-activity;sid:84515069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651970/; classtype:trojan-activity;sid:84515070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651971/; classtype:trojan-activity;sid:84515071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651973/; classtype:trojan-activity;sid:84515073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651974/; classtype:trojan-activity;sid:84515074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651975/; classtype:trojan-activity;sid:84515075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651976/; classtype:trojan-activity;sid:84515076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651977/; classtype:trojan-activity;sid:84515077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651967/; classtype:trojan-activity;sid:84515067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651968/; classtype:trojan-activity;sid:84515068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651965/; classtype:trojan-activity;sid:84515065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651966/; classtype:trojan-activity;sid:84515066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651963/; classtype:trojan-activity;sid:84515063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651964/; classtype:trojan-activity;sid:84515064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651959/; classtype:trojan-activity;sid:84515059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651960/; classtype:trojan-activity;sid:84515060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651961/; classtype:trojan-activity;sid:84515061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651962/; classtype:trojan-activity;sid:84515062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651958/; classtype:trojan-activity;sid:84515058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651957/; classtype:trojan-activity;sid:84515057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651955/; classtype:trojan-activity;sid:84515055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651954/; classtype:trojan-activity;sid:84515054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651952/; classtype:trojan-activity;sid:84515052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651953/; classtype:trojan-activity;sid:84515053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651951/; classtype:trojan-activity;sid:84515051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651949/; classtype:trojan-activity;sid:84515049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651950/; classtype:trojan-activity;sid:84515050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651944/; classtype:trojan-activity;sid:84515044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651945/; classtype:trojan-activity;sid:84515045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/11032020101348/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651946/; classtype:trojan-activity;sid:84515046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651947/; classtype:trojan-activity;sid:84515047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651948/; classtype:trojan-activity;sid:84515048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651943/; classtype:trojan-activity;sid:84515043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651942/; classtype:trojan-activity;sid:84515042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651937/; classtype:trojan-activity;sid:84515037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651938/; classtype:trojan-activity;sid:84515038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651939/; classtype:trojan-activity;sid:84515039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651940)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651940/; classtype:trojan-activity;sid:84515040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651933/; classtype:trojan-activity;sid:84515033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651934/; classtype:trojan-activity;sid:84515034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651935/; classtype:trojan-activity;sid:84515035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651936/; classtype:trojan-activity;sid:84515036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651931/; classtype:trojan-activity;sid:84515031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651932/; classtype:trojan-activity;sid:84515032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651930/; classtype:trojan-activity;sid:84515030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651928/; classtype:trojan-activity;sid:84515028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651929/; classtype:trojan-activity;sid:84515029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651926/; classtype:trojan-activity;sid:84515026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651927/; classtype:trojan-activity;sid:84515027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651921/; classtype:trojan-activity;sid:84515021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651922/; classtype:trojan-activity;sid:84515022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651923/; classtype:trojan-activity;sid:84515023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651924/; classtype:trojan-activity;sid:84515024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651925/; classtype:trojan-activity;sid:84515025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651919)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651919/; classtype:trojan-activity;sid:84515019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651920/; classtype:trojan-activity;sid:84515020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651915/; classtype:trojan-activity;sid:84515015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651916/; classtype:trojan-activity;sid:84515016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651917/; classtype:trojan-activity;sid:84515017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651918)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651918/; classtype:trojan-activity;sid:84515018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651913/; classtype:trojan-activity;sid:84515013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651914/; classtype:trojan-activity;sid:84515014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651909/; classtype:trojan-activity;sid:84515009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651910/; classtype:trojan-activity;sid:84515010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651911)"; flow:established,from_client; content:"GET"; http_method; content:"/update/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651911/; classtype:trojan-activity;sid:84515011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651912/; classtype:trojan-activity;sid:84515012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651904)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240525-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651904/; classtype:trojan-activity;sid:84515004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651905/; classtype:trojan-activity;sid:84515005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651907/; classtype:trojan-activity;sid:84515007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651908)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651908/; classtype:trojan-activity;sid:84515008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651902/; classtype:trojan-activity;sid:84515002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651903/; classtype:trojan-activity;sid:84515003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651899/; classtype:trojan-activity;sid:84514999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651900/; classtype:trojan-activity;sid:84515000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651896/; classtype:trojan-activity;sid:84514996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651897/; classtype:trojan-activity;sid:84514997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651898/; classtype:trojan-activity;sid:84514998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651894/; classtype:trojan-activity;sid:84514994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651895/; classtype:trojan-activity;sid:84514995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/td00000000000000159843/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651892/; classtype:trojan-activity;sid:84514992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651893/; classtype:trojan-activity;sid:84514993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651890/; classtype:trojan-activity;sid:84514990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651891/; classtype:trojan-activity;sid:84514991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651886)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651886/; classtype:trojan-activity;sid:84514986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651887/; classtype:trojan-activity;sid:84514987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651888/; classtype:trojan-activity;sid:84514988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651889/; classtype:trojan-activity;sid:84514989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651883/; classtype:trojan-activity;sid:84514983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651884/; classtype:trojan-activity;sid:84514984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651885/; classtype:trojan-activity;sid:84514985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651880)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240308-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651880/; classtype:trojan-activity;sid:84514980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651881/; classtype:trojan-activity;sid:84514981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651877/; classtype:trojan-activity;sid:84514977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651878/; classtype:trojan-activity;sid:84514978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651879/; classtype:trojan-activity;sid:84514979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651874/; classtype:trojan-activity;sid:84514974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651875/; classtype:trojan-activity;sid:84514975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651876/; classtype:trojan-activity;sid:84514976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651867/; classtype:trojan-activity;sid:84514967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651868/; classtype:trojan-activity;sid:84514968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651869/; classtype:trojan-activity;sid:84514969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651870/; classtype:trojan-activity;sid:84514970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651871/; classtype:trojan-activity;sid:84514971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651872/; classtype:trojan-activity;sid:84514972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651873/; classtype:trojan-activity;sid:84514973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651866/; classtype:trojan-activity;sid:84514966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651865/; classtype:trojan-activity;sid:84514965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651861/; classtype:trojan-activity;sid:84514961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651862/; classtype:trojan-activity;sid:84514962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651863/; classtype:trojan-activity;sid:84514963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651864/; classtype:trojan-activity;sid:84514964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651859/; classtype:trojan-activity;sid:84514959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651860/; classtype:trojan-activity;sid:84514960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651858)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651858/; classtype:trojan-activity;sid:84514958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651857/; classtype:trojan-activity;sid:84514957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651855/; classtype:trojan-activity;sid:84514955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651856)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220913-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651856/; classtype:trojan-activity;sid:84514956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651854/; classtype:trojan-activity;sid:84514954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651852/; classtype:trojan-activity;sid:84514952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651853/; classtype:trojan-activity;sid:84514953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651849/; classtype:trojan-activity;sid:84514949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-31/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651848/; classtype:trojan-activity;sid:84514948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651845/; classtype:trojan-activity;sid:84514945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651846/; classtype:trojan-activity;sid:84514946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651844/; classtype:trojan-activity;sid:84514944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651843/; classtype:trojan-activity;sid:84514943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651836/; classtype:trojan-activity;sid:84514936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651837/; classtype:trojan-activity;sid:84514937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651838/; classtype:trojan-activity;sid:84514938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651839/; classtype:trojan-activity;sid:84514939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651840/; classtype:trojan-activity;sid:84514940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651841/; classtype:trojan-activity;sid:84514941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651842/; classtype:trojan-activity;sid:84514942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651834/; classtype:trojan-activity;sid:84514934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651835/; classtype:trojan-activity;sid:84514935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651832/; classtype:trojan-activity;sid:84514932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651833/; classtype:trojan-activity;sid:84514933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651828)"; flow:established,from_client; content:"GET"; http_method; content:"/dddrupdate/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651828/; classtype:trojan-activity;sid:84514928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651829/; classtype:trojan-activity;sid:84514929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651830/; classtype:trojan-activity;sid:84514930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651831)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651831/; classtype:trojan-activity;sid:84514931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651827/; classtype:trojan-activity;sid:84514927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651822/; classtype:trojan-activity;sid:84514922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651823/; classtype:trojan-activity;sid:84514923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651824/; classtype:trojan-activity;sid:84514924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651825/; classtype:trojan-activity;sid:84514925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651826/; classtype:trojan-activity;sid:84514926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-05-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651820/; classtype:trojan-activity;sid:84514920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651821/; classtype:trojan-activity;sid:84514921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651819/; classtype:trojan-activity;sid:84514919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651813/; classtype:trojan-activity;sid:84514913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651814/; classtype:trojan-activity;sid:84514914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651815/; classtype:trojan-activity;sid:84514915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651816/; classtype:trojan-activity;sid:84514916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651817/; classtype:trojan-activity;sid:84514917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651818/; classtype:trojan-activity;sid:84514918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651810/; classtype:trojan-activity;sid:84514910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651811/; classtype:trojan-activity;sid:84514911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651812/; classtype:trojan-activity;sid:84514912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221213-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651809/; classtype:trojan-activity;sid:84514909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651808/; classtype:trojan-activity;sid:84514908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651806/; classtype:trojan-activity;sid:84514906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651802/; classtype:trojan-activity;sid:84514902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651803/; classtype:trojan-activity;sid:84514903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651804/; classtype:trojan-activity;sid:84514904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651800)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230415-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651800/; classtype:trojan-activity;sid:84514900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651801/; classtype:trojan-activity;sid:84514901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651798/; classtype:trojan-activity;sid:84514898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651799)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651799/; classtype:trojan-activity;sid:84514899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651796/; classtype:trojan-activity;sid:84514896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651797/; classtype:trojan-activity;sid:84514897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230511-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651794/; classtype:trojan-activity;sid:84514894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651795)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651795/; classtype:trojan-activity;sid:84514895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651790/; classtype:trojan-activity;sid:84514890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651791)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230414-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651791/; classtype:trojan-activity;sid:84514891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651792/; classtype:trojan-activity;sid:84514892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651793)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230508-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651793/; classtype:trojan-activity;sid:84514893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651788)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221219-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651788/; classtype:trojan-activity;sid:84514888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168897/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651789/; classtype:trojan-activity;sid:84514889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651787/; classtype:trojan-activity;sid:84514887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651782/; classtype:trojan-activity;sid:84514882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651783/; classtype:trojan-activity;sid:84514883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651784)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230922-167/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651784/; classtype:trojan-activity;sid:84514884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651785/; classtype:trojan-activity;sid:84514885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651786/; classtype:trojan-activity;sid:84514886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651777/; classtype:trojan-activity;sid:84514877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651778/; classtype:trojan-activity;sid:84514878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651779)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240527-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651779/; classtype:trojan-activity;sid:84514879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651780/; classtype:trojan-activity;sid:84514880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651781/; classtype:trojan-activity;sid:84514881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651774/; classtype:trojan-activity;sid:84514874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651775/; classtype:trojan-activity;sid:84514875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651776/; classtype:trojan-activity;sid:84514876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651770/; classtype:trojan-activity;sid:84514870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651771/; classtype:trojan-activity;sid:84514871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651772/; classtype:trojan-activity;sid:84514872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651768/; classtype:trojan-activity;sid:84514868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651769/; classtype:trojan-activity;sid:84514869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651766/; classtype:trojan-activity;sid:84514866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651767/; classtype:trojan-activity;sid:84514867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651763/; classtype:trojan-activity;sid:84514863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651764/; classtype:trojan-activity;sid:84514864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651765/; classtype:trojan-activity;sid:84514865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651760/; classtype:trojan-activity;sid:84514860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651761/; classtype:trojan-activity;sid:84514861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651762/; classtype:trojan-activity;sid:84514862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651755/; classtype:trojan-activity;sid:84514855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651756/; classtype:trojan-activity;sid:84514856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651757/; classtype:trojan-activity;sid:84514857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651758/; classtype:trojan-activity;sid:84514858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651759/; classtype:trojan-activity;sid:84514859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651753/; classtype:trojan-activity;sid:84514853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651754/; classtype:trojan-activity;sid:84514854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651751/; classtype:trojan-activity;sid:84514851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651752/; classtype:trojan-activity;sid:84514852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651750/; classtype:trojan-activity;sid:84514850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651741/; classtype:trojan-activity;sid:84514841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651742/; classtype:trojan-activity;sid:84514842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651743)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pbdll/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651743/; classtype:trojan-activity;sid:84514843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651744/; classtype:trojan-activity;sid:84514844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651745/; classtype:trojan-activity;sid:84514845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651746/; classtype:trojan-activity;sid:84514846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651747/; classtype:trojan-activity;sid:84514847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/homologa%c3%a7%c3%a3o/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651748/; classtype:trojan-activity;sid:84514848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651749)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651749/; classtype:trojan-activity;sid:84514849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651740/; classtype:trojan-activity;sid:84514840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651734/; classtype:trojan-activity;sid:84514834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651735/; classtype:trojan-activity;sid:84514835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651736/; classtype:trojan-activity;sid:84514836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651737/; classtype:trojan-activity;sid:84514837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651738/; classtype:trojan-activity;sid:84514838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651739/; classtype:trojan-activity;sid:84514839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651733)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231213-078/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651733/; classtype:trojan-activity;sid:84514833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651730/; classtype:trojan-activity;sid:84514830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651731/; classtype:trojan-activity;sid:84514831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651732/; classtype:trojan-activity;sid:84514832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651729/; classtype:trojan-activity;sid:84514829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651728/; classtype:trojan-activity;sid:84514828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651726/; classtype:trojan-activity;sid:84514826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651727/; classtype:trojan-activity;sid:84514827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651725/; classtype:trojan-activity;sid:84514825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651720/; classtype:trojan-activity;sid:84514820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651721/; classtype:trojan-activity;sid:84514821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651722/; classtype:trojan-activity;sid:84514822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651723/; classtype:trojan-activity;sid:84514823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651724/; classtype:trojan-activity;sid:84514824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651719)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/goods/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651719/; classtype:trojan-activity;sid:84514819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651717/; classtype:trojan-activity;sid:84514817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651718/; classtype:trojan-activity;sid:84514818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651716/; classtype:trojan-activity;sid:84514816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651715/; classtype:trojan-activity;sid:84514815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651713/; classtype:trojan-activity;sid:84514813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651714/; classtype:trojan-activity;sid:84514814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651710/; classtype:trojan-activity;sid:84514810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651711/; classtype:trojan-activity;sid:84514811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651709/; classtype:trojan-activity;sid:84514809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651707/; classtype:trojan-activity;sid:84514807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651708/; classtype:trojan-activity;sid:84514808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651704)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651704/; classtype:trojan-activity;sid:84514804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651705/; classtype:trojan-activity;sid:84514805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651706/; classtype:trojan-activity;sid:84514806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230607-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651698/; classtype:trojan-activity;sid:84514798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651699/; classtype:trojan-activity;sid:84514799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651700/; classtype:trojan-activity;sid:84514800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651701/; classtype:trojan-activity;sid:84514801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651702/; classtype:trojan-activity;sid:84514802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651703/; classtype:trojan-activity;sid:84514803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651695/; classtype:trojan-activity;sid:84514795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651696/; classtype:trojan-activity;sid:84514796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651697/; classtype:trojan-activity;sid:84514797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651693/; classtype:trojan-activity;sid:84514793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651694/; classtype:trojan-activity;sid:84514794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651691/; classtype:trojan-activity;sid:84514791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651692/; classtype:trojan-activity;sid:84514792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651686/; classtype:trojan-activity;sid:84514786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651687/; classtype:trojan-activity;sid:84514787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651689/; classtype:trojan-activity;sid:84514789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651685/; classtype:trojan-activity;sid:84514785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651682/; classtype:trojan-activity;sid:84514782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651683/; classtype:trojan-activity;sid:84514783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651684/; classtype:trojan-activity;sid:84514784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651681/; classtype:trojan-activity;sid:84514781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651680/; classtype:trojan-activity;sid:84514780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651679/; classtype:trojan-activity;sid:84514779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651678/; classtype:trojan-activity;sid:84514778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651674)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240722-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651674/; classtype:trojan-activity;sid:84514774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651675/; classtype:trojan-activity;sid:84514775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651676/; classtype:trojan-activity;sid:84514776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651677/; classtype:trojan-activity;sid:84514777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651668/; classtype:trojan-activity;sid:84514768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651669/; classtype:trojan-activity;sid:84514769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651670/; classtype:trojan-activity;sid:84514770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651671/; classtype:trojan-activity;sid:84514771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651672)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230213-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651672/; classtype:trojan-activity;sid:84514772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651667/; classtype:trojan-activity;sid:84514767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651663/; classtype:trojan-activity;sid:84514763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651665/; classtype:trojan-activity;sid:84514765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651666/; classtype:trojan-activity;sid:84514766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651662)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651662/; classtype:trojan-activity;sid:84514762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651655/; classtype:trojan-activity;sid:84514755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651656/; classtype:trojan-activity;sid:84514756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651657/; classtype:trojan-activity;sid:84514757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651658/; classtype:trojan-activity;sid:84514758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651659/; classtype:trojan-activity;sid:84514759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651660)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651660/; classtype:trojan-activity;sid:84514760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651661/; classtype:trojan-activity;sid:84514761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651650/; classtype:trojan-activity;sid:84514750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651651/; classtype:trojan-activity;sid:84514751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651652/; classtype:trojan-activity;sid:84514752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651653/; classtype:trojan-activity;sid:84514753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651654/; classtype:trojan-activity;sid:84514754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651645/; classtype:trojan-activity;sid:84514745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651646/; classtype:trojan-activity;sid:84514746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651647/; classtype:trojan-activity;sid:84514747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651648/; classtype:trojan-activity;sid:84514748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651649/; classtype:trojan-activity;sid:84514749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651639/; classtype:trojan-activity;sid:84514739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651640/; classtype:trojan-activity;sid:84514740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651641/; classtype:trojan-activity;sid:84514741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651642/; classtype:trojan-activity;sid:84514742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651643/; classtype:trojan-activity;sid:84514743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651632/; classtype:trojan-activity;sid:84514732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-16/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651633/; classtype:trojan-activity;sid:84514733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651634/; classtype:trojan-activity;sid:84514734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651635/; classtype:trojan-activity;sid:84514735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651636/; classtype:trojan-activity;sid:84514736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651637/; classtype:trojan-activity;sid:84514737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651638/; classtype:trojan-activity;sid:84514738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651629/; classtype:trojan-activity;sid:84514729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651630/; classtype:trojan-activity;sid:84514730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651631/; classtype:trojan-activity;sid:84514731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651628/; classtype:trojan-activity;sid:84514728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651622/; classtype:trojan-activity;sid:84514722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651623/; classtype:trojan-activity;sid:84514723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651624/; classtype:trojan-activity;sid:84514724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651625/; classtype:trojan-activity;sid:84514725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651626/; classtype:trojan-activity;sid:84514726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651627/; classtype:trojan-activity;sid:84514727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651620/; classtype:trojan-activity;sid:84514720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651621/; classtype:trojan-activity;sid:84514721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651619/; classtype:trojan-activity;sid:84514719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651617/; classtype:trojan-activity;sid:84514717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651618)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651618/; classtype:trojan-activity;sid:84514718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651616/; classtype:trojan-activity;sid:84514716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651615/; classtype:trojan-activity;sid:84514715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651614/; classtype:trojan-activity;sid:84514714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651613/; classtype:trojan-activity;sid:84514713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651611/; classtype:trojan-activity;sid:84514711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651612)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/images/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651612/; classtype:trojan-activity;sid:84514712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230323-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651610/; classtype:trojan-activity;sid:84514710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221019-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651607/; classtype:trojan-activity;sid:84514707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651609/; classtype:trojan-activity;sid:84514709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651606)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651606/; classtype:trojan-activity;sid:84514706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651605/; classtype:trojan-activity;sid:84514705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651603/; classtype:trojan-activity;sid:84514703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651604/; classtype:trojan-activity;sid:84514704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651598/; classtype:trojan-activity;sid:84514698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651599/; classtype:trojan-activity;sid:84514699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651600/; classtype:trojan-activity;sid:84514700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651601/; classtype:trojan-activity;sid:84514701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651602/; classtype:trojan-activity;sid:84514702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651591/; classtype:trojan-activity;sid:84514691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651592/; classtype:trojan-activity;sid:84514692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651593/; classtype:trojan-activity;sid:84514693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651594/; classtype:trojan-activity;sid:84514694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651595/; classtype:trojan-activity;sid:84514695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651596)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651596/; classtype:trojan-activity;sid:84514696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651597/; classtype:trojan-activity;sid:84514697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651587)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651587/; classtype:trojan-activity;sid:84514687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651588/; classtype:trojan-activity;sid:84514688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651589/; classtype:trojan-activity;sid:84514689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651590/; classtype:trojan-activity;sid:84514690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651583/; classtype:trojan-activity;sid:84514683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651584/; classtype:trojan-activity;sid:84514684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651585/; classtype:trojan-activity;sid:84514685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651582/; classtype:trojan-activity;sid:84514682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651580/; classtype:trojan-activity;sid:84514680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651581/; classtype:trojan-activity;sid:84514681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651579/; classtype:trojan-activity;sid:84514679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651578/; classtype:trojan-activity;sid:84514678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651573/; classtype:trojan-activity;sid:84514673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651574/; classtype:trojan-activity;sid:84514674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651575/; classtype:trojan-activity;sid:84514675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651576/; classtype:trojan-activity;sid:84514676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651570/; classtype:trojan-activity;sid:84514670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651571/; classtype:trojan-activity;sid:84514671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651572)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651572/; classtype:trojan-activity;sid:84514672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-08-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651567/; classtype:trojan-activity;sid:84514667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651568/; classtype:trojan-activity;sid:84514668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651569)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230503-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651569/; classtype:trojan-activity;sid:84514669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651565/; classtype:trojan-activity;sid:84514665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651566/; classtype:trojan-activity;sid:84514666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651564/; classtype:trojan-activity;sid:84514664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651562/; classtype:trojan-activity;sid:84514662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651563/; classtype:trojan-activity;sid:84514663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651560/; classtype:trojan-activity;sid:84514660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651561/; classtype:trojan-activity;sid:84514661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651558/; classtype:trojan-activity;sid:84514658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651559/; classtype:trojan-activity;sid:84514659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651553/; classtype:trojan-activity;sid:84514653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651555/; classtype:trojan-activity;sid:84514655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651556)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651556/; classtype:trojan-activity;sid:84514656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651557/; classtype:trojan-activity;sid:84514657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651548/; classtype:trojan-activity;sid:84514648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651549/; classtype:trojan-activity;sid:84514649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651551/; classtype:trojan-activity;sid:84514651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651552/; classtype:trojan-activity;sid:84514652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240619-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651547/; classtype:trojan-activity;sid:84514647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651545/; classtype:trojan-activity;sid:84514645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651546/; classtype:trojan-activity;sid:84514646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651539/; classtype:trojan-activity;sid:84514639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220929-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651540/; classtype:trojan-activity;sid:84514640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651541)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651541/; classtype:trojan-activity;sid:84514641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651542/; classtype:trojan-activity;sid:84514642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651543)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651543/; classtype:trojan-activity;sid:84514643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651544/; classtype:trojan-activity;sid:84514644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651532/; classtype:trojan-activity;sid:84514632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651533/; classtype:trojan-activity;sid:84514633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651534/; classtype:trojan-activity;sid:84514634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-07-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651535/; classtype:trojan-activity;sid:84514635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651536/; classtype:trojan-activity;sid:84514636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651537)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651537/; classtype:trojan-activity;sid:84514637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221209-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651538/; classtype:trojan-activity;sid:84514638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651530/; classtype:trojan-activity;sid:84514630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651528)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651528/; classtype:trojan-activity;sid:84514628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651529/; classtype:trojan-activity;sid:84514629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651527/; classtype:trojan-activity;sid:84514627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651526/; classtype:trojan-activity;sid:84514626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651525/; classtype:trojan-activity;sid:84514625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651524/; classtype:trojan-activity;sid:84514624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651521/; classtype:trojan-activity;sid:84514621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651522/; classtype:trojan-activity;sid:84514622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651523/; classtype:trojan-activity;sid:84514623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651520/; classtype:trojan-activity;sid:84514620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651519/; classtype:trojan-activity;sid:84514619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651516/; classtype:trojan-activity;sid:84514616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651517/; classtype:trojan-activity;sid:84514617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651518/; classtype:trojan-activity;sid:84514618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651515/; classtype:trojan-activity;sid:84514615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651512/; classtype:trojan-activity;sid:84514612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651513/; classtype:trojan-activity;sid:84514613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651514/; classtype:trojan-activity;sid:84514614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651511/; classtype:trojan-activity;sid:84514611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651509/; classtype:trojan-activity;sid:84514609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651510/; classtype:trojan-activity;sid:84514610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651506/; classtype:trojan-activity;sid:84514606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651508/; classtype:trojan-activity;sid:84514608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651504/; classtype:trojan-activity;sid:84514604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651505/; classtype:trojan-activity;sid:84514605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651502/; classtype:trojan-activity;sid:84514602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651494)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651494/; classtype:trojan-activity;sid:84514594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651491)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651491/; classtype:trojan-activity;sid:84514591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651489/; classtype:trojan-activity;sid:84514589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651487)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651487/; classtype:trojan-activity;sid:84514587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651481)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651481/; classtype:trojan-activity;sid:84514581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651480)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651480/; classtype:trojan-activity;sid:84514580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651479)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651479/; classtype:trojan-activity;sid:84514579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651476/; classtype:trojan-activity;sid:84514576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651475)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651475/; classtype:trojan-activity;sid:84514575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651456)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xworm0106.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651456/; classtype:trojan-activity;sid:84514556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651457)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651457/; classtype:trojan-activity;sid:84514557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651454)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"xworm0106.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651454/; classtype:trojan-activity;sid:84514554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651449)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651449/; classtype:trojan-activity;sid:84514549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651452)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xworm0106.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651452/; classtype:trojan-activity;sid:84514552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651445)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sostexampp.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651445/; classtype:trojan-activity;sid:84514545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651444)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sostexampp.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651444/; classtype:trojan-activity;sid:84514544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651443)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651443/; classtype:trojan-activity;sid:84514543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651441)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"remdefrem.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651441/; classtype:trojan-activity;sid:84514541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651442)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651442/; classtype:trojan-activity;sid:84514542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651437)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"remdefrem.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651437/; classtype:trojan-activity;sid:84514537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651439)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651439/; classtype:trojan-activity;sid:84514539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651304)"; flow:established,from_client; content:"GET"; http_method; content:"/download/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.104.31.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651304/; classtype:trojan-activity;sid:84514404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651299/; classtype:trojan-activity;sid:84514399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651288)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.45.225.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651288/; classtype:trojan-activity;sid:84514388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651271)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoorbak.sct"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.43.22.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651271/; classtype:trojan-activity;sid:84514371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651237)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651237/; classtype:trojan-activity;sid:84514337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651236)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651236/; classtype:trojan-activity;sid:84514336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651235)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651235/; classtype:trojan-activity;sid:84514335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651234)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651234/; classtype:trojan-activity;sid:84514334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651232)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651232/; classtype:trojan-activity;sid:84514332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651233)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651233/; classtype:trojan-activity;sid:84514333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651231)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/remoteblobstore/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651231/; classtype:trojan-activity;sid:84514331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651230)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651230/; classtype:trojan-activity;sid:84514330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651229)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651229/; classtype:trojan-activity;sid:84514329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651228/; classtype:trojan-activity;sid:84514328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651226)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651226/; classtype:trojan-activity;sid:84514326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651225)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651225/; classtype:trojan-activity;sid:84514325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651224)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651224/; classtype:trojan-activity;sid:84514324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651223/; classtype:trojan-activity;sid:84514323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651222)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651222/; classtype:trojan-activity;sid:84514322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651221)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651221/; classtype:trojan-activity;sid:84514321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651220/; classtype:trojan-activity;sid:84514320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651219)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651219/; classtype:trojan-activity;sid:84514319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651218)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651218/; classtype:trojan-activity;sid:84514318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651217)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651217/; classtype:trojan-activity;sid:84514317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651216)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651216/; classtype:trojan-activity;sid:84514316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651215)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651215/; classtype:trojan-activity;sid:84514315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651214)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651214/; classtype:trojan-activity;sid:84514314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651213)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651213/; classtype:trojan-activity;sid:84514313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651212)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651212/; classtype:trojan-activity;sid:84514312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651211)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651211/; classtype:trojan-activity;sid:84514311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651210)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651210/; classtype:trojan-activity;sid:84514310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651209)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651209/; classtype:trojan-activity;sid:84514309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651208)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651208/; classtype:trojan-activity;sid:84514308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651206)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651206/; classtype:trojan-activity;sid:84514306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651207)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651207/; classtype:trojan-activity;sid:84514307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651205)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651205/; classtype:trojan-activity;sid:84514305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651204)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651204/; classtype:trojan-activity;sid:84514304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651203)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651203/; classtype:trojan-activity;sid:84514303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651202)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651202/; classtype:trojan-activity;sid:84514302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651200)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651200/; classtype:trojan-activity;sid:84514300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651199)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651199/; classtype:trojan-activity;sid:84514299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651198)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651198/; classtype:trojan-activity;sid:84514298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651197)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651197/; classtype:trojan-activity;sid:84514297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566431/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651195/; classtype:trojan-activity;sid:84514295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651192/; classtype:trojan-activity;sid:84514292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651193)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651193/; classtype:trojan-activity;sid:84514293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651190)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651190/; classtype:trojan-activity;sid:84514290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651188/; classtype:trojan-activity;sid:84514288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651189)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651189/; classtype:trojan-activity;sid:84514289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651187)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651187/; classtype:trojan-activity;sid:84514287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651186)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651186/; classtype:trojan-activity;sid:84514286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651184/; classtype:trojan-activity;sid:84514284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651181)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651181/; classtype:trojan-activity;sid:84514281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651182)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651182/; classtype:trojan-activity;sid:84514282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225745/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651183/; classtype:trojan-activity;sid:84514283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651178)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651178/; classtype:trojan-activity;sid:84514278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651179)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651179/; classtype:trojan-activity;sid:84514279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651175)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651175/; classtype:trojan-activity;sid:84514275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651176)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651176/; classtype:trojan-activity;sid:84514276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651172)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651172/; classtype:trojan-activity;sid:84514272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651171/; classtype:trojan-activity;sid:84514271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651170)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651170/; classtype:trojan-activity;sid:84514270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651168/; classtype:trojan-activity;sid:84514268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651169/; classtype:trojan-activity;sid:84514269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171472/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651167/; classtype:trojan-activity;sid:84514267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651165/; classtype:trojan-activity;sid:84514265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651163)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651163/; classtype:trojan-activity;sid:84514263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651161)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.71.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651161/; classtype:trojan-activity;sid:84514261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651162)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651162/; classtype:trojan-activity;sid:84514262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651160/; classtype:trojan-activity;sid:84514260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651158)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651158/; classtype:trojan-activity;sid:84514258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651159/; classtype:trojan-activity;sid:84514259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651156/; classtype:trojan-activity;sid:84514256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651157)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651157/; classtype:trojan-activity;sid:84514257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651155/; classtype:trojan-activity;sid:84514255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651150/; classtype:trojan-activity;sid:84514250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651146)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651146/; classtype:trojan-activity;sid:84514246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651147)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651147/; classtype:trojan-activity;sid:84514247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651145)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651145/; classtype:trojan-activity;sid:84514245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651144)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651144/; classtype:trojan-activity;sid:84514244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170922/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651139/; classtype:trojan-activity;sid:84514239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651142/; classtype:trojan-activity;sid:84514242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651137)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651137/; classtype:trojan-activity;sid:84514237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651135/; classtype:trojan-activity;sid:84514235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651126)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651126/; classtype:trojan-activity;sid:84514226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651128)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651128/; classtype:trojan-activity;sid:84514228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651129)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651129/; classtype:trojan-activity;sid:84514229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651130)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651130/; classtype:trojan-activity;sid:84514230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651131)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651131/; classtype:trojan-activity;sid:84514231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651132)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651132/; classtype:trojan-activity;sid:84514232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603095/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651125/; classtype:trojan-activity;sid:84514225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651124)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651124/; classtype:trojan-activity;sid:84514224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651120)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651120/; classtype:trojan-activity;sid:84514220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651115)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651115/; classtype:trojan-activity;sid:84514215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651116)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/2052/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651116/; classtype:trojan-activity;sid:84514216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651114)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651114/; classtype:trojan-activity;sid:84514214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651113/; classtype:trojan-activity;sid:84514213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651111)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651111/; classtype:trojan-activity;sid:84514211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651109/; classtype:trojan-activity;sid:84514209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651108)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651108/; classtype:trojan-activity;sid:84514208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651106/; classtype:trojan-activity;sid:84514206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/images/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651105/; classtype:trojan-activity;sid:84514205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651104)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651104/; classtype:trojan-activity;sid:84514204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651102)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651102/; classtype:trojan-activity;sid:84514202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651103)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651103/; classtype:trojan-activity;sid:84514203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651099/; classtype:trojan-activity;sid:84514199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651097)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651097/; classtype:trojan-activity;sid:84514197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651098/; classtype:trojan-activity;sid:84514198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171016/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651095/; classtype:trojan-activity;sid:84514195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651096/; classtype:trojan-activity;sid:84514196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651092/; classtype:trojan-activity;sid:84514192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000253230/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651090/; classtype:trojan-activity;sid:84514190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651084)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651084/; classtype:trojan-activity;sid:84514184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651082)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.39.111.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651082/; classtype:trojan-activity;sid:84514182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000189793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651078/; classtype:trojan-activity;sid:84514178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651079/; classtype:trojan-activity;sid:84514179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651076)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651076/; classtype:trojan-activity;sid:84514176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651077/; classtype:trojan-activity;sid:84514177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651075)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651075/; classtype:trojan-activity;sid:84514175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604320/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651071/; classtype:trojan-activity;sid:84514171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651067/; classtype:trojan-activity;sid:84514167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-05-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651061/; classtype:trojan-activity;sid:84514161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651056/; classtype:trojan-activity;sid:84514156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651055)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651055/; classtype:trojan-activity;sid:84514155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651054)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651054/; classtype:trojan-activity;sid:84514154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651053/; classtype:trojan-activity;sid:84514153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651051)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651051/; classtype:trojan-activity;sid:84514151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651049)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651049/; classtype:trojan-activity;sid:84514149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651048)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651048/; classtype:trojan-activity;sid:84514148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651047)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651047/; classtype:trojan-activity;sid:84514147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651046)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651046/; classtype:trojan-activity;sid:84514146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651045/; classtype:trojan-activity;sid:84514145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651044/; classtype:trojan-activity;sid:84514144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651043)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651043/; classtype:trojan-activity;sid:84514143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651041/; classtype:trojan-activity;sid:84514141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651038)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651038/; classtype:trojan-activity;sid:84514138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651037/; classtype:trojan-activity;sid:84514137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651036)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651036/; classtype:trojan-activity;sid:84514136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651035)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651035/; classtype:trojan-activity;sid:84514135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651034)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651034/; classtype:trojan-activity;sid:84514134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651032/; classtype:trojan-activity;sid:84514132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651031/; classtype:trojan-activity;sid:84514131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651030)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651030/; classtype:trojan-activity;sid:84514130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651029)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651029/; classtype:trojan-activity;sid:84514129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651028/; classtype:trojan-activity;sid:84514128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651027)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651027/; classtype:trojan-activity;sid:84514127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651025)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651025/; classtype:trojan-activity;sid:84514125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651024)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651024/; classtype:trojan-activity;sid:84514124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651021)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651021/; classtype:trojan-activity;sid:84514121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651020/; classtype:trojan-activity;sid:84514120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651019/; classtype:trojan-activity;sid:84514119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651017)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651017/; classtype:trojan-activity;sid:84514117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000186186/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651016/; classtype:trojan-activity;sid:84514116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164262/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651012/; classtype:trojan-activity;sid:84514112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651013)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651013/; classtype:trojan-activity;sid:84514113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651014/; classtype:trojan-activity;sid:84514114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651015/; classtype:trojan-activity;sid:84514115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651011/; classtype:trojan-activity;sid:84514111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651009)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651009/; classtype:trojan-activity;sid:84514109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651006/; classtype:trojan-activity;sid:84514106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651007)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651007/; classtype:trojan-activity;sid:84514107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651004)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651004/; classtype:trojan-activity;sid:84514104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651003)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651003/; classtype:trojan-activity;sid:84514103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651000)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651000/; classtype:trojan-activity;sid:84514100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650999/; classtype:trojan-activity;sid:84514099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650996)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650996/; classtype:trojan-activity;sid:84514096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650997)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650997/; classtype:trojan-activity;sid:84514097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602407/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650995/; classtype:trojan-activity;sid:84514095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000626337/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650993/; classtype:trojan-activity;sid:84514093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650994)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.248.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650994/; classtype:trojan-activity;sid:84514094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650991/; classtype:trojan-activity;sid:84514091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650990)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650990/; classtype:trojan-activity;sid:84514090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650987)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650987/; classtype:trojan-activity;sid:84514087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650985)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650985/; classtype:trojan-activity;sid:84514085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650984)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650984/; classtype:trojan-activity;sid:84514084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650983/; classtype:trojan-activity;sid:84514083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650982)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650982/; classtype:trojan-activity;sid:84514082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650978/; classtype:trojan-activity;sid:84514078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650975)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650975/; classtype:trojan-activity;sid:84514075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650972)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650972/; classtype:trojan-activity;sid:84514072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650971)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650971/; classtype:trojan-activity;sid:84514071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650970)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650970/; classtype:trojan-activity;sid:84514070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000619269/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650968/; classtype:trojan-activity;sid:84514068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650967)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650967/; classtype:trojan-activity;sid:84514067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650966)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650966/; classtype:trojan-activity;sid:84514066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650965/; classtype:trojan-activity;sid:84514065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169465/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650963/; classtype:trojan-activity;sid:84514063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650961/; classtype:trojan-activity;sid:84514061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650962)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650962/; classtype:trojan-activity;sid:84514062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160983/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650959/; classtype:trojan-activity;sid:84514059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179610/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650958/; classtype:trojan-activity;sid:84514058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650956)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650956/; classtype:trojan-activity;sid:84514056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165004/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650955/; classtype:trojan-activity;sid:84514055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650954)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650954/; classtype:trojan-activity;sid:84514054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650951/; classtype:trojan-activity;sid:84514051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650950)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650950/; classtype:trojan-activity;sid:84514050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650948/; classtype:trojan-activity;sid:84514048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650949/; classtype:trojan-activity;sid:84514049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650947)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650947/; classtype:trojan-activity;sid:84514047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650946/; classtype:trojan-activity;sid:84514046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650944/; classtype:trojan-activity;sid:84514044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650943/; classtype:trojan-activity;sid:84514043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650942)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650942/; classtype:trojan-activity;sid:84514042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650941)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650941/; classtype:trojan-activity;sid:84514041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000589083/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650940/; classtype:trojan-activity;sid:84514040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169469/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650939/; classtype:trojan-activity;sid:84514039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650938)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650938/; classtype:trojan-activity;sid:84514038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650937)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650937/; classtype:trojan-activity;sid:84514037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650936)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650936/; classtype:trojan-activity;sid:84514036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167445/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650934/; classtype:trojan-activity;sid:84514034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650932)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650932/; classtype:trojan-activity;sid:84514032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650930)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650930/; classtype:trojan-activity;sid:84514030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650931)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650931/; classtype:trojan-activity;sid:84514031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000608221/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650928/; classtype:trojan-activity;sid:84514028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650926)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650926/; classtype:trojan-activity;sid:84514026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650925/; classtype:trojan-activity;sid:84514025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168559/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650924/; classtype:trojan-activity;sid:84514024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650922)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650922/; classtype:trojan-activity;sid:84514022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650919)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650919/; classtype:trojan-activity;sid:84514019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650916)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650916/; classtype:trojan-activity;sid:84514016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650917)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650917/; classtype:trojan-activity;sid:84514017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000767154/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650915/; classtype:trojan-activity;sid:84514015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650914)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650914/; classtype:trojan-activity;sid:84514014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169966/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650912/; classtype:trojan-activity;sid:84514012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650913/; classtype:trojan-activity;sid:84514013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650909/; classtype:trojan-activity;sid:84514009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650910)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650910/; classtype:trojan-activity;sid:84514010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625892/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650902/; classtype:trojan-activity;sid:84514002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650903/; classtype:trojan-activity;sid:84514003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650904/; classtype:trojan-activity;sid:84514004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/app_error/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650900/; classtype:trojan-activity;sid:84514000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650897/; classtype:trojan-activity;sid:84513997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650898)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650898/; classtype:trojan-activity;sid:84513998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650896)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650896/; classtype:trojan-activity;sid:84513996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650892)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650892/; classtype:trojan-activity;sid:84513992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650891)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650891/; classtype:trojan-activity;sid:84513991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650889)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650889/; classtype:trojan-activity;sid:84513989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650888)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650888/; classtype:trojan-activity;sid:84513988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650887/; classtype:trojan-activity;sid:84513987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650884/; classtype:trojan-activity;sid:84513984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650885)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650885/; classtype:trojan-activity;sid:84513985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171986/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650886/; classtype:trojan-activity;sid:84513986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650880/; classtype:trojan-activity;sid:84513980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650882)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650882/; classtype:trojan-activity;sid:84513982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650874)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650874/; classtype:trojan-activity;sid:84513974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650871/; classtype:trojan-activity;sid:84513971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650872/; classtype:trojan-activity;sid:84513972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650869/; classtype:trojan-activity;sid:84513969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171330/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650868/; classtype:trojan-activity;sid:84513968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650866)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/ia64/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650866/; classtype:trojan-activity;sid:84513966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650864)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650864/; classtype:trojan-activity;sid:84513964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650863/; classtype:trojan-activity;sid:84513963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650862/; classtype:trojan-activity;sid:84513962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650861)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650861/; classtype:trojan-activity;sid:84513961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650860)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650860/; classtype:trojan-activity;sid:84513960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650859/; classtype:trojan-activity;sid:84513959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650857)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650857/; classtype:trojan-activity;sid:84513957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621738/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650856/; classtype:trojan-activity;sid:84513956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650855/; classtype:trojan-activity;sid:84513955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650853)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650853/; classtype:trojan-activity;sid:84513953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650851)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650851/; classtype:trojan-activity;sid:84513951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650852)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650852/; classtype:trojan-activity;sid:84513952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650849)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650849/; classtype:trojan-activity;sid:84513949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168303/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650850/; classtype:trojan-activity;sid:84513950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650846)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650846/; classtype:trojan-activity;sid:84513946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650843)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650843/; classtype:trojan-activity;sid:84513943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650844/; classtype:trojan-activity;sid:84513944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650841/; classtype:trojan-activity;sid:84513941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650842)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650842/; classtype:trojan-activity;sid:84513942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650837/; classtype:trojan-activity;sid:84513937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650835)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650835/; classtype:trojan-activity;sid:84513935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650830/; classtype:trojan-activity;sid:84513930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650831/; classtype:trojan-activity;sid:84513931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650829)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650829/; classtype:trojan-activity;sid:84513929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650827)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650827/; classtype:trojan-activity;sid:84513927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650828/; classtype:trojan-activity;sid:84513928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650825)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650825/; classtype:trojan-activity;sid:84513925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650824/; classtype:trojan-activity;sid:84513924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650823/; classtype:trojan-activity;sid:84513923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650821/; classtype:trojan-activity;sid:84513921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650822)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650822/; classtype:trojan-activity;sid:84513922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000391039/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650820/; classtype:trojan-activity;sid:84513920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650817)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650817/; classtype:trojan-activity;sid:84513917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000574637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650818/; classtype:trojan-activity;sid:84513918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650814)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650814/; classtype:trojan-activity;sid:84513914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650815)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650815/; classtype:trojan-activity;sid:84513915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650812)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650812/; classtype:trojan-activity;sid:84513912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650813)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650813/; classtype:trojan-activity;sid:84513913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650810)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650810/; classtype:trojan-activity;sid:84513910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650808/; classtype:trojan-activity;sid:84513908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650809)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650809/; classtype:trojan-activity;sid:84513909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650805/; classtype:trojan-activity;sid:84513905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650806/; classtype:trojan-activity;sid:84513906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650807)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650807/; classtype:trojan-activity;sid:84513907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650804/; classtype:trojan-activity;sid:84513904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650800)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650800/; classtype:trojan-activity;sid:84513900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650801/; classtype:trojan-activity;sid:84513901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650802)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650802/; classtype:trojan-activity;sid:84513902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650803)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650803/; classtype:trojan-activity;sid:84513903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650796/; classtype:trojan-activity;sid:84513896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650797)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650797/; classtype:trojan-activity;sid:84513897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650793)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650793/; classtype:trojan-activity;sid:84513893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650794)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650794/; classtype:trojan-activity;sid:84513894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601712/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650791/; classtype:trojan-activity;sid:84513891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650792/; classtype:trojan-activity;sid:84513892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650789)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650789/; classtype:trojan-activity;sid:84513889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650787/; classtype:trojan-activity;sid:84513887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650783/; classtype:trojan-activity;sid:84513883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.67.9.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650784/; classtype:trojan-activity;sid:84513884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650782/; classtype:trojan-activity;sid:84513882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650781/; classtype:trojan-activity;sid:84513881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650777)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650777/; classtype:trojan-activity;sid:84513877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650778/; classtype:trojan-activity;sid:84513878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650779/; classtype:trojan-activity;sid:84513879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650774)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650774/; classtype:trojan-activity;sid:84513874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650775)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650775/; classtype:trojan-activity;sid:84513875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650773)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650773/; classtype:trojan-activity;sid:84513873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650772)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650772/; classtype:trojan-activity;sid:84513872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650770/; classtype:trojan-activity;sid:84513870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650771)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650771/; classtype:trojan-activity;sid:84513871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650769)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650769/; classtype:trojan-activity;sid:84513869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650767)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650767/; classtype:trojan-activity;sid:84513867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650768/; classtype:trojan-activity;sid:84513868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650765)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650765/; classtype:trojan-activity;sid:84513865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650763)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650763/; classtype:trojan-activity;sid:84513863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650760)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650760/; classtype:trojan-activity;sid:84513860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650758/; classtype:trojan-activity;sid:84513858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650756)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/watson/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650756/; classtype:trojan-activity;sid:84513856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650753/; classtype:trojan-activity;sid:84513853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650754)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650754/; classtype:trojan-activity;sid:84513854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650755)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650755/; classtype:trojan-activity;sid:84513855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650751/; classtype:trojan-activity;sid:84513851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650752)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650752/; classtype:trojan-activity;sid:84513852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650750)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650750/; classtype:trojan-activity;sid:84513850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650747)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650747/; classtype:trojan-activity;sid:84513847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000631756/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650748/; classtype:trojan-activity;sid:84513848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650746/; classtype:trojan-activity;sid:84513846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167557/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650744/; classtype:trojan-activity;sid:84513844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650741/; classtype:trojan-activity;sid:84513841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650737)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650737/; classtype:trojan-activity;sid:84513837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650738)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650738/; classtype:trojan-activity;sid:84513838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650739/; classtype:trojan-activity;sid:84513839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650735/; classtype:trojan-activity;sid:84513835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650736/; classtype:trojan-activity;sid:84513836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650733)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650733/; classtype:trojan-activity;sid:84513833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650734)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/zh-chs/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650734/; classtype:trojan-activity;sid:84513834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-05-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650730/; classtype:trojan-activity;sid:84513830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650727)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650727/; classtype:trojan-activity;sid:84513827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x86/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650728/; classtype:trojan-activity;sid:84513828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000607873/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650729/; classtype:trojan-activity;sid:84513829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650724)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650724/; classtype:trojan-activity;sid:84513824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166887/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650726/; classtype:trojan-activity;sid:84513826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650723)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650723/; classtype:trojan-activity;sid:84513823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650722)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650722/; classtype:trojan-activity;sid:84513822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162883/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650720/; classtype:trojan-activity;sid:84513820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680913/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650719/; classtype:trojan-activity;sid:84513819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650718/; classtype:trojan-activity;sid:84513818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650713)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650713/; classtype:trojan-activity;sid:84513813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650714/; classtype:trojan-activity;sid:84513814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650715)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650715/; classtype:trojan-activity;sid:84513815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167443/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650712/; classtype:trojan-activity;sid:84513812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650710)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650710/; classtype:trojan-activity;sid:84513810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650711)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650711/; classtype:trojan-activity;sid:84513811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650709/; classtype:trojan-activity;sid:84513809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650708/; classtype:trojan-activity;sid:84513808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650706/; classtype:trojan-activity;sid:84513806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650707)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650707/; classtype:trojan-activity;sid:84513807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650703/; classtype:trojan-activity;sid:84513803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-01-14/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650701/; classtype:trojan-activity;sid:84513801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650702)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650702/; classtype:trojan-activity;sid:84513802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650700)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650700/; classtype:trojan-activity;sid:84513800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650698)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650698/; classtype:trojan-activity;sid:84513798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650699)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/userimage/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650699/; classtype:trojan-activity;sid:84513799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650697)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650697/; classtype:trojan-activity;sid:84513797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650696)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650696/; classtype:trojan-activity;sid:84513796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650694)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650694/; classtype:trojan-activity;sid:84513794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166105/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650693/; classtype:trojan-activity;sid:84513793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650692)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650692/; classtype:trojan-activity;sid:84513792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650690/; classtype:trojan-activity;sid:84513790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650688)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650688/; classtype:trojan-activity;sid:84513788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650689/; classtype:trojan-activity;sid:84513789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650686/; classtype:trojan-activity;sid:84513786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650687)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650687/; classtype:trojan-activity;sid:84513787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650685)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650685/; classtype:trojan-activity;sid:84513785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165072/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650683/; classtype:trojan-activity;sid:84513783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650684)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650684/; classtype:trojan-activity;sid:84513784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650682/; classtype:trojan-activity;sid:84513782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000457040/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650678/; classtype:trojan-activity;sid:84513778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650679)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650679/; classtype:trojan-activity;sid:84513779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000218874/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650676/; classtype:trojan-activity;sid:84513776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650673)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650673/; classtype:trojan-activity;sid:84513773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650674)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650674/; classtype:trojan-activity;sid:84513774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650675)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650675/; classtype:trojan-activity;sid:84513775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650672)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650672/; classtype:trojan-activity;sid:84513772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650671/; classtype:trojan-activity;sid:84513771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650670)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650670/; classtype:trojan-activity;sid:84513770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171556/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650667/; classtype:trojan-activity;sid:84513767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224647/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650664/; classtype:trojan-activity;sid:84513764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165656/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650665/; classtype:trojan-activity;sid:84513765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650663)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650663/; classtype:trojan-activity;sid:84513763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650659/; classtype:trojan-activity;sid:84513759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650657)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650657/; classtype:trojan-activity;sid:84513757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650655/; classtype:trojan-activity;sid:84513755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650654)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/images/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650654/; classtype:trojan-activity;sid:84513754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650653/; classtype:trojan-activity;sid:84513753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650650/; classtype:trojan-activity;sid:84513750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650652/; classtype:trojan-activity;sid:84513752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171224/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650649/; classtype:trojan-activity;sid:84513749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650645)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650645/; classtype:trojan-activity;sid:84513745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650646)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650646/; classtype:trojan-activity;sid:84513746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650644)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650644/; classtype:trojan-activity;sid:84513744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650643)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650643/; classtype:trojan-activity;sid:84513743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650642)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650642/; classtype:trojan-activity;sid:84513742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650641/; classtype:trojan-activity;sid:84513741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000187451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650640/; classtype:trojan-activity;sid:84513740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650638/; classtype:trojan-activity;sid:84513738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650639)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650639/; classtype:trojan-activity;sid:84513739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650636)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650636/; classtype:trojan-activity;sid:84513736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650637)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650637/; classtype:trojan-activity;sid:84513737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650633/; classtype:trojan-activity;sid:84513733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650632)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650632/; classtype:trojan-activity;sid:84513732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650631/; classtype:trojan-activity;sid:84513731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650629)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650629/; classtype:trojan-activity;sid:84513729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650630)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650630/; classtype:trojan-activity;sid:84513730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650624)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650624/; classtype:trojan-activity;sid:84513724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650625)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650625/; classtype:trojan-activity;sid:84513725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650626)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650626/; classtype:trojan-activity;sid:84513726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171296/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650622/; classtype:trojan-activity;sid:84513722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650619)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650619/; classtype:trojan-activity;sid:84513719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650620)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650620/; classtype:trojan-activity;sid:84513720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650618)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650618/; classtype:trojan-activity;sid:84513718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650617/; classtype:trojan-activity;sid:84513717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650616)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650616/; classtype:trojan-activity;sid:84513716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650615)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650615/; classtype:trojan-activity;sid:84513715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650614)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpe90-146-57-238.liwest.at"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650614/; classtype:trojan-activity;sid:84513714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650611/; classtype:trojan-activity;sid:84513711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650612/; classtype:trojan-activity;sid:84513712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650610)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650610/; classtype:trojan-activity;sid:84513710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650608)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650608/; classtype:trojan-activity;sid:84513708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650607/; classtype:trojan-activity;sid:84513707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650606)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650606/; classtype:trojan-activity;sid:84513706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650605)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650605/; classtype:trojan-activity;sid:84513705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650604)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650604/; classtype:trojan-activity;sid:84513704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-06-19/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650600/; classtype:trojan-activity;sid:84513700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650601)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650601/; classtype:trojan-activity;sid:84513701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650598/; classtype:trojan-activity;sid:84513698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650596/; classtype:trojan-activity;sid:84513696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650597/; classtype:trojan-activity;sid:84513697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650595/; classtype:trojan-activity;sid:84513695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650593/; classtype:trojan-activity;sid:84513693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650591/; classtype:trojan-activity;sid:84513691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650592/; classtype:trojan-activity;sid:84513692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650588)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650588/; classtype:trojan-activity;sid:84513688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650590/; classtype:trojan-activity;sid:84513690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650585/; classtype:trojan-activity;sid:84513685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650586/; classtype:trojan-activity;sid:84513686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650582)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650582/; classtype:trojan-activity;sid:84513682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585436/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650575/; classtype:trojan-activity;sid:84513675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650576)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650576/; classtype:trojan-activity;sid:84513676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650578)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650578/; classtype:trojan-activity;sid:84513678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650580)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650580/; classtype:trojan-activity;sid:84513680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650581)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650581/; classtype:trojan-activity;sid:84513681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650571/; classtype:trojan-activity;sid:84513671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171288/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650573/; classtype:trojan-activity;sid:84513673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650570)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650570/; classtype:trojan-activity;sid:84513670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000176793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650568/; classtype:trojan-activity;sid:84513668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213545/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650569/; classtype:trojan-activity;sid:84513669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650566/; classtype:trojan-activity;sid:84513666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650567)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650567/; classtype:trojan-activity;sid:84513667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650563/; classtype:trojan-activity;sid:84513663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650564)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650564/; classtype:trojan-activity;sid:84513664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650562)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650562/; classtype:trojan-activity;sid:84513662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650560)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650560/; classtype:trojan-activity;sid:84513660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167437/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650561/; classtype:trojan-activity;sid:84513661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650558/; classtype:trojan-activity;sid:84513658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650559)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650559/; classtype:trojan-activity;sid:84513659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606633/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650554/; classtype:trojan-activity;sid:84513654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650552)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650552/; classtype:trojan-activity;sid:84513652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650553)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650553/; classtype:trojan-activity;sid:84513653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167071/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650551/; classtype:trojan-activity;sid:84513651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172576/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650549/; classtype:trojan-activity;sid:84513649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650548)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650548/; classtype:trojan-activity;sid:84513648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650547)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650547/; classtype:trojan-activity;sid:84513647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650546/; classtype:trojan-activity;sid:84513646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650544)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650544/; classtype:trojan-activity;sid:84513644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650545/; classtype:trojan-activity;sid:84513645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650543/; classtype:trojan-activity;sid:84513643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650542/; classtype:trojan-activity;sid:84513642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650541/; classtype:trojan-activity;sid:84513641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650539/; classtype:trojan-activity;sid:84513639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650540)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/1033/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650540/; classtype:trojan-activity;sid:84513640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650538)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650538/; classtype:trojan-activity;sid:84513638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650535/; classtype:trojan-activity;sid:84513635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650532)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650532/; classtype:trojan-activity;sid:84513632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/images/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650531/; classtype:trojan-activity;sid:84513631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650530)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650530/; classtype:trojan-activity;sid:84513630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171304/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650529/; classtype:trojan-activity;sid:84513629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650527)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650527/; classtype:trojan-activity;sid:84513627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650528/; classtype:trojan-activity;sid:84513628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650526/; classtype:trojan-activity;sid:84513626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650525/; classtype:trojan-activity;sid:84513625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650523)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"175.246.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650523/; classtype:trojan-activity;sid:84513623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650520/; classtype:trojan-activity;sid:84513620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650521/; classtype:trojan-activity;sid:84513621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650518/; classtype:trojan-activity;sid:84513618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650516/; classtype:trojan-activity;sid:84513616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166971/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650512/; classtype:trojan-activity;sid:84513612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164808/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650508/; classtype:trojan-activity;sid:84513608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650507/; classtype:trojan-activity;sid:84513607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650503/; classtype:trojan-activity;sid:84513603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170482/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650504/; classtype:trojan-activity;sid:84513604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165644/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650506/; classtype:trojan-activity;sid:84513606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264706/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650493/; classtype:trojan-activity;sid:84513593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680914/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650498/; classtype:trojan-activity;sid:84513598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650499/; classtype:trojan-activity;sid:84513599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650500/; classtype:trojan-activity;sid:84513600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650502/; classtype:trojan-activity;sid:84513602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650490)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650490/; classtype:trojan-activity;sid:84513590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-28/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650491/; classtype:trojan-activity;sid:84513591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650489)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650489/; classtype:trojan-activity;sid:84513589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650487/; classtype:trojan-activity;sid:84513587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650486)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650486/; classtype:trojan-activity;sid:84513586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165020/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650482/; classtype:trojan-activity;sid:84513582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650483/; classtype:trojan-activity;sid:84513583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650481)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650481/; classtype:trojan-activity;sid:84513581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650478)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650478/; classtype:trojan-activity;sid:84513578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650477/; classtype:trojan-activity;sid:84513577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650475)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650475/; classtype:trojan-activity;sid:84513575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650476/; classtype:trojan-activity;sid:84513576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604651/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650472/; classtype:trojan-activity;sid:84513572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650469)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650469/; classtype:trojan-activity;sid:84513569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650468/; classtype:trojan-activity;sid:84513568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650467/; classtype:trojan-activity;sid:84513567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166079/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650465/; classtype:trojan-activity;sid:84513565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650463)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650463/; classtype:trojan-activity;sid:84513563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650464)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650464/; classtype:trojan-activity;sid:84513564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650461/; classtype:trojan-activity;sid:84513561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650460)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650460/; classtype:trojan-activity;sid:84513560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650458)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650458/; classtype:trojan-activity;sid:84513558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650459)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650459/; classtype:trojan-activity;sid:84513559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650457/; classtype:trojan-activity;sid:84513557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650455)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650455/; classtype:trojan-activity;sid:84513555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650454/; classtype:trojan-activity;sid:84513554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000159804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650450/; classtype:trojan-activity;sid:84513550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650451)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650451/; classtype:trojan-activity;sid:84513551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650449)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650449/; classtype:trojan-activity;sid:84513549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650446)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650446/; classtype:trojan-activity;sid:84513546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650447/; classtype:trojan-activity;sid:84513547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650443/; classtype:trojan-activity;sid:84513543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650444/; classtype:trojan-activity;sid:84513544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650440)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650440/; classtype:trojan-activity;sid:84513540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170516/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650439/; classtype:trojan-activity;sid:84513539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650438)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650438/; classtype:trojan-activity;sid:84513538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650434)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650434/; classtype:trojan-activity;sid:84513534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000163666/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650431/; classtype:trojan-activity;sid:84513531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650432)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650432/; classtype:trojan-activity;sid:84513532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650433)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650433/; classtype:trojan-activity;sid:84513533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650428)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650428/; classtype:trojan-activity;sid:84513528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650429/; classtype:trojan-activity;sid:84513529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601753/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650430/; classtype:trojan-activity;sid:84513530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650426)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650426/; classtype:trojan-activity;sid:84513526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650424)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650424/; classtype:trojan-activity;sid:84513524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650425)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650425/; classtype:trojan-activity;sid:84513525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629919/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650423/; classtype:trojan-activity;sid:84513523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650420)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650420/; classtype:trojan-activity;sid:84513520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650421)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650421/; classtype:trojan-activity;sid:84513521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000263120/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650422/; classtype:trojan-activity;sid:84513522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650418)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650418/; classtype:trojan-activity;sid:84513518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650415/; classtype:trojan-activity;sid:84513515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650416)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650416/; classtype:trojan-activity;sid:84513516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237372/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650412/; classtype:trojan-activity;sid:84513512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650413)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650413/; classtype:trojan-activity;sid:84513513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650410)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650410/; classtype:trojan-activity;sid:84513510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650406)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650406/; classtype:trojan-activity;sid:84513506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650407)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650407/; classtype:trojan-activity;sid:84513507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650405)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650405/; classtype:trojan-activity;sid:84513505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650404/; classtype:trojan-activity;sid:84513504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650402)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650402/; classtype:trojan-activity;sid:84513502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650399)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650399/; classtype:trojan-activity;sid:84513499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650397/; classtype:trojan-activity;sid:84513497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650395)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650395/; classtype:trojan-activity;sid:84513495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650396/; classtype:trojan-activity;sid:84513496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650393)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650393/; classtype:trojan-activity;sid:84513493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650392)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650392/; classtype:trojan-activity;sid:84513492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555505/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650390/; classtype:trojan-activity;sid:84513490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650389/; classtype:trojan-activity;sid:84513489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-05-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650388/; classtype:trojan-activity;sid:84513488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169865/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650386/; classtype:trojan-activity;sid:84513486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650387/; classtype:trojan-activity;sid:84513487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650383/; classtype:trojan-activity;sid:84513483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650384/; classtype:trojan-activity;sid:84513484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650380)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"119.204.83.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650380/; classtype:trojan-activity;sid:84513480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650379/; classtype:trojan-activity;sid:84513479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650377)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650377/; classtype:trojan-activity;sid:84513477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169769/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650374/; classtype:trojan-activity;sid:84513474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000573133/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650364/; classtype:trojan-activity;sid:84513464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606636/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650366/; classtype:trojan-activity;sid:84513466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650367)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650367/; classtype:trojan-activity;sid:84513467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650368/; classtype:trojan-activity;sid:84513468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650369)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650369/; classtype:trojan-activity;sid:84513469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650371/; classtype:trojan-activity;sid:84513471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650372)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650372/; classtype:trojan-activity;sid:84513472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650373)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650373/; classtype:trojan-activity;sid:84513473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650362/; classtype:trojan-activity;sid:84513462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650361)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650361/; classtype:trojan-activity;sid:84513461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170378/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650358/; classtype:trojan-activity;sid:84513458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650359)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650359/; classtype:trojan-activity;sid:84513459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650360)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650360/; classtype:trojan-activity;sid:84513460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650351)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650351/; classtype:trojan-activity;sid:84513451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650352/; classtype:trojan-activity;sid:84513452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650350)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650350/; classtype:trojan-activity;sid:84513450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160995/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650348/; classtype:trojan-activity;sid:84513448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650349)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650349/; classtype:trojan-activity;sid:84513449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650346)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650346/; classtype:trojan-activity;sid:84513446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650347/; classtype:trojan-activity;sid:84513447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650343)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650343/; classtype:trojan-activity;sid:84513443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650342)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650342/; classtype:trojan-activity;sid:84513442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650341)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650341/; classtype:trojan-activity;sid:84513441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168278/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650337/; classtype:trojan-activity;sid:84513437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170774/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650338/; classtype:trojan-activity;sid:84513438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650339)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650339/; classtype:trojan-activity;sid:84513439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633210/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650340/; classtype:trojan-activity;sid:84513440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650330)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650330/; classtype:trojan-activity;sid:84513430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224648/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650331/; classtype:trojan-activity;sid:84513431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650332/; classtype:trojan-activity;sid:84513432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650333)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650333/; classtype:trojan-activity;sid:84513433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650334)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650334/; classtype:trojan-activity;sid:84513434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604442/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650325/; classtype:trojan-activity;sid:84513425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650327/; classtype:trojan-activity;sid:84513427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650328)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650328/; classtype:trojan-activity;sid:84513428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650329)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650329/; classtype:trojan-activity;sid:84513429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650323)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650323/; classtype:trojan-activity;sid:84513423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650324)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650324/; classtype:trojan-activity;sid:84513424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650318)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650318/; classtype:trojan-activity;sid:84513418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650319)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650319/; classtype:trojan-activity;sid:84513419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650320)"; flow:established,from_client; content:"GET"; http_method; content:"/github-file-info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"20.243.236.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650320/; classtype:trojan-activity;sid:84513420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650312)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650312/; classtype:trojan-activity;sid:84513412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650313)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650313/; classtype:trojan-activity;sid:84513413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650314)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650314/; classtype:trojan-activity;sid:84513414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650315)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650315/; classtype:trojan-activity;sid:84513415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650311)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650311/; classtype:trojan-activity;sid:84513411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650309)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650309/; classtype:trojan-activity;sid:84513409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650310)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650310/; classtype:trojan-activity;sid:84513410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650308)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650308/; classtype:trojan-activity;sid:84513408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650307)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650307/; classtype:trojan-activity;sid:84513407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650306)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650306/; classtype:trojan-activity;sid:84513406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650302)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650302/; classtype:trojan-activity;sid:84513402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650299)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650299/; classtype:trojan-activity;sid:84513399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650300/; classtype:trojan-activity;sid:84513400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650301)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650301/; classtype:trojan-activity;sid:84513401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650297)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650297/; classtype:trojan-activity;sid:84513397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650298)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650298/; classtype:trojan-activity;sid:84513398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650295)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650295/; classtype:trojan-activity;sid:84513395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650296)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650296/; classtype:trojan-activity;sid:84513396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650294)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650294/; classtype:trojan-activity;sid:84513394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650290)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650290/; classtype:trojan-activity;sid:84513390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650291)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650291/; classtype:trojan-activity;sid:84513391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650288)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.153.137.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650288/; classtype:trojan-activity;sid:84513388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650289)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650289/; classtype:trojan-activity;sid:84513389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650287)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650287/; classtype:trojan-activity;sid:84513387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650284)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650284/; classtype:trojan-activity;sid:84513384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650276/; classtype:trojan-activity;sid:84513376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650277/; classtype:trojan-activity;sid:84513377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650278)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650278/; classtype:trojan-activity;sid:84513378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169947/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650270/; classtype:trojan-activity;sid:84513370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165200/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650271/; classtype:trojan-activity;sid:84513371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650273)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650273/; classtype:trojan-activity;sid:84513373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/consulta%20n%c3%a3o%20encerrado/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650269/; classtype:trojan-activity;sid:84513369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650263)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650263/; classtype:trojan-activity;sid:84513363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650264)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650264/; classtype:trojan-activity;sid:84513364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650265)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650265/; classtype:trojan-activity;sid:84513365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650267)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650267/; classtype:trojan-activity;sid:84513367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650268)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650268/; classtype:trojan-activity;sid:84513368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650261/; classtype:trojan-activity;sid:84513361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650262/; classtype:trojan-activity;sid:84513362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168295/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650258/; classtype:trojan-activity;sid:84513358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650256)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650256/; classtype:trojan-activity;sid:84513356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650257)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650257/; classtype:trojan-activity;sid:84513357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585560/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650253/; classtype:trojan-activity;sid:84513353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-29/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650251/; classtype:trojan-activity;sid:84513351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650252)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650252/; classtype:trojan-activity;sid:84513352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650248)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650248/; classtype:trojan-activity;sid:84513348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650247)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650247/; classtype:trojan-activity;sid:84513347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604650/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650244/; classtype:trojan-activity;sid:84513344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650245)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650245/; classtype:trojan-activity;sid:84513345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604662/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650243/; classtype:trojan-activity;sid:84513343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650242/; classtype:trojan-activity;sid:84513342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650241)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650241/; classtype:trojan-activity;sid:84513341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650235)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650235/; classtype:trojan-activity;sid:84513335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650236/; classtype:trojan-activity;sid:84513336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650237)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650237/; classtype:trojan-activity;sid:84513337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650238)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650238/; classtype:trojan-activity;sid:84513338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650239)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650239/; classtype:trojan-activity;sid:84513339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650224)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650224/; classtype:trojan-activity;sid:84513324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650225)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650225/; classtype:trojan-activity;sid:84513325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650226)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650226/; classtype:trojan-activity;sid:84513326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650228/; classtype:trojan-activity;sid:84513328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650223/; classtype:trojan-activity;sid:84513323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650222/; classtype:trojan-activity;sid:84513322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650220)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650220/; classtype:trojan-activity;sid:84513320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650219/; classtype:trojan-activity;sid:84513319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650215/; classtype:trojan-activity;sid:84513315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600441/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650214/; classtype:trojan-activity;sid:84513314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584368/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650213/; classtype:trojan-activity;sid:84513313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650205)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650205/; classtype:trojan-activity;sid:84513305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650206)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650206/; classtype:trojan-activity;sid:84513306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650207)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650207/; classtype:trojan-activity;sid:84513307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650203)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650203/; classtype:trojan-activity;sid:84513303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650202)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650202/; classtype:trojan-activity;sid:84513302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650200/; classtype:trojan-activity;sid:84513300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650197)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650197/; classtype:trojan-activity;sid:84513297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650198)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650198/; classtype:trojan-activity;sid:84513298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650195/; classtype:trojan-activity;sid:84513295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650196/; classtype:trojan-activity;sid:84513296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650194)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650194/; classtype:trojan-activity;sid:84513294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650193)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650193/; classtype:trojan-activity;sid:84513293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179593/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650191/; classtype:trojan-activity;sid:84513291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650190/; classtype:trojan-activity;sid:84513290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650188)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650188/; classtype:trojan-activity;sid:84513288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650189)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650189/; classtype:trojan-activity;sid:84513289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650187/; classtype:trojan-activity;sid:84513287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650186)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650186/; classtype:trojan-activity;sid:84513286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650183)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650183/; classtype:trojan-activity;sid:84513283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650184/; classtype:trojan-activity;sid:84513284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650182)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650182/; classtype:trojan-activity;sid:84513282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650180)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650180/; classtype:trojan-activity;sid:84513280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-06-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650178/; classtype:trojan-activity;sid:84513278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650179)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650179/; classtype:trojan-activity;sid:84513279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650177)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650177/; classtype:trojan-activity;sid:84513277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650174)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650174/; classtype:trojan-activity;sid:84513274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650175)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650175/; classtype:trojan-activity;sid:84513275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650173)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650173/; classtype:trojan-activity;sid:84513273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650172)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650172/; classtype:trojan-activity;sid:84513272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650171)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650171/; classtype:trojan-activity;sid:84513271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000222522/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650170/; classtype:trojan-activity;sid:84513270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650168)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650168/; classtype:trojan-activity;sid:84513268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650169)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650169/; classtype:trojan-activity;sid:84513269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650165)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650165/; classtype:trojan-activity;sid:84513265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566150/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650160/; classtype:trojan-activity;sid:84513260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546495/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650161/; classtype:trojan-activity;sid:84513261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650159/; classtype:trojan-activity;sid:84513259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650157)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650157/; classtype:trojan-activity;sid:84513257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650155)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650155/; classtype:trojan-activity;sid:84513255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650153/; classtype:trojan-activity;sid:84513253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650154/; classtype:trojan-activity;sid:84513254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650151)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650151/; classtype:trojan-activity;sid:84513251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650149)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650149/; classtype:trojan-activity;sid:84513249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650148)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650148/; classtype:trojan-activity;sid:84513248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164138/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650146/; classtype:trojan-activity;sid:84513246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650147)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650147/; classtype:trojan-activity;sid:84513247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650145)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650145/; classtype:trojan-activity;sid:84513245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650143)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650143/; classtype:trojan-activity;sid:84513243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650144)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650144/; classtype:trojan-activity;sid:84513244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650142)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650142/; classtype:trojan-activity;sid:84513242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650138/; classtype:trojan-activity;sid:84513238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650134)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650134/; classtype:trojan-activity;sid:84513234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650133)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650133/; classtype:trojan-activity;sid:84513233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650131)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650131/; classtype:trojan-activity;sid:84513231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170520/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650130/; classtype:trojan-activity;sid:84513230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650129/; classtype:trojan-activity;sid:84513229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171256/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650127/; classtype:trojan-activity;sid:84513227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650128)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650128/; classtype:trojan-activity;sid:84513228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650123/; classtype:trojan-activity;sid:84513223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650125)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650125/; classtype:trojan-activity;sid:84513225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553463/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650122/; classtype:trojan-activity;sid:84513222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650119)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650119/; classtype:trojan-activity;sid:84513219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650120)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650120/; classtype:trojan-activity;sid:84513220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-14/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650117/; classtype:trojan-activity;sid:84513217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165900/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650118/; classtype:trojan-activity;sid:84513218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650113/; classtype:trojan-activity;sid:84513213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650114/; classtype:trojan-activity;sid:84513214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650115/; classtype:trojan-activity;sid:84513215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566395/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650112/; classtype:trojan-activity;sid:84513212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-08-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650111/; classtype:trojan-activity;sid:84513211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650109)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650109/; classtype:trojan-activity;sid:84513209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650110)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650110/; classtype:trojan-activity;sid:84513210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650108)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650108/; classtype:trojan-activity;sid:84513208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171314/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650107/; classtype:trojan-activity;sid:84513207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650105/; classtype:trojan-activity;sid:84513205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650106)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650106/; classtype:trojan-activity;sid:84513206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650104/; classtype:trojan-activity;sid:84513204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650103)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650103/; classtype:trojan-activity;sid:84513203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650100/; classtype:trojan-activity;sid:84513200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650099)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650099/; classtype:trojan-activity;sid:84513199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650098)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650098/; classtype:trojan-activity;sid:84513198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650096)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650096/; classtype:trojan-activity;sid:84513196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650097)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650097/; classtype:trojan-activity;sid:84513197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171298/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650093/; classtype:trojan-activity;sid:84513193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650094)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650094/; classtype:trojan-activity;sid:84513194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168275/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650092/; classtype:trojan-activity;sid:84513192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650089)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650089/; classtype:trojan-activity;sid:84513189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650091/; classtype:trojan-activity;sid:84513191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650086/; classtype:trojan-activity;sid:84513186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650088)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650088/; classtype:trojan-activity;sid:84513188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650085/; classtype:trojan-activity;sid:84513185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650083/; classtype:trojan-activity;sid:84513183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650084)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650084/; classtype:trojan-activity;sid:84513184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-24/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650082/; classtype:trojan-activity;sid:84513182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650080/; classtype:trojan-activity;sid:84513180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/catalog/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650081/; classtype:trojan-activity;sid:84513181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650077)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650077/; classtype:trojan-activity;sid:84513177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165824/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650078/; classtype:trojan-activity;sid:84513178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650074/; classtype:trojan-activity;sid:84513174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650071/; classtype:trojan-activity;sid:84513171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650072)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650072/; classtype:trojan-activity;sid:84513172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650069)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650069/; classtype:trojan-activity;sid:84513169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650067/; classtype:trojan-activity;sid:84513167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650065)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650065/; classtype:trojan-activity;sid:84513165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650062)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/upgrade%20advisor/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650062/; classtype:trojan-activity;sid:84513162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650063)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650063/; classtype:trojan-activity;sid:84513163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567166/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650058/; classtype:trojan-activity;sid:84513158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650059/; classtype:trojan-activity;sid:84513159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650060/; classtype:trojan-activity;sid:84513160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650057/; classtype:trojan-activity;sid:84513157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650055/; classtype:trojan-activity;sid:84513155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650056/; classtype:trojan-activity;sid:84513156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650053/; classtype:trojan-activity;sid:84513153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650054/; classtype:trojan-activity;sid:84513154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567145/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650051/; classtype:trojan-activity;sid:84513151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650049)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650049/; classtype:trojan-activity;sid:84513149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650046)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650046/; classtype:trojan-activity;sid:84513146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650047/; classtype:trojan-activity;sid:84513147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650048/; classtype:trojan-activity;sid:84513148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650043/; classtype:trojan-activity;sid:84513143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650042)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650042/; classtype:trojan-activity;sid:84513142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-08-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650038/; classtype:trojan-activity;sid:84513138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650039)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650039/; classtype:trojan-activity;sid:84513139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650035/; classtype:trojan-activity;sid:84513135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650036/; classtype:trojan-activity;sid:84513136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650033/; classtype:trojan-activity;sid:84513133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650030)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650030/; classtype:trojan-activity;sid:84513130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650029)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650029/; classtype:trojan-activity;sid:84513129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169473/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650028/; classtype:trojan-activity;sid:84513128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650027)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650027/; classtype:trojan-activity;sid:84513127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171454/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650026/; classtype:trojan-activity;sid:84513126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170532/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650023/; classtype:trojan-activity;sid:84513123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650024)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650024/; classtype:trojan-activity;sid:84513124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650020/; classtype:trojan-activity;sid:84513120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650013/; classtype:trojan-activity;sid:84513113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650014/; classtype:trojan-activity;sid:84513114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650015)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650015/; classtype:trojan-activity;sid:84513115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650016)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650016/; classtype:trojan-activity;sid:84513116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650017)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650017/; classtype:trojan-activity;sid:84513117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650018)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650018/; classtype:trojan-activity;sid:84513118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650012)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650012/; classtype:trojan-activity;sid:84513112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650011)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650011/; classtype:trojan-activity;sid:84513111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650010)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650010/; classtype:trojan-activity;sid:84513110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650008)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650008/; classtype:trojan-activity;sid:84513108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650009)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650009/; classtype:trojan-activity;sid:84513109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650007/; classtype:trojan-activity;sid:84513107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650006/; classtype:trojan-activity;sid:84513106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543689/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650004/; classtype:trojan-activity;sid:84513104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633209/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650001/; classtype:trojan-activity;sid:84513101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650003)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650003/; classtype:trojan-activity;sid:84513103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650000)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650000/; classtype:trojan-activity;sid:84513100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649998)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649998/; classtype:trojan-activity;sid:84513098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546233/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649996/; classtype:trojan-activity;sid:84513096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649994)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649994/; classtype:trojan-activity;sid:84513094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649995/; classtype:trojan-activity;sid:84513095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585575/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649992/; classtype:trojan-activity;sid:84513092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649985/; classtype:trojan-activity;sid:84513085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171194/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649986/; classtype:trojan-activity;sid:84513086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649987/; classtype:trojan-activity;sid:84513087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649989/; classtype:trojan-activity;sid:84513089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649990)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649990/; classtype:trojan-activity;sid:84513090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649984)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649984/; classtype:trojan-activity;sid:84513084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649983/; classtype:trojan-activity;sid:84513083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649977)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649977/; classtype:trojan-activity;sid:84513077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649979)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649979/; classtype:trojan-activity;sid:84513079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586961/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649980/; classtype:trojan-activity;sid:84513080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000609592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649981/; classtype:trojan-activity;sid:84513081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649982)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649982/; classtype:trojan-activity;sid:84513082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649976)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649976/; classtype:trojan-activity;sid:84513076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649974)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649974/; classtype:trojan-activity;sid:84513074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649975)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649975/; classtype:trojan-activity;sid:84513075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649972)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649972/; classtype:trojan-activity;sid:84513072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649973)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649973/; classtype:trojan-activity;sid:84513073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649968)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649968/; classtype:trojan-activity;sid:84513068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649969)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649969/; classtype:trojan-activity;sid:84513069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649966)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649966/; classtype:trojan-activity;sid:84513066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649965)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649965/; classtype:trojan-activity;sid:84513065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649964/; classtype:trojan-activity;sid:84513064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649962)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649962/; classtype:trojan-activity;sid:84513062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649961/; classtype:trojan-activity;sid:84513061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649958)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649958/; classtype:trojan-activity;sid:84513058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172788/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649959/; classtype:trojan-activity;sid:84513059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237371/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649956/; classtype:trojan-activity;sid:84513056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649955)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649955/; classtype:trojan-activity;sid:84513055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649950)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649950/; classtype:trojan-activity;sid:84513050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649951/; classtype:trojan-activity;sid:84513051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649948/; classtype:trojan-activity;sid:84513048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649947)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649947/; classtype:trojan-activity;sid:84513047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649946/; classtype:trojan-activity;sid:84513046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649944/; classtype:trojan-activity;sid:84513044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649941)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649941/; classtype:trojan-activity;sid:84513041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649942)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649942/; classtype:trojan-activity;sid:84513042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649943/; classtype:trojan-activity;sid:84513043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649939)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649939/; classtype:trojan-activity;sid:84513039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649940)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649940/; classtype:trojan-activity;sid:84513040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649936)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649936/; classtype:trojan-activity;sid:84513036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649935/; classtype:trojan-activity;sid:84513035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649933)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649933/; classtype:trojan-activity;sid:84513033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649934)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649934/; classtype:trojan-activity;sid:84513034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567164/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649932/; classtype:trojan-activity;sid:84513032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171888/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649930/; classtype:trojan-activity;sid:84513030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165116/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649931/; classtype:trojan-activity;sid:84513031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649928/; classtype:trojan-activity;sid:84513028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649927)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649927/; classtype:trojan-activity;sid:84513027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000208170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649923/; classtype:trojan-activity;sid:84513023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649925)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649925/; classtype:trojan-activity;sid:84513025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649917)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649917/; classtype:trojan-activity;sid:84513017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649915)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649915/; classtype:trojan-activity;sid:84513015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649914/; classtype:trojan-activity;sid:84513014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171458/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649910/; classtype:trojan-activity;sid:84513010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649906)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649906/; classtype:trojan-activity;sid:84513006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649907)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649907/; classtype:trojan-activity;sid:84513007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649903)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649903/; classtype:trojan-activity;sid:84513003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000617432/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649900/; classtype:trojan-activity;sid:84513000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649901/; classtype:trojan-activity;sid:84513001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649897/; classtype:trojan-activity;sid:84512997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649899/; classtype:trojan-activity;sid:84512999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649896/; classtype:trojan-activity;sid:84512996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265247/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649895/; classtype:trojan-activity;sid:84512995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649893)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649893/; classtype:trojan-activity;sid:84512993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649894)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649894/; classtype:trojan-activity;sid:84512994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649889)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649889/; classtype:trojan-activity;sid:84512989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649890)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649890/; classtype:trojan-activity;sid:84512990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649892)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649892/; classtype:trojan-activity;sid:84512992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165014/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649888/; classtype:trojan-activity;sid:84512988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649887)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649887/; classtype:trojan-activity;sid:84512987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649885/; classtype:trojan-activity;sid:84512985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168749/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649886/; classtype:trojan-activity;sid:84512986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649884/; classtype:trojan-activity;sid:84512984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649882)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649882/; classtype:trojan-activity;sid:84512982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649883)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649883/; classtype:trojan-activity;sid:84512983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649881/; classtype:trojan-activity;sid:84512981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649880)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649880/; classtype:trojan-activity;sid:84512980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649876)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649876/; classtype:trojan-activity;sid:84512976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649877)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649877/; classtype:trojan-activity;sid:84512977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000212326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649878/; classtype:trojan-activity;sid:84512978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649879)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649879/; classtype:trojan-activity;sid:84512979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649873)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649873/; classtype:trojan-activity;sid:84512973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649874/; classtype:trojan-activity;sid:84512974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649875)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649875/; classtype:trojan-activity;sid:84512975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649872/; classtype:trojan-activity;sid:84512972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649871/; classtype:trojan-activity;sid:84512971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000746890/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649870/; classtype:trojan-activity;sid:84512970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160628/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649867/; classtype:trojan-activity;sid:84512967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171452/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649868/; classtype:trojan-activity;sid:84512968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649869/; classtype:trojan-activity;sid:84512969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649866)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649866/; classtype:trojan-activity;sid:84512966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649865)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649865/; classtype:trojan-activity;sid:84512965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164253/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649864/; classtype:trojan-activity;sid:84512964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649863/; classtype:trojan-activity;sid:84512963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649862)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649862/; classtype:trojan-activity;sid:84512962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649861/; classtype:trojan-activity;sid:84512961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649858/; classtype:trojan-activity;sid:84512958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649859)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649859/; classtype:trojan-activity;sid:84512959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649855/; classtype:trojan-activity;sid:84512955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649856/; classtype:trojan-activity;sid:84512956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649857)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649857/; classtype:trojan-activity;sid:84512957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649850/; classtype:trojan-activity;sid:84512950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649851)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649851/; classtype:trojan-activity;sid:84512951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649847)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649847/; classtype:trojan-activity;sid:84512947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649848/; classtype:trojan-activity;sid:84512948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649845)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649845/; classtype:trojan-activity;sid:84512945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649844/; classtype:trojan-activity;sid:84512944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649842)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649842/; classtype:trojan-activity;sid:84512942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649841)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649841/; classtype:trojan-activity;sid:84512941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649840/; classtype:trojan-activity;sid:84512940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170894/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649839/; classtype:trojan-activity;sid:84512939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649837/; classtype:trojan-activity;sid:84512937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649838)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649838/; classtype:trojan-activity;sid:84512938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649833/; classtype:trojan-activity;sid:84512933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649829)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649829/; classtype:trojan-activity;sid:84512929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649830)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649830/; classtype:trojan-activity;sid:84512930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649831)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649831/; classtype:trojan-activity;sid:84512931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649832)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649832/; classtype:trojan-activity;sid:84512932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649827)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649827/; classtype:trojan-activity;sid:84512927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649828)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649828/; classtype:trojan-activity;sid:84512928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649826)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649826/; classtype:trojan-activity;sid:84512926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649823)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649823/; classtype:trojan-activity;sid:84512923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649822)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649822/; classtype:trojan-activity;sid:84512922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649821/; classtype:trojan-activity;sid:84512921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649820)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649820/; classtype:trojan-activity;sid:84512920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649819)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649819/; classtype:trojan-activity;sid:84512919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649818)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649818/; classtype:trojan-activity;sid:84512918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649817)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649817/; classtype:trojan-activity;sid:84512917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649816)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649816/; classtype:trojan-activity;sid:84512916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649815/; classtype:trojan-activity;sid:84512915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649814)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649814/; classtype:trojan-activity;sid:84512914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649813)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649813/; classtype:trojan-activity;sid:84512913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649809)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649809/; classtype:trojan-activity;sid:84512909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649810)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649810/; classtype:trojan-activity;sid:84512910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649808)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649808/; classtype:trojan-activity;sid:84512908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649804/; classtype:trojan-activity;sid:84512904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649805/; classtype:trojan-activity;sid:84512905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649803)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649803/; classtype:trojan-activity;sid:84512903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649802/; classtype:trojan-activity;sid:84512902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000465109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649801/; classtype:trojan-activity;sid:84512901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649800)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649800/; classtype:trojan-activity;sid:84512900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649799)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649799/; classtype:trojan-activity;sid:84512899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649796/; classtype:trojan-activity;sid:84512896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649795)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/ia64/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649795/; classtype:trojan-activity;sid:84512895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649794/; classtype:trojan-activity;sid:84512894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649792/; classtype:trojan-activity;sid:84512892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649791)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649791/; classtype:trojan-activity;sid:84512891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172568/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649790/; classtype:trojan-activity;sid:84512890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649789)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649789/; classtype:trojan-activity;sid:84512889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649788/; classtype:trojan-activity;sid:84512888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649787/; classtype:trojan-activity;sid:84512887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649786)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649786/; classtype:trojan-activity;sid:84512886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226537/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649783/; classtype:trojan-activity;sid:84512883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2022-02-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649780/; classtype:trojan-activity;sid:84512880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649777/; classtype:trojan-activity;sid:84512877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649778/; classtype:trojan-activity;sid:84512878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649775/; classtype:trojan-activity;sid:84512875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649776)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649776/; classtype:trojan-activity;sid:84512876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649773)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649773/; classtype:trojan-activity;sid:84512873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166135/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649771/; classtype:trojan-activity;sid:84512871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649770)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649770/; classtype:trojan-activity;sid:84512870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649768/; classtype:trojan-activity;sid:84512868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649765)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649765/; classtype:trojan-activity;sid:84512865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649766)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649766/; classtype:trojan-activity;sid:84512866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649767)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649767/; classtype:trojan-activity;sid:84512867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649764)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649764/; classtype:trojan-activity;sid:84512864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649762/; classtype:trojan-activity;sid:84512862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649759)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649759/; classtype:trojan-activity;sid:84512859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-06-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649760/; classtype:trojan-activity;sid:84512860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649761/; classtype:trojan-activity;sid:84512861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649758)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649758/; classtype:trojan-activity;sid:84512858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649757)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649757/; classtype:trojan-activity;sid:84512857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649756)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649756/; classtype:trojan-activity;sid:84512856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649754)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649754/; classtype:trojan-activity;sid:84512854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649753/; classtype:trojan-activity;sid:84512853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649751/; classtype:trojan-activity;sid:84512851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649749)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649749/; classtype:trojan-activity;sid:84512849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649748)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649748/; classtype:trojan-activity;sid:84512848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649746/; classtype:trojan-activity;sid:84512846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649744/; classtype:trojan-activity;sid:84512844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2024-07-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649738/; classtype:trojan-activity;sid:84512838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649739)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649739/; classtype:trojan-activity;sid:84512839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649740)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649740/; classtype:trojan-activity;sid:84512840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649741)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649741/; classtype:trojan-activity;sid:84512841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649735/; classtype:trojan-activity;sid:84512835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649736/; classtype:trojan-activity;sid:84512836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649732/; classtype:trojan-activity;sid:84512832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000557542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649730/; classtype:trojan-activity;sid:84512830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167115/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649731/; classtype:trojan-activity;sid:84512831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649728)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649728/; classtype:trojan-activity;sid:84512828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649729)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649729/; classtype:trojan-activity;sid:84512829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649727)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649727/; classtype:trojan-activity;sid:84512827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649723)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649723/; classtype:trojan-activity;sid:84512823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649721)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649721/; classtype:trojan-activity;sid:84512821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649720)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649720/; classtype:trojan-activity;sid:84512820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649718)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649718/; classtype:trojan-activity;sid:84512818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649714)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649714/; classtype:trojan-activity;sid:84512814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649716)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649716/; classtype:trojan-activity;sid:84512816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649713)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649713/; classtype:trojan-activity;sid:84512813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649711)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649711/; classtype:trojan-activity;sid:84512811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649708)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649708/; classtype:trojan-activity;sid:84512808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649709/; classtype:trojan-activity;sid:84512809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649707/; classtype:trojan-activity;sid:84512807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649705)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649705/; classtype:trojan-activity;sid:84512805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649706/; classtype:trojan-activity;sid:84512806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649703)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649703/; classtype:trojan-activity;sid:84512803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168301/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649699/; classtype:trojan-activity;sid:84512799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649700)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649700/; classtype:trojan-activity;sid:84512800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171474/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649701/; classtype:trojan-activity;sid:84512801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649702/; classtype:trojan-activity;sid:84512802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649698/; classtype:trojan-activity;sid:84512798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649695)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649695/; classtype:trojan-activity;sid:84512795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649696)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649696/; classtype:trojan-activity;sid:84512796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649694)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649694/; classtype:trojan-activity;sid:84512794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649693)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649693/; classtype:trojan-activity;sid:84512793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649690)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649690/; classtype:trojan-activity;sid:84512790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649691)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649691/; classtype:trojan-activity;sid:84512791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167423/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649692/; classtype:trojan-activity;sid:84512792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649689/; classtype:trojan-activity;sid:84512789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649688/; classtype:trojan-activity;sid:84512788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649685)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649685/; classtype:trojan-activity;sid:84512785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649686)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649686/; classtype:trojan-activity;sid:84512786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649683)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649683/; classtype:trojan-activity;sid:84512783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649682/; classtype:trojan-activity;sid:84512782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171702/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649681/; classtype:trojan-activity;sid:84512781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649678)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649678/; classtype:trojan-activity;sid:84512778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649679)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649679/; classtype:trojan-activity;sid:84512779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171468/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649677/; classtype:trojan-activity;sid:84512777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649676)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649676/; classtype:trojan-activity;sid:84512776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230418/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649673/; classtype:trojan-activity;sid:84512773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166739/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649674/; classtype:trojan-activity;sid:84512774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649675)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649675/; classtype:trojan-activity;sid:84512775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649672/; classtype:trojan-activity;sid:84512772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649671/; classtype:trojan-activity;sid:84512771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649666)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649666/; classtype:trojan-activity;sid:84512766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649668)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649668/; classtype:trojan-activity;sid:84512768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649669/; classtype:trojan-activity;sid:84512769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649663/; classtype:trojan-activity;sid:84512763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649664)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649664/; classtype:trojan-activity;sid:84512764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649665)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649665/; classtype:trojan-activity;sid:84512765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649662/; classtype:trojan-activity;sid:84512762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649660)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649660/; classtype:trojan-activity;sid:84512760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649661)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/2052/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649661/; classtype:trojan-activity;sid:84512761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649659)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649659/; classtype:trojan-activity;sid:84512759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649658)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649658/; classtype:trojan-activity;sid:84512758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649656/; classtype:trojan-activity;sid:84512756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649657/; classtype:trojan-activity;sid:84512757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169927/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649655/; classtype:trojan-activity;sid:84512755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649651/; classtype:trojan-activity;sid:84512751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649653/; classtype:trojan-activity;sid:84512753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649650/; classtype:trojan-activity;sid:84512750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543908/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649647/; classtype:trojan-activity;sid:84512747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649643/; classtype:trojan-activity;sid:84512743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542543/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649644/; classtype:trojan-activity;sid:84512744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649635/; classtype:trojan-activity;sid:84512735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649636/; classtype:trojan-activity;sid:84512736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171302/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649622/; classtype:trojan-activity;sid:84512722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166801/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649626/; classtype:trojan-activity;sid:84512726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649619)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649619/; classtype:trojan-activity;sid:84512719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649618/; classtype:trojan-activity;sid:84512718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160981/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649613/; classtype:trojan-activity;sid:84512713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551812/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649607/; classtype:trojan-activity;sid:84512707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649609)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649609/; classtype:trojan-activity;sid:84512709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649610)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649610/; classtype:trojan-activity;sid:84512710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649611)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649611/; classtype:trojan-activity;sid:84512711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649603/; classtype:trojan-activity;sid:84512703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649604)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649604/; classtype:trojan-activity;sid:84512704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649605/; classtype:trojan-activity;sid:84512705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649596)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649596/; classtype:trojan-activity;sid:84512696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649597)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649597/; classtype:trojan-activity;sid:84512697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649599/; classtype:trojan-activity;sid:84512699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649594/; classtype:trojan-activity;sid:84512694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649593)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649593/; classtype:trojan-activity;sid:84512693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649588/; classtype:trojan-activity;sid:84512688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649589)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649589/; classtype:trojan-activity;sid:84512689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649590/; classtype:trojan-activity;sid:84512690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649591)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649591/; classtype:trojan-activity;sid:84512691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649586)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649586/; classtype:trojan-activity;sid:84512686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649587)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649587/; classtype:trojan-activity;sid:84512687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649582)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649582/; classtype:trojan-activity;sid:84512682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649580/; classtype:trojan-activity;sid:84512680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649579)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649579/; classtype:trojan-activity;sid:84512679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649578/; classtype:trojan-activity;sid:84512678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168299/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649576/; classtype:trojan-activity;sid:84512676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649577/; classtype:trojan-activity;sid:84512677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160619/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649573/; classtype:trojan-activity;sid:84512673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649574/; classtype:trojan-activity;sid:84512674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171316/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649572/; classtype:trojan-activity;sid:84512672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649570/; classtype:trojan-activity;sid:84512670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649565)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649565/; classtype:trojan-activity;sid:84512665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649566/; classtype:trojan-activity;sid:84512666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649567/; classtype:trojan-activity;sid:84512667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649568)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649568/; classtype:trojan-activity;sid:84512668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649563)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649563/; classtype:trojan-activity;sid:84512663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649564)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649564/; classtype:trojan-activity;sid:84512664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649559/; classtype:trojan-activity;sid:84512659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649560/; classtype:trojan-activity;sid:84512660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649557)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649557/; classtype:trojan-activity;sid:84512657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649558)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649558/; classtype:trojan-activity;sid:84512658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168281/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649556/; classtype:trojan-activity;sid:84512656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649555)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649555/; classtype:trojan-activity;sid:84512655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649553)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649553/; classtype:trojan-activity;sid:84512653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171358/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649549/; classtype:trojan-activity;sid:84512649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649550)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649550/; classtype:trojan-activity;sid:84512650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167601/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649551/; classtype:trojan-activity;sid:84512651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-06-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649552/; classtype:trojan-activity;sid:84512652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649544/; classtype:trojan-activity;sid:84512644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649545/; classtype:trojan-activity;sid:84512645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649540)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649540/; classtype:trojan-activity;sid:84512640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649542)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649542/; classtype:trojan-activity;sid:84512642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649536)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649536/; classtype:trojan-activity;sid:84512636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649537)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649537/; classtype:trojan-activity;sid:84512637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649538)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649538/; classtype:trojan-activity;sid:84512638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649535/; classtype:trojan-activity;sid:84512635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000732234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649532/; classtype:trojan-activity;sid:84512632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649530)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649530/; classtype:trojan-activity;sid:84512630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649529/; classtype:trojan-activity;sid:84512629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649526)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649526/; classtype:trojan-activity;sid:84512626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649527)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649527/; classtype:trojan-activity;sid:84512627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649528/; classtype:trojan-activity;sid:84512628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649523/; classtype:trojan-activity;sid:84512623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649524)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649524/; classtype:trojan-activity;sid:84512624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649525/; classtype:trojan-activity;sid:84512625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584370/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649521/; classtype:trojan-activity;sid:84512621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649522/; classtype:trojan-activity;sid:84512622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649520)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649520/; classtype:trojan-activity;sid:84512620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649518)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649518/; classtype:trojan-activity;sid:84512618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649519)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649519/; classtype:trojan-activity;sid:84512619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583934/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649517/; classtype:trojan-activity;sid:84512617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649516)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649516/; classtype:trojan-activity;sid:84512616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165844/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649514/; classtype:trojan-activity;sid:84512614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649515)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649515/; classtype:trojan-activity;sid:84512615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649512)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649512/; classtype:trojan-activity;sid:84512612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649511)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649511/; classtype:trojan-activity;sid:84512611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649509/; classtype:trojan-activity;sid:84512609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649510)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649510/; classtype:trojan-activity;sid:84512610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649507)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649507/; classtype:trojan-activity;sid:84512607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649504/; classtype:trojan-activity;sid:84512604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649505/; classtype:trojan-activity;sid:84512605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649506/; classtype:trojan-activity;sid:84512606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165184/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649503/; classtype:trojan-activity;sid:84512603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649499)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649499/; classtype:trojan-activity;sid:84512599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649500)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649500/; classtype:trojan-activity;sid:84512600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649497/; classtype:trojan-activity;sid:84512597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649498/; classtype:trojan-activity;sid:84512598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649495/; classtype:trojan-activity;sid:84512595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649496)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649496/; classtype:trojan-activity;sid:84512596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649494/; classtype:trojan-activity;sid:84512594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168365/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649492/; classtype:trojan-activity;sid:84512592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649491)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649491/; classtype:trojan-activity;sid:84512591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649489/; classtype:trojan-activity;sid:84512589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649487)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649487/; classtype:trojan-activity;sid:84512587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649486/; classtype:trojan-activity;sid:84512586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649484/; classtype:trojan-activity;sid:84512584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000209999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649483/; classtype:trojan-activity;sid:84512583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649480)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649480/; classtype:trojan-activity;sid:84512580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649477)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649477/; classtype:trojan-activity;sid:84512577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649478)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649478/; classtype:trojan-activity;sid:84512578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649475)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649475/; classtype:trojan-activity;sid:84512575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649474)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649474/; classtype:trojan-activity;sid:84512574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649473)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649473/; classtype:trojan-activity;sid:84512573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649469)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649469/; classtype:trojan-activity;sid:84512569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649463)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649463/; classtype:trojan-activity;sid:84512563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649464)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649464/; classtype:trojan-activity;sid:84512564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649465)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649465/; classtype:trojan-activity;sid:84512565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649466)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649466/; classtype:trojan-activity;sid:84512566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649461)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649461/; classtype:trojan-activity;sid:84512561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649459/; classtype:trojan-activity;sid:84512559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649456/; classtype:trojan-activity;sid:84512556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649457)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649457/; classtype:trojan-activity;sid:84512557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649458/; classtype:trojan-activity;sid:84512558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649454)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649454/; classtype:trojan-activity;sid:84512554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171854/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649455/; classtype:trojan-activity;sid:84512555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649453)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649453/; classtype:trojan-activity;sid:84512553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649452)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649452/; classtype:trojan-activity;sid:84512552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649450)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649450/; classtype:trojan-activity;sid:84512550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649447)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649447/; classtype:trojan-activity;sid:84512547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649448)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649448/; classtype:trojan-activity;sid:84512548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649443)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649443/; classtype:trojan-activity;sid:84512543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649444)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649444/; classtype:trojan-activity;sid:84512544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604321/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649440/; classtype:trojan-activity;sid:84512540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649439)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649439/; classtype:trojan-activity;sid:84512539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649435)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649435/; classtype:trojan-activity;sid:84512535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649437)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649437/; classtype:trojan-activity;sid:84512537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649433)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649433/; classtype:trojan-activity;sid:84512533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649434)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649434/; classtype:trojan-activity;sid:84512534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649431)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649431/; classtype:trojan-activity;sid:84512531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649432)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649432/; classtype:trojan-activity;sid:84512532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649429)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649429/; classtype:trojan-activity;sid:84512529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649430)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649430/; classtype:trojan-activity;sid:84512530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649427/; classtype:trojan-activity;sid:84512527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649425)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649425/; classtype:trojan-activity;sid:84512525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160615/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649424/; classtype:trojan-activity;sid:84512524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649421)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649421/; classtype:trojan-activity;sid:84512521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649422)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649422/; classtype:trojan-activity;sid:84512522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649419)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649419/; classtype:trojan-activity;sid:84512519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649420/; classtype:trojan-activity;sid:84512520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649418/; classtype:trojan-activity;sid:84512518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649416/; classtype:trojan-activity;sid:84512516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171286/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649414/; classtype:trojan-activity;sid:84512514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649413)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649413/; classtype:trojan-activity;sid:84512513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649412)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649412/; classtype:trojan-activity;sid:84512512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649411/; classtype:trojan-activity;sid:84512511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649409)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649409/; classtype:trojan-activity;sid:84512509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171402/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649406/; classtype:trojan-activity;sid:84512506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649407)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649407/; classtype:trojan-activity;sid:84512507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649402/; classtype:trojan-activity;sid:84512502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649403)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649403/; classtype:trojan-activity;sid:84512503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649404/; classtype:trojan-activity;sid:84512504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649397/; classtype:trojan-activity;sid:84512497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649400)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649400/; classtype:trojan-activity;sid:84512500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649401)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649401/; classtype:trojan-activity;sid:84512501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649395/; classtype:trojan-activity;sid:84512495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649392/; classtype:trojan-activity;sid:84512492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649388)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649388/; classtype:trojan-activity;sid:84512488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649386)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649386/; classtype:trojan-activity;sid:84512486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171462/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649387/; classtype:trojan-activity;sid:84512487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-12/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649385/; classtype:trojan-activity;sid:84512485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649383)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649383/; classtype:trojan-activity;sid:84512483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649384)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649384/; classtype:trojan-activity;sid:84512484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606635/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649379/; classtype:trojan-activity;sid:84512479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649381)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649381/; classtype:trojan-activity;sid:84512481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000238203/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649377/; classtype:trojan-activity;sid:84512477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649378)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649378/; classtype:trojan-activity;sid:84512478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649375/; classtype:trojan-activity;sid:84512475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649376/; classtype:trojan-activity;sid:84512476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649374)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649374/; classtype:trojan-activity;sid:84512474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171242/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649372/; classtype:trojan-activity;sid:84512472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649371/; classtype:trojan-activity;sid:84512471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649370/; classtype:trojan-activity;sid:84512470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649366/; classtype:trojan-activity;sid:84512466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649363/; classtype:trojan-activity;sid:84512463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649362)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649362/; classtype:trojan-activity;sid:84512462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171332/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649360/; classtype:trojan-activity;sid:84512460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649361)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649361/; classtype:trojan-activity;sid:84512461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649359/; classtype:trojan-activity;sid:84512459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649358)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649358/; classtype:trojan-activity;sid:84512458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649357/; classtype:trojan-activity;sid:84512457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165850/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649354/; classtype:trojan-activity;sid:84512454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649355/; classtype:trojan-activity;sid:84512455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649356)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/1033/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649356/; classtype:trojan-activity;sid:84512456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649353/; classtype:trojan-activity;sid:84512453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649350)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649350/; classtype:trojan-activity;sid:84512450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649351)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649351/; classtype:trojan-activity;sid:84512451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649352/; classtype:trojan-activity;sid:84512452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649348)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649348/; classtype:trojan-activity;sid:84512448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649346/; classtype:trojan-activity;sid:84512446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649347)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649347/; classtype:trojan-activity;sid:84512447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649344)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649344/; classtype:trojan-activity;sid:84512444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649343)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649343/; classtype:trojan-activity;sid:84512443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649342)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649342/; classtype:trojan-activity;sid:84512442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649341)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649341/; classtype:trojan-activity;sid:84512441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649340)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649340/; classtype:trojan-activity;sid:84512440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649339)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649339/; classtype:trojan-activity;sid:84512439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649336/; classtype:trojan-activity;sid:84512436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649334)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649334/; classtype:trojan-activity;sid:84512434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649332/; classtype:trojan-activity;sid:84512432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165794/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649329/; classtype:trojan-activity;sid:84512429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649330)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649330/; classtype:trojan-activity;sid:84512430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649328)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649328/; classtype:trojan-activity;sid:84512428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173022/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649326/; classtype:trojan-activity;sid:84512426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649327/; classtype:trojan-activity;sid:84512427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649325)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649325/; classtype:trojan-activity;sid:84512425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649324/; classtype:trojan-activity;sid:84512424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649322)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649322/; classtype:trojan-activity;sid:84512422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-20/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649323/; classtype:trojan-activity;sid:84512423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649320)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649320/; classtype:trojan-activity;sid:84512420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649319)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649319/; classtype:trojan-activity;sid:84512419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649314)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x86/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649314/; classtype:trojan-activity;sid:84512414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649316)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649316/; classtype:trojan-activity;sid:84512416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566420/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649310/; classtype:trojan-activity;sid:84512410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567141/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649309/; classtype:trojan-activity;sid:84512409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000215215/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649306/; classtype:trojan-activity;sid:84512406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649305/; classtype:trojan-activity;sid:84512405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649304)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649304/; classtype:trojan-activity;sid:84512404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562903/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649303/; classtype:trojan-activity;sid:84512403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649301)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649301/; classtype:trojan-activity;sid:84512401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649299/; classtype:trojan-activity;sid:84512399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649297)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649297/; classtype:trojan-activity;sid:84512397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649298)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649298/; classtype:trojan-activity;sid:84512398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649296)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649296/; classtype:trojan-activity;sid:84512396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567162/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649295/; classtype:trojan-activity;sid:84512395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649293)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649293/; classtype:trojan-activity;sid:84512393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649290/; classtype:trojan-activity;sid:84512390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649291)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649291/; classtype:trojan-activity;sid:84512391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649289)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649289/; classtype:trojan-activity;sid:84512389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649288)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649288/; classtype:trojan-activity;sid:84512388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649287)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649287/; classtype:trojan-activity;sid:84512387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649286/; classtype:trojan-activity;sid:84512386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649284/; classtype:trojan-activity;sid:84512384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649283)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649283/; classtype:trojan-activity;sid:84512383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649282)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649282/; classtype:trojan-activity;sid:84512382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649281/; classtype:trojan-activity;sid:84512381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649280)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649280/; classtype:trojan-activity;sid:84512380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168063/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649278/; classtype:trojan-activity;sid:84512378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649279)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649279/; classtype:trojan-activity;sid:84512379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649276)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649276/; classtype:trojan-activity;sid:84512376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649277)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649277/; classtype:trojan-activity;sid:84512377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649275/; classtype:trojan-activity;sid:84512375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649274)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649274/; classtype:trojan-activity;sid:84512374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649270/; classtype:trojan-activity;sid:84512370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649266/; classtype:trojan-activity;sid:84512366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649267)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649267/; classtype:trojan-activity;sid:84512367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649264)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649264/; classtype:trojan-activity;sid:84512364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649260)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649260/; classtype:trojan-activity;sid:84512360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649259)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649259/; classtype:trojan-activity;sid:84512359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649258)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649258/; classtype:trojan-activity;sid:84512358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649257)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649257/; classtype:trojan-activity;sid:84512357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649256/; classtype:trojan-activity;sid:84512356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649254)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649254/; classtype:trojan-activity;sid:84512354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649249)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649249/; classtype:trojan-activity;sid:84512349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000558592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649250/; classtype:trojan-activity;sid:84512350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649251)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649251/; classtype:trojan-activity;sid:84512351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649252/; classtype:trojan-activity;sid:84512352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649248)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649248/; classtype:trojan-activity;sid:84512348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649247)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649247/; classtype:trojan-activity;sid:84512347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649245)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649245/; classtype:trojan-activity;sid:84512345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649244)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649244/; classtype:trojan-activity;sid:84512344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649243/; classtype:trojan-activity;sid:84512343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649242/; classtype:trojan-activity;sid:84512342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649238)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649238/; classtype:trojan-activity;sid:84512338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649239)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x86/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649239/; classtype:trojan-activity;sid:84512339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649235)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649235/; classtype:trojan-activity;sid:84512335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649232)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/shared/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649232/; classtype:trojan-activity;sid:84512332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649233)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649233/; classtype:trojan-activity;sid:84512333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649231/; classtype:trojan-activity;sid:84512331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649228/; classtype:trojan-activity;sid:84512328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649227)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649227/; classtype:trojan-activity;sid:84512327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649223/; classtype:trojan-activity;sid:84512323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649225)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649225/; classtype:trojan-activity;sid:84512325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649222)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649222/; classtype:trojan-activity;sid:84512322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649220)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649220/; classtype:trojan-activity;sid:84512320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649221)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649221/; classtype:trojan-activity;sid:84512321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649218)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649218/; classtype:trojan-activity;sid:84512318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649219)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649219/; classtype:trojan-activity;sid:84512319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649215/; classtype:trojan-activity;sid:84512315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649212)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649212/; classtype:trojan-activity;sid:84512312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649213/; classtype:trojan-activity;sid:84512313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649211)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649211/; classtype:trojan-activity;sid:84512311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649210)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649210/; classtype:trojan-activity;sid:84512310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649209)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649209/; classtype:trojan-activity;sid:84512309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649208/; classtype:trojan-activity;sid:84512308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649207)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649207/; classtype:trojan-activity;sid:84512307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649205/; classtype:trojan-activity;sid:84512305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649202)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649202/; classtype:trojan-activity;sid:84512302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649203)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649203/; classtype:trojan-activity;sid:84512303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649200)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649200/; classtype:trojan-activity;sid:84512300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649198)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649198/; classtype:trojan-activity;sid:84512298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649196/; classtype:trojan-activity;sid:84512296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649193/; classtype:trojan-activity;sid:84512293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165480/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649189/; classtype:trojan-activity;sid:84512289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649191/; classtype:trojan-activity;sid:84512291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649185)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649185/; classtype:trojan-activity;sid:84512285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649186/; classtype:trojan-activity;sid:84512286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000564863/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649180/; classtype:trojan-activity;sid:84512280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649181)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649181/; classtype:trojan-activity;sid:84512281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649182)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649182/; classtype:trojan-activity;sid:84512282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649184)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649184/; classtype:trojan-activity;sid:84512284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649179/; classtype:trojan-activity;sid:84512279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649178)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649178/; classtype:trojan-activity;sid:84512278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162652/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649173/; classtype:trojan-activity;sid:84512273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649170)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649170/; classtype:trojan-activity;sid:84512270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649171)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649171/; classtype:trojan-activity;sid:84512271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649168)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649168/; classtype:trojan-activity;sid:84512268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649163)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649163/; classtype:trojan-activity;sid:84512263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649164)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649164/; classtype:trojan-activity;sid:84512264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649165)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649165/; classtype:trojan-activity;sid:84512265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649160/; classtype:trojan-activity;sid:84512260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649161)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649161/; classtype:trojan-activity;sid:84512261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166657/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649158/; classtype:trojan-activity;sid:84512258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649159)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649159/; classtype:trojan-activity;sid:84512259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649156)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649156/; classtype:trojan-activity;sid:84512256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649151)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649151/; classtype:trojan-activity;sid:84512251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649152)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649152/; classtype:trojan-activity;sid:84512252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649153/; classtype:trojan-activity;sid:84512253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649147)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649147/; classtype:trojan-activity;sid:84512247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649148)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649148/; classtype:trojan-activity;sid:84512248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649149/; classtype:trojan-activity;sid:84512249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649145/; classtype:trojan-activity;sid:84512245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556239/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649143/; classtype:trojan-activity;sid:84512243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765367/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649144/; classtype:trojan-activity;sid:84512244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625325/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649142/; classtype:trojan-activity;sid:84512242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649141)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649141/; classtype:trojan-activity;sid:84512241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-11-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649137/; classtype:trojan-activity;sid:84512237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649135/; classtype:trojan-activity;sid:84512235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649136/; classtype:trojan-activity;sid:84512236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649130/; classtype:trojan-activity;sid:84512230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649131)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649131/; classtype:trojan-activity;sid:84512231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649132)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649132/; classtype:trojan-activity;sid:84512232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649133)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649133/; classtype:trojan-activity;sid:84512233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649128/; classtype:trojan-activity;sid:84512228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649129)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649129/; classtype:trojan-activity;sid:84512229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649126)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649126/; classtype:trojan-activity;sid:84512226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649127)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649127/; classtype:trojan-activity;sid:84512227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168297/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649124/; classtype:trojan-activity;sid:84512224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649121)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649121/; classtype:trojan-activity;sid:84512221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649122)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649122/; classtype:trojan-activity;sid:84512222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649120/; classtype:trojan-activity;sid:84512220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168387/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649118/; classtype:trojan-activity;sid:84512218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606634/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649119/; classtype:trojan-activity;sid:84512219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551813/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649110/; classtype:trojan-activity;sid:84512210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-03-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649111/; classtype:trojan-activity;sid:84512211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164394/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649112/; classtype:trojan-activity;sid:84512212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649113/; classtype:trojan-activity;sid:84512213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649114)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649114/; classtype:trojan-activity;sid:84512214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649116)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649116/; classtype:trojan-activity;sid:84512216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649109/; classtype:trojan-activity;sid:84512209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649106)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649106/; classtype:trojan-activity;sid:84512206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166665/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649107/; classtype:trojan-activity;sid:84512207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224583/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649108/; classtype:trojan-activity;sid:84512208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649100)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649100/; classtype:trojan-activity;sid:84512200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649101)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649101/; classtype:trojan-activity;sid:84512201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649102)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649102/; classtype:trojan-activity;sid:84512202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649103)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649103/; classtype:trojan-activity;sid:84512203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649104)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649104/; classtype:trojan-activity;sid:84512204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649097/; classtype:trojan-activity;sid:84512197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649099/; classtype:trojan-activity;sid:84512199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649094)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649094/; classtype:trojan-activity;sid:84512194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649092/; classtype:trojan-activity;sid:84512192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2022-03-09/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649089/; classtype:trojan-activity;sid:84512189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649090)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649090/; classtype:trojan-activity;sid:84512190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649091/; classtype:trojan-activity;sid:84512191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649084/; classtype:trojan-activity;sid:84512184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649085)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649085/; classtype:trojan-activity;sid:84512185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649086)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649086/; classtype:trojan-activity;sid:84512186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649087)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649087/; classtype:trojan-activity;sid:84512187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649088)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/ia64/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649088/; classtype:trojan-activity;sid:84512188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649082/; classtype:trojan-activity;sid:84512182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649083)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649083/; classtype:trojan-activity;sid:84512183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649081/; classtype:trojan-activity;sid:84512181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649080/; classtype:trojan-activity;sid:84512180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649078/; classtype:trojan-activity;sid:84512178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649074/; classtype:trojan-activity;sid:84512174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649075)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649075/; classtype:trojan-activity;sid:84512175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649077/; classtype:trojan-activity;sid:84512177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649071/; classtype:trojan-activity;sid:84512171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649072)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649072/; classtype:trojan-activity;sid:84512172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649070)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649070/; classtype:trojan-activity;sid:84512170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649068/; classtype:trojan-activity;sid:84512168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649069)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649069/; classtype:trojan-activity;sid:84512169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649066)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649066/; classtype:trojan-activity;sid:84512166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649063)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649063/; classtype:trojan-activity;sid:84512163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649064)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649064/; classtype:trojan-activity;sid:84512164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166183/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649061/; classtype:trojan-activity;sid:84512161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649058/; classtype:trojan-activity;sid:84512158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649060/; classtype:trojan-activity;sid:84512160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649057/; classtype:trojan-activity;sid:84512157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000616852/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649055/; classtype:trojan-activity;sid:84512155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649056/; classtype:trojan-activity;sid:84512156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649050/; classtype:trojan-activity;sid:84512150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649051)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649051/; classtype:trojan-activity;sid:84512151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649052)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649052/; classtype:trojan-activity;sid:84512152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649053)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649053/; classtype:trojan-activity;sid:84512153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649054)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649054/; classtype:trojan-activity;sid:84512154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649045/; classtype:trojan-activity;sid:84512145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649046)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649046/; classtype:trojan-activity;sid:84512146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649047)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649047/; classtype:trojan-activity;sid:84512147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649048/; classtype:trojan-activity;sid:84512148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649049)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649049/; classtype:trojan-activity;sid:84512149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649041)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649041/; classtype:trojan-activity;sid:84512141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649042)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649042/; classtype:trojan-activity;sid:84512142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649043/; classtype:trojan-activity;sid:84512143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649044/; classtype:trojan-activity;sid:84512144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649039/; classtype:trojan-activity;sid:84512139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649040)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649040/; classtype:trojan-activity;sid:84512140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170776/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649033/; classtype:trojan-activity;sid:84512133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649034/; classtype:trojan-activity;sid:84512134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-12-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649035/; classtype:trojan-activity;sid:84512135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649036)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649036/; classtype:trojan-activity;sid:84512136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649037/; classtype:trojan-activity;sid:84512137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649032/; classtype:trojan-activity;sid:84512132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649031)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649031/; classtype:trojan-activity;sid:84512131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649023)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649023/; classtype:trojan-activity;sid:84512123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649024/; classtype:trojan-activity;sid:84512124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649025)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649025/; classtype:trojan-activity;sid:84512125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649026)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649026/; classtype:trojan-activity;sid:84512126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649027/; classtype:trojan-activity;sid:84512127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160718/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649028/; classtype:trojan-activity;sid:84512128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604673/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649029/; classtype:trojan-activity;sid:84512129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649022)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649022/; classtype:trojan-activity;sid:84512122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649019/; classtype:trojan-activity;sid:84512119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649020/; classtype:trojan-activity;sid:84512120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164236/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649021/; classtype:trojan-activity;sid:84512121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649015)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649015/; classtype:trojan-activity;sid:84512115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649016/; classtype:trojan-activity;sid:84512116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649017)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649017/; classtype:trojan-activity;sid:84512117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171640/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649012/; classtype:trojan-activity;sid:84512112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649010)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/2.0/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649010/; classtype:trojan-activity;sid:84512110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649011)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649011/; classtype:trojan-activity;sid:84512111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649008/; classtype:trojan-activity;sid:84512108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649006)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649006/; classtype:trojan-activity;sid:84512106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649004)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649004/; classtype:trojan-activity;sid:84512104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649005/; classtype:trojan-activity;sid:84512105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649002)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649002/; classtype:trojan-activity;sid:84512102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649003/; classtype:trojan-activity;sid:84512103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649001)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649001/; classtype:trojan-activity;sid:84512101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649000)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649000/; classtype:trojan-activity;sid:84512100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-08-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648998/; classtype:trojan-activity;sid:84512098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648994/; classtype:trojan-activity;sid:84512094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166851/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648995/; classtype:trojan-activity;sid:84512095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648996/; classtype:trojan-activity;sid:84512096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791001053/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648997/; classtype:trojan-activity;sid:84512097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648992)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648992/; classtype:trojan-activity;sid:84512092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648993)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648993/; classtype:trojan-activity;sid:84512093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648987)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648987/; classtype:trojan-activity;sid:84512087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553613/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648988/; classtype:trojan-activity;sid:84512088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648989)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648989/; classtype:trojan-activity;sid:84512089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648990)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648990/; classtype:trojan-activity;sid:84512090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648982/; classtype:trojan-activity;sid:84512082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648983/; classtype:trojan-activity;sid:84512083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648985)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648985/; classtype:trojan-activity;sid:84512085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648980)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648980/; classtype:trojan-activity;sid:84512080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648979/; classtype:trojan-activity;sid:84512079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648975/; classtype:trojan-activity;sid:84512075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172670/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648972/; classtype:trojan-activity;sid:84512072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164510/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648973/; classtype:trojan-activity;sid:84512073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648974)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648974/; classtype:trojan-activity;sid:84512074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648970)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648970/; classtype:trojan-activity;sid:84512070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648971)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648971/; classtype:trojan-activity;sid:84512071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648969)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648969/; classtype:trojan-activity;sid:84512069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648962)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648962/; classtype:trojan-activity;sid:84512062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648963/; classtype:trojan-activity;sid:84512063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648964/; classtype:trojan-activity;sid:84512064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648965)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648965/; classtype:trojan-activity;sid:84512065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167219/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648966/; classtype:trojan-activity;sid:84512066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648967)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648967/; classtype:trojan-activity;sid:84512067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648968/; classtype:trojan-activity;sid:84512068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648960/; classtype:trojan-activity;sid:84512060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171308/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648957/; classtype:trojan-activity;sid:84512057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171858/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648954/; classtype:trojan-activity;sid:84512054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-21/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648953/; classtype:trojan-activity;sid:84512053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648952/; classtype:trojan-activity;sid:84512052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648946/; classtype:trojan-activity;sid:84512046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629918/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648941/; classtype:trojan-activity;sid:84512041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/18296147000306/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648942/; classtype:trojan-activity;sid:84512042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648943/; classtype:trojan-activity;sid:84512043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648944/; classtype:trojan-activity;sid:84512044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648945)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648945/; classtype:trojan-activity;sid:84512045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648936/; classtype:trojan-activity;sid:84512036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648934/; classtype:trojan-activity;sid:84512034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168121/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648933/; classtype:trojan-activity;sid:84512033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648926/; classtype:trojan-activity;sid:84512026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648927/; classtype:trojan-activity;sid:84512027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-02-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648928/; classtype:trojan-activity;sid:84512028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648929)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648929/; classtype:trojan-activity;sid:84512029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648930/; classtype:trojan-activity;sid:84512030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648931/; classtype:trojan-activity;sid:84512031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648932)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648932/; classtype:trojan-activity;sid:84512032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648922)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648922/; classtype:trojan-activity;sid:84512022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648923)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648923/; classtype:trojan-activity;sid:84512023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648924)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648924/; classtype:trojan-activity;sid:84512024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226538/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648921/; classtype:trojan-activity;sid:84512021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648913)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648913/; classtype:trojan-activity;sid:84512013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648914/; classtype:trojan-activity;sid:84512014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648919)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648919/; classtype:trojan-activity;sid:84512019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648911/; classtype:trojan-activity;sid:84512011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000201084/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648912/; classtype:trojan-activity;sid:84512012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648910)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648910/; classtype:trojan-activity;sid:84512010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648902)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648902/; classtype:trojan-activity;sid:84512002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648904/; classtype:trojan-activity;sid:84512004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648906)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648906/; classtype:trojan-activity;sid:84512006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648907)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648907/; classtype:trojan-activity;sid:84512007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648908/; classtype:trojan-activity;sid:84512008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648901)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648901/; classtype:trojan-activity;sid:84512001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648900/; classtype:trojan-activity;sid:84512000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648897)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648897/; classtype:trojan-activity;sid:84511997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648898/; classtype:trojan-activity;sid:84511998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648894)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648894/; classtype:trojan-activity;sid:84511994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648891/; classtype:trojan-activity;sid:84511991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171476/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648889/; classtype:trojan-activity;sid:84511989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168551/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648884/; classtype:trojan-activity;sid:84511984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165820/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648885/; classtype:trojan-activity;sid:84511985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603104/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648886/; classtype:trojan-activity;sid:84511986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648879)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648879/; classtype:trojan-activity;sid:84511979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648880)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648880/; classtype:trojan-activity;sid:84511980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-02-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648881/; classtype:trojan-activity;sid:84511981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648882)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648882/; classtype:trojan-activity;sid:84511982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166085/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648872/; classtype:trojan-activity;sid:84511972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648873)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648873/; classtype:trojan-activity;sid:84511973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648874)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648874/; classtype:trojan-activity;sid:84511974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648876/; classtype:trojan-activity;sid:84511976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648877/; classtype:trojan-activity;sid:84511977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648878)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648878/; classtype:trojan-activity;sid:84511978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648870)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648870/; classtype:trojan-activity;sid:84511970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648869)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648869/; classtype:trojan-activity;sid:84511969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648865)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648865/; classtype:trojan-activity;sid:84511965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648866)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648866/; classtype:trojan-activity;sid:84511966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648867)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648867/; classtype:trojan-activity;sid:84511967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165486/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648868/; classtype:trojan-activity;sid:84511968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648864)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648864/; classtype:trojan-activity;sid:84511964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648863)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648863/; classtype:trojan-activity;sid:84511963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648857)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648857/; classtype:trojan-activity;sid:84511957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169013/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648858/; classtype:trojan-activity;sid:84511958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648856)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648856/; classtype:trojan-activity;sid:84511956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160982/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648854/; classtype:trojan-activity;sid:84511954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648850/; classtype:trojan-activity;sid:84511950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648851)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648851/; classtype:trojan-activity;sid:84511951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000618093/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648852/; classtype:trojan-activity;sid:84511952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648853)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648853/; classtype:trojan-activity;sid:84511953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648848)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648848/; classtype:trojan-activity;sid:84511948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165826/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648849/; classtype:trojan-activity;sid:84511949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648846)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648846/; classtype:trojan-activity;sid:84511946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648847)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648847/; classtype:trojan-activity;sid:84511947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648841/; classtype:trojan-activity;sid:84511941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648842)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648842/; classtype:trojan-activity;sid:84511942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648843)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648843/; classtype:trojan-activity;sid:84511943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648844/; classtype:trojan-activity;sid:84511944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648845)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648845/; classtype:trojan-activity;sid:84511945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648840)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648840/; classtype:trojan-activity;sid:84511940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648837)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648837/; classtype:trojan-activity;sid:84511937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648838)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648838/; classtype:trojan-activity;sid:84511938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648833)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648833/; classtype:trojan-activity;sid:84511933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648834)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648834/; classtype:trojan-activity;sid:84511934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648830/; classtype:trojan-activity;sid:84511930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591547/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648832/; classtype:trojan-activity;sid:84511932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648828/; classtype:trojan-activity;sid:84511928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648829)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648829/; classtype:trojan-activity;sid:84511929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648823)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648823/; classtype:trojan-activity;sid:84511923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648824/; classtype:trojan-activity;sid:84511924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171450/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648825/; classtype:trojan-activity;sid:84511925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648826)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648826/; classtype:trojan-activity;sid:84511926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648822)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648822/; classtype:trojan-activity;sid:84511922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166307/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648819/; classtype:trojan-activity;sid:84511919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648820/; classtype:trojan-activity;sid:84511920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648821)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648821/; classtype:trojan-activity;sid:84511921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648817)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648817/; classtype:trojan-activity;sid:84511917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648818)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648818/; classtype:trojan-activity;sid:84511918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648814)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648814/; classtype:trojan-activity;sid:84511914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648815)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648815/; classtype:trojan-activity;sid:84511915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648813)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648813/; classtype:trojan-activity;sid:84511913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648812/; classtype:trojan-activity;sid:84511912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171228/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648811/; classtype:trojan-activity;sid:84511911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648809)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648809/; classtype:trojan-activity;sid:84511909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648810/; classtype:trojan-activity;sid:84511910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648808)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648808/; classtype:trojan-activity;sid:84511908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648807/; classtype:trojan-activity;sid:84511907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648805/; classtype:trojan-activity;sid:84511905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648806/; classtype:trojan-activity;sid:84511906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648802/; classtype:trojan-activity;sid:84511902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648803)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648803/; classtype:trojan-activity;sid:84511903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648804)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648804/; classtype:trojan-activity;sid:84511904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595439/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648798/; classtype:trojan-activity;sid:84511898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648799/; classtype:trojan-activity;sid:84511899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648800)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648800/; classtype:trojan-activity;sid:84511900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648795)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648795/; classtype:trojan-activity;sid:84511895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648796)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648796/; classtype:trojan-activity;sid:84511896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648797)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648797/; classtype:trojan-activity;sid:84511897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648789/; classtype:trojan-activity;sid:84511889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648790/; classtype:trojan-activity;sid:84511890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648791/; classtype:trojan-activity;sid:84511891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648792/; classtype:trojan-activity;sid:84511892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648793)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648793/; classtype:trojan-activity;sid:84511893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625549/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648788/; classtype:trojan-activity;sid:84511888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648784)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648784/; classtype:trojan-activity;sid:84511884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648785/; classtype:trojan-activity;sid:84511885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648786)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648786/; classtype:trojan-activity;sid:84511886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648780/; classtype:trojan-activity;sid:84511880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168291/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648781/; classtype:trojan-activity;sid:84511881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648782)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648782/; classtype:trojan-activity;sid:84511882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648778/; classtype:trojan-activity;sid:84511878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648775)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648775/; classtype:trojan-activity;sid:84511875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648776)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648776/; classtype:trojan-activity;sid:84511876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648772)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648772/; classtype:trojan-activity;sid:84511872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648774)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648774/; classtype:trojan-activity;sid:84511874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648768/; classtype:trojan-activity;sid:84511868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648769)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648769/; classtype:trojan-activity;sid:84511869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648770)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648770/; classtype:trojan-activity;sid:84511870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648771/; classtype:trojan-activity;sid:84511871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648764)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648764/; classtype:trojan-activity;sid:84511864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648765/; classtype:trojan-activity;sid:84511865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648763)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648763/; classtype:trojan-activity;sid:84511863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648762)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648762/; classtype:trojan-activity;sid:84511862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648759/; classtype:trojan-activity;sid:84511859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648761)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648761/; classtype:trojan-activity;sid:84511861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602408/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648758/; classtype:trojan-activity;sid:84511858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648753/; classtype:trojan-activity;sid:84511853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553198/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648755/; classtype:trojan-activity;sid:84511855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648756)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648756/; classtype:trojan-activity;sid:84511856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172872/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648750/; classtype:trojan-activity;sid:84511850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648751)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648751/; classtype:trojan-activity;sid:84511851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648748)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648748/; classtype:trojan-activity;sid:84511848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648746/; classtype:trojan-activity;sid:84511846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648744)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648744/; classtype:trojan-activity;sid:84511844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648738/; classtype:trojan-activity;sid:84511838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648739)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648739/; classtype:trojan-activity;sid:84511839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648741/; classtype:trojan-activity;sid:84511841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648742)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648742/; classtype:trojan-activity;sid:84511842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648743/; classtype:trojan-activity;sid:84511843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/famen/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648735/; classtype:trojan-activity;sid:84511835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648736/; classtype:trojan-activity;sid:84511836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648737/; classtype:trojan-activity;sid:84511837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648733)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648733/; classtype:trojan-activity;sid:84511833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648732/; classtype:trojan-activity;sid:84511832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648729)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648729/; classtype:trojan-activity;sid:84511829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648730)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648730/; classtype:trojan-activity;sid:84511830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648728/; classtype:trojan-activity;sid:84511828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648726)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648726/; classtype:trojan-activity;sid:84511826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648725/; classtype:trojan-activity;sid:84511825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648723)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648723/; classtype:trojan-activity;sid:84511823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648724)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648724/; classtype:trojan-activity;sid:84511824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585561/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648722/; classtype:trojan-activity;sid:84511822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648721)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648721/; classtype:trojan-activity;sid:84511821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648718)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648718/; classtype:trojan-activity;sid:84511818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648716)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648716/; classtype:trojan-activity;sid:84511816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648715)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648715/; classtype:trojan-activity;sid:84511815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648714)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648714/; classtype:trojan-activity;sid:84511814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648713)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648713/; classtype:trojan-activity;sid:84511813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648711/; classtype:trojan-activity;sid:84511811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648710/; classtype:trojan-activity;sid:84511810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648708/; classtype:trojan-activity;sid:84511808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648705)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648705/; classtype:trojan-activity;sid:84511805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648703)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648703/; classtype:trojan-activity;sid:84511803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648700/; classtype:trojan-activity;sid:84511800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648701)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648701/; classtype:trojan-activity;sid:84511801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648702/; classtype:trojan-activity;sid:84511802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648698/; classtype:trojan-activity;sid:84511798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648699)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648699/; classtype:trojan-activity;sid:84511799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648695)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648695/; classtype:trojan-activity;sid:84511795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648693/; classtype:trojan-activity;sid:84511793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648692/; classtype:trojan-activity;sid:84511792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648689/; classtype:trojan-activity;sid:84511789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648690/; classtype:trojan-activity;sid:84511790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168329/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648686/; classtype:trojan-activity;sid:84511786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648687)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648687/; classtype:trojan-activity;sid:84511787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167041/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648682/; classtype:trojan-activity;sid:84511782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648679/; classtype:trojan-activity;sid:84511779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648680/; classtype:trojan-activity;sid:84511780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648674/; classtype:trojan-activity;sid:84511774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648675/; classtype:trojan-activity;sid:84511775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648670/; classtype:trojan-activity;sid:84511770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648671)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648671/; classtype:trojan-activity;sid:84511771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566430/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648672/; classtype:trojan-activity;sid:84511772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604501/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648669/; classtype:trojan-activity;sid:84511769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648664)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648664/; classtype:trojan-activity;sid:84511764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648665)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648665/; classtype:trojan-activity;sid:84511765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648654)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648654/; classtype:trojan-activity;sid:84511754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648655/; classtype:trojan-activity;sid:84511755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648656/; classtype:trojan-activity;sid:84511756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230417/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648657/; classtype:trojan-activity;sid:84511757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648658)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648658/; classtype:trojan-activity;sid:84511758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648659)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648659/; classtype:trojan-activity;sid:84511759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648660/; classtype:trojan-activity;sid:84511760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648651)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648651/; classtype:trojan-activity;sid:84511751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648649/; classtype:trojan-activity;sid:84511749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648648/; classtype:trojan-activity;sid:84511748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648645)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648645/; classtype:trojan-activity;sid:84511745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648647/; classtype:trojan-activity;sid:84511747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648641/; classtype:trojan-activity;sid:84511741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648640/; classtype:trojan-activity;sid:84511740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604491/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648637/; classtype:trojan-activity;sid:84511737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648638/; classtype:trojan-activity;sid:84511738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585614/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648630/; classtype:trojan-activity;sid:84511730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648620)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648620/; classtype:trojan-activity;sid:84511720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648621/; classtype:trojan-activity;sid:84511721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648622/; classtype:trojan-activity;sid:84511722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648623/; classtype:trojan-activity;sid:84511723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648625/; classtype:trojan-activity;sid:84511725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648626/; classtype:trojan-activity;sid:84511726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648609)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648609/; classtype:trojan-activity;sid:84511709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648610/; classtype:trojan-activity;sid:84511710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648611/; classtype:trojan-activity;sid:84511711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648612)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648612/; classtype:trojan-activity;sid:84511712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648613)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648613/; classtype:trojan-activity;sid:84511713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648614/; classtype:trojan-activity;sid:84511714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648615)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648615/; classtype:trojan-activity;sid:84511715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648618)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648618/; classtype:trojan-activity;sid:84511718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648619)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648619/; classtype:trojan-activity;sid:84511719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648603/; classtype:trojan-activity;sid:84511703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648604/; classtype:trojan-activity;sid:84511704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648605)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648605/; classtype:trojan-activity;sid:84511705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648606/; classtype:trojan-activity;sid:84511706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648607/; classtype:trojan-activity;sid:84511707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648602)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648602/; classtype:trojan-activity;sid:84511702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648599/; classtype:trojan-activity;sid:84511699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648600/; classtype:trojan-activity;sid:84511700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648598)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648598/; classtype:trojan-activity;sid:84511698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648595)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648595/; classtype:trojan-activity;sid:84511695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648597)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648597/; classtype:trojan-activity;sid:84511697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648594/; classtype:trojan-activity;sid:84511694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648593)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648593/; classtype:trojan-activity;sid:84511693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648592/; classtype:trojan-activity;sid:84511692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648591)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648591/; classtype:trojan-activity;sid:84511691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171240/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648590/; classtype:trojan-activity;sid:84511690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648576)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648576/; classtype:trojan-activity;sid:84511676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648577)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648577/; classtype:trojan-activity;sid:84511677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648578)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/fonts/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648578/; classtype:trojan-activity;sid:84511678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648579)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648579/; classtype:trojan-activity;sid:84511679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648581)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648581/; classtype:trojan-activity;sid:84511681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648582)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648582/; classtype:trojan-activity;sid:84511682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648585/; classtype:trojan-activity;sid:84511685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648586)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648586/; classtype:trojan-activity;sid:84511686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648587)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648587/; classtype:trojan-activity;sid:84511687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648588/; classtype:trojan-activity;sid:84511688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648566/; classtype:trojan-activity;sid:84511666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648567/; classtype:trojan-activity;sid:84511667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600290/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648568/; classtype:trojan-activity;sid:84511668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648569)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648569/; classtype:trojan-activity;sid:84511669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648570)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648570/; classtype:trojan-activity;sid:84511670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172690/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648571/; classtype:trojan-activity;sid:84511671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648572/; classtype:trojan-activity;sid:84511672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648564)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648564/; classtype:trojan-activity;sid:84511664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624763/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648558/; classtype:trojan-activity;sid:84511658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648559/; classtype:trojan-activity;sid:84511659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2019-08-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648561/; classtype:trojan-activity;sid:84511661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171726/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648562/; classtype:trojan-activity;sid:84511662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648549)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250606-148/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648549/; classtype:trojan-activity;sid:84511649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648548)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648548/; classtype:trojan-activity;sid:84511648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648546)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pbdll/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648546/; classtype:trojan-activity;sid:84511646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240625-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648547/; classtype:trojan-activity;sid:84511647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648544)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221219-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648544/; classtype:trojan-activity;sid:84511644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648545/; classtype:trojan-activity;sid:84511645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648542/; classtype:trojan-activity;sid:84511642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648541)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648541/; classtype:trojan-activity;sid:84511641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648537)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250610-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648537/; classtype:trojan-activity;sid:84511637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648538/; classtype:trojan-activity;sid:84511638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648539/; classtype:trojan-activity;sid:84511639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648540/; classtype:trojan-activity;sid:84511640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648534)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648534/; classtype:trojan-activity;sid:84511634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648535)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648535/; classtype:trojan-activity;sid:84511635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648530)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648530/; classtype:trojan-activity;sid:84511630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241128-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648531/; classtype:trojan-activity;sid:84511631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648532)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231228-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648532/; classtype:trojan-activity;sid:84511632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648533/; classtype:trojan-activity;sid:84511633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648528)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250616-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648528/; classtype:trojan-activity;sid:84511628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648529)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648529/; classtype:trojan-activity;sid:84511629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648525/; classtype:trojan-activity;sid:84511625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648522/; classtype:trojan-activity;sid:84511622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648524)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648524/; classtype:trojan-activity;sid:84511624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648515)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648515/; classtype:trojan-activity;sid:84511615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648517)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648517/; classtype:trojan-activity;sid:84511617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648518)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648518/; classtype:trojan-activity;sid:84511618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648512)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648512/; classtype:trojan-activity;sid:84511612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648502)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648502/; classtype:trojan-activity;sid:84511602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648504/; classtype:trojan-activity;sid:84511604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648505)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648505/; classtype:trojan-activity;sid:84511605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648506)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648506/; classtype:trojan-activity;sid:84511606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648509)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231116-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648509/; classtype:trojan-activity;sid:84511609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648511)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648511/; classtype:trojan-activity;sid:84511611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648496)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648496/; classtype:trojan-activity;sid:84511596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648499)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648499/; classtype:trojan-activity;sid:84511599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648495)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648495/; classtype:trojan-activity;sid:84511595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648492)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648492/; classtype:trojan-activity;sid:84511592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648493)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648493/; classtype:trojan-activity;sid:84511593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648489)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648489/; classtype:trojan-activity;sid:84511589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648485)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648485/; classtype:trojan-activity;sid:84511585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648486)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648486/; classtype:trojan-activity;sid:84511586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648487)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/bjgl.pbd/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648487/; classtype:trojan-activity;sid:84511587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648480)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241016-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648480/; classtype:trojan-activity;sid:84511580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648479)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648479/; classtype:trojan-activity;sid:84511579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648475)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648475/; classtype:trojan-activity;sid:84511575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648476)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648476/; classtype:trojan-activity;sid:84511576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648477)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648477/; classtype:trojan-activity;sid:84511577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648473)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648473/; classtype:trojan-activity;sid:84511573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648474)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648474/; classtype:trojan-activity;sid:84511574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648471)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648471/; classtype:trojan-activity;sid:84511571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648472)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648472/; classtype:trojan-activity;sid:84511572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648470)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648470/; classtype:trojan-activity;sid:84511570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648468)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240527-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648468/; classtype:trojan-activity;sid:84511568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648463)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648463/; classtype:trojan-activity;sid:84511563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648464)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648464/; classtype:trojan-activity;sid:84511564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648465)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648465/; classtype:trojan-activity;sid:84511565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648460)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231101-141/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648460/; classtype:trojan-activity;sid:84511560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648458)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648458/; classtype:trojan-activity;sid:84511558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648459)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648459/; classtype:trojan-activity;sid:84511559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648456)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648456/; classtype:trojan-activity;sid:84511556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648457)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648457/; classtype:trojan-activity;sid:84511557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648455)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-136/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648455/; classtype:trojan-activity;sid:84511555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648452)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648452/; classtype:trojan-activity;sid:84511552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648453)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240718-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648453/; classtype:trojan-activity;sid:84511553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648454)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648454/; classtype:trojan-activity;sid:84511554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648451)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648451/; classtype:trojan-activity;sid:84511551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648445)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648445/; classtype:trojan-activity;sid:84511545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648446)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648446/; classtype:trojan-activity;sid:84511546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648447)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648447/; classtype:trojan-activity;sid:84511547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648448)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648448/; classtype:trojan-activity;sid:84511548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648450)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pdffactory_pro_setup/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648450/; classtype:trojan-activity;sid:84511550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648443)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648443/; classtype:trojan-activity;sid:84511543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648444)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230323-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648444/; classtype:trojan-activity;sid:84511544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648430)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240608-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648430/; classtype:trojan-activity;sid:84511530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648420)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/2052/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648420/; classtype:trojan-activity;sid:84511520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648421)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648421/; classtype:trojan-activity;sid:84511521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648422)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230213-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648422/; classtype:trojan-activity;sid:84511522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648413)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240914-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648413/; classtype:trojan-activity;sid:84511513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648417)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648417/; classtype:trojan-activity;sid:84511517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648405)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648405/; classtype:trojan-activity;sid:84511505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648406)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240326-093/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648406/; classtype:trojan-activity;sid:84511506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648407)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230518-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648407/; classtype:trojan-activity;sid:84511507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648408)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648408/; classtype:trojan-activity;sid:84511508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648410)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648410/; classtype:trojan-activity;sid:84511510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648398)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231008-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648398/; classtype:trojan-activity;sid:84511498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648399)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648399/; classtype:trojan-activity;sid:84511499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648400)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221017-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648400/; classtype:trojan-activity;sid:84511500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648401)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241007-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648401/; classtype:trojan-activity;sid:84511501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648402)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-098/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648402/; classtype:trojan-activity;sid:84511502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648404)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648404/; classtype:trojan-activity;sid:84511504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648396)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648396/; classtype:trojan-activity;sid:84511496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648393)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250617-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648393/; classtype:trojan-activity;sid:84511493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648392)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648392/; classtype:trojan-activity;sid:84511492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648386)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648386/; classtype:trojan-activity;sid:84511486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648387)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648387/; classtype:trojan-activity;sid:84511487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648388)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241024-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648388/; classtype:trojan-activity;sid:84511488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648389)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230719-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648389/; classtype:trojan-activity;sid:84511489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648384)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648384/; classtype:trojan-activity;sid:84511484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648381)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648381/; classtype:trojan-activity;sid:84511481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648382)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-088/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648382/; classtype:trojan-activity;sid:84511482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648377)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648377/; classtype:trojan-activity;sid:84511477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648378)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648378/; classtype:trojan-activity;sid:84511478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648379)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230829-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648379/; classtype:trojan-activity;sid:84511479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648375)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648375/; classtype:trojan-activity;sid:84511475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648376)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648376/; classtype:trojan-activity;sid:84511476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648374)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240905-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648374/; classtype:trojan-activity;sid:84511474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648373)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231114-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648373/; classtype:trojan-activity;sid:84511473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648371/; classtype:trojan-activity;sid:84511471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648368)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/e3ee6be74f9a/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648368/; classtype:trojan-activity;sid:84511468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648369)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231206-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648369/; classtype:trojan-activity;sid:84511469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648365)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221130-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648365/; classtype:trojan-activity;sid:84511465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648366)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648366/; classtype:trojan-activity;sid:84511466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648363)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648363/; classtype:trojan-activity;sid:84511463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648364)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230309-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648364/; classtype:trojan-activity;sid:84511464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648360)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648360/; classtype:trojan-activity;sid:84511460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648352)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648352/; classtype:trojan-activity;sid:84511452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648339)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648339/; classtype:trojan-activity;sid:84511439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648342)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230904-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648342/; classtype:trojan-activity;sid:84511442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648344)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250523-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648344/; classtype:trojan-activity;sid:84511444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648334)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648334/; classtype:trojan-activity;sid:84511434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648338)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648338/; classtype:trojan-activity;sid:84511438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648331)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648331/; classtype:trojan-activity;sid:84511431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648333)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240425-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648333/; classtype:trojan-activity;sid:84511433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648330)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648330/; classtype:trojan-activity;sid:84511430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648329)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648329/; classtype:trojan-activity;sid:84511429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648327)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648327/; classtype:trojan-activity;sid:84511427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648328)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221019-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648328/; classtype:trojan-activity;sid:84511428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648323)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648323/; classtype:trojan-activity;sid:84511423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648324/; classtype:trojan-activity;sid:84511424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648325)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648325/; classtype:trojan-activity;sid:84511425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648319)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648319/; classtype:trojan-activity;sid:84511419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648320)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648320/; classtype:trojan-activity;sid:84511420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648317)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648317/; classtype:trojan-activity;sid:84511417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648318)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648318/; classtype:trojan-activity;sid:84511418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648316)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648316/; classtype:trojan-activity;sid:84511416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648314)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250702-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648314/; classtype:trojan-activity;sid:84511414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648311)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230317-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648311/; classtype:trojan-activity;sid:84511411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648310)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230511-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648310/; classtype:trojan-activity;sid:84511410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648308)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648308/; classtype:trojan-activity;sid:84511408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648309)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648309/; classtype:trojan-activity;sid:84511409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648306)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648306/; classtype:trojan-activity;sid:84511406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648302)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648302/; classtype:trojan-activity;sid:84511402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648303)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240219-116/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648303/; classtype:trojan-activity;sid:84511403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648304)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648304/; classtype:trojan-activity;sid:84511404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648305)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648305/; classtype:trojan-activity;sid:84511405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648301)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648301/; classtype:trojan-activity;sid:84511401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648299)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648299/; classtype:trojan-activity;sid:84511399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648296)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648296/; classtype:trojan-activity;sid:84511396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648291)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648291/; classtype:trojan-activity;sid:84511391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648292)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648292/; classtype:trojan-activity;sid:84511392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648295)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648295/; classtype:trojan-activity;sid:84511395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648288)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240122-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648288/; classtype:trojan-activity;sid:84511388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648289)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648289/; classtype:trojan-activity;sid:84511389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648290)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/1033/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648290/; classtype:trojan-activity;sid:84511390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648287)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648287/; classtype:trojan-activity;sid:84511387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648284)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240724-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648284/; classtype:trojan-activity;sid:84511384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648285)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648285/; classtype:trojan-activity;sid:84511385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648282)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648282/; classtype:trojan-activity;sid:84511382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648279)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648279/; classtype:trojan-activity;sid:84511379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648277/; classtype:trojan-activity;sid:84511377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648275)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250513-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648275/; classtype:trojan-activity;sid:84511375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648276)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648276/; classtype:trojan-activity;sid:84511376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648273)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648273/; classtype:trojan-activity;sid:84511373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648270)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250403-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648270/; classtype:trojan-activity;sid:84511370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648266)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-114/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648266/; classtype:trojan-activity;sid:84511366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648262)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648262/; classtype:trojan-activity;sid:84511362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648258)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648258/; classtype:trojan-activity;sid:84511358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648259)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648259/; classtype:trojan-activity;sid:84511359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648260)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648260/; classtype:trojan-activity;sid:84511360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648255)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648255/; classtype:trojan-activity;sid:84511355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648254)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648254/; classtype:trojan-activity;sid:84511354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648253)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648253/; classtype:trojan-activity;sid:84511353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648251)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250331-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648251/; classtype:trojan-activity;sid:84511351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648250)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648250/; classtype:trojan-activity;sid:84511350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648248)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648248/; classtype:trojan-activity;sid:84511348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648246)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648246/; classtype:trojan-activity;sid:84511346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648247)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230508-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648247/; classtype:trojan-activity;sid:84511347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648243)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648243/; classtype:trojan-activity;sid:84511343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648244)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648244/; classtype:trojan-activity;sid:84511344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648245)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/css/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648245/; classtype:trojan-activity;sid:84511345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648241)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648241/; classtype:trojan-activity;sid:84511341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648242)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648242/; classtype:trojan-activity;sid:84511342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648229)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250717-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648229/; classtype:trojan-activity;sid:84511329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648230)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648230/; classtype:trojan-activity;sid:84511330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648231)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240312-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648231/; classtype:trojan-activity;sid:84511331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648233)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648233/; classtype:trojan-activity;sid:84511333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648228)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1050/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648228/; classtype:trojan-activity;sid:84511328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648223)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/otherup/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648223/; classtype:trojan-activity;sid:84511323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648224)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241225-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648224/; classtype:trojan-activity;sid:84511324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648227)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648227/; classtype:trojan-activity;sid:84511327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648222)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648222/; classtype:trojan-activity;sid:84511322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648220/; classtype:trojan-activity;sid:84511320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648221)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648221/; classtype:trojan-activity;sid:84511321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648219)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648219/; classtype:trojan-activity;sid:84511319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648215)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648215/; classtype:trojan-activity;sid:84511315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648211)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648211/; classtype:trojan-activity;sid:84511311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648212)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648212/; classtype:trojan-activity;sid:84511312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648205)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250408-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648205/; classtype:trojan-activity;sid:84511305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648206)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648206/; classtype:trojan-activity;sid:84511306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648207)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230922-167/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648207/; classtype:trojan-activity;sid:84511307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648201)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648201/; classtype:trojan-activity;sid:84511301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648204)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648204/; classtype:trojan-activity;sid:84511304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648194)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648194/; classtype:trojan-activity;sid:84511294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648195)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648195/; classtype:trojan-activity;sid:84511295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648196)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648196/; classtype:trojan-activity;sid:84511296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648198)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648198/; classtype:trojan-activity;sid:84511298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648199)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648199/; classtype:trojan-activity;sid:84511299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648200)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648200/; classtype:trojan-activity;sid:84511300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648191)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648191/; classtype:trojan-activity;sid:84511291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648192)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648192/; classtype:trojan-activity;sid:84511292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648193)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648193/; classtype:trojan-activity;sid:84511293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648190)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648190/; classtype:trojan-activity;sid:84511290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648185)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648185/; classtype:trojan-activity;sid:84511285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648186)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648186/; classtype:trojan-activity;sid:84511286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648181)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648181/; classtype:trojan-activity;sid:84511281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648182)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"202.84.41.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648182/; classtype:trojan-activity;sid:84511282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648183)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648183/; classtype:trojan-activity;sid:84511283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648184)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230415-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648184/; classtype:trojan-activity;sid:84511284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648176)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648176/; classtype:trojan-activity;sid:84511276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648177)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648177/; classtype:trojan-activity;sid:84511277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648173)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230712-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648173/; classtype:trojan-activity;sid:84511273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648174)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221201-071/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648174/; classtype:trojan-activity;sid:84511274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648168)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648168/; classtype:trojan-activity;sid:84511268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648169)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648169/; classtype:trojan-activity;sid:84511269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648166)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241019-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648166/; classtype:trojan-activity;sid:84511266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648164)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648164/; classtype:trojan-activity;sid:84511264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648165)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648165/; classtype:trojan-activity;sid:84511265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648162)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648162/; classtype:trojan-activity;sid:84511262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648157)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648157/; classtype:trojan-activity;sid:84511257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648158)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648158/; classtype:trojan-activity;sid:84511258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648160)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240918-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648160/; classtype:trojan-activity;sid:84511260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648161)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648161/; classtype:trojan-activity;sid:84511261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648155)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/e3ee6be74f9a/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648155/; classtype:trojan-activity;sid:84511255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648149)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648149/; classtype:trojan-activity;sid:84511249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648151)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648151/; classtype:trojan-activity;sid:84511251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648145)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648145/; classtype:trojan-activity;sid:84511245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648143)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648143/; classtype:trojan-activity;sid:84511243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648138)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648138/; classtype:trojan-activity;sid:84511238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648140)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648140/; classtype:trojan-activity;sid:84511240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648141)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648141/; classtype:trojan-activity;sid:84511241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648142)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240823-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648142/; classtype:trojan-activity;sid:84511242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648135)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250421-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648135/; classtype:trojan-activity;sid:84511235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648130)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648130/; classtype:trojan-activity;sid:84511230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648131)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250310-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648131/; classtype:trojan-activity;sid:84511231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648125)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pbdll/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648125/; classtype:trojan-activity;sid:84511225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648127)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648127/; classtype:trojan-activity;sid:84511227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648118)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648118/; classtype:trojan-activity;sid:84511218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648119)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648119/; classtype:trojan-activity;sid:84511219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648120)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648120/; classtype:trojan-activity;sid:84511220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648121)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648121/; classtype:trojan-activity;sid:84511221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648117)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648117/; classtype:trojan-activity;sid:84511217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648114)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648114/; classtype:trojan-activity;sid:84511214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648111)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240717-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648111/; classtype:trojan-activity;sid:84511211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648107)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648107/; classtype:trojan-activity;sid:84511207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648108)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240525-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648108/; classtype:trojan-activity;sid:84511208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648110)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648110/; classtype:trojan-activity;sid:84511210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648105/; classtype:trojan-activity;sid:84511205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648103)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648103/; classtype:trojan-activity;sid:84511203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648099)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648099/; classtype:trojan-activity;sid:84511199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648100/; classtype:trojan-activity;sid:84511200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648097)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648097/; classtype:trojan-activity;sid:84511197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648090)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648090/; classtype:trojan-activity;sid:84511190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648088)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648088/; classtype:trojan-activity;sid:84511188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648084)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648084/; classtype:trojan-activity;sid:84511184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648086)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648086/; classtype:trojan-activity;sid:84511186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648083)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648083/; classtype:trojan-activity;sid:84511183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648081)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648081/; classtype:trojan-activity;sid:84511181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648074)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230826-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648074/; classtype:trojan-activity;sid:84511174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648076)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648076/; classtype:trojan-activity;sid:84511176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648070)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648070/; classtype:trojan-activity;sid:84511170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648071)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648071/; classtype:trojan-activity;sid:84511171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648068/; classtype:trojan-activity;sid:84511168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648066)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648066/; classtype:trojan-activity;sid:84511166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648067)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648067/; classtype:trojan-activity;sid:84511167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648060)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648060/; classtype:trojan-activity;sid:84511160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648061)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648061/; classtype:trojan-activity;sid:84511161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648058)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648058/; classtype:trojan-activity;sid:84511158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240828-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648059/; classtype:trojan-activity;sid:84511159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648054)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648054/; classtype:trojan-activity;sid:84511154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648056)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648056/; classtype:trojan-activity;sid:84511156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648051)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648051/; classtype:trojan-activity;sid:84511151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648053)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648053/; classtype:trojan-activity;sid:84511153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648049)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648049/; classtype:trojan-activity;sid:84511149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648041)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/aspjpeg_setup/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648041/; classtype:trojan-activity;sid:84511141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648042)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648042/; classtype:trojan-activity;sid:84511142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250308-120/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648043/; classtype:trojan-activity;sid:84511143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648045)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648045/; classtype:trojan-activity;sid:84511145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648046/; classtype:trojan-activity;sid:84511146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648047)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240807-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648047/; classtype:trojan-activity;sid:84511147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648039)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648039/; classtype:trojan-activity;sid:84511139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648037)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648037/; classtype:trojan-activity;sid:84511137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648035)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250701-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648035/; classtype:trojan-activity;sid:84511135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648036)"; flow:established,from_client; content:"GET"; http_method; content:"/update/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648036/; classtype:trojan-activity;sid:84511136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648032)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648032/; classtype:trojan-activity;sid:84511132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648027)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241114-115/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648027/; classtype:trojan-activity;sid:84511127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648028)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648028/; classtype:trojan-activity;sid:84511128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648026)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648026/; classtype:trojan-activity;sid:84511126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648023)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250214-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648023/; classtype:trojan-activity;sid:84511123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241031-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648024/; classtype:trojan-activity;sid:84511124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648022)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648022/; classtype:trojan-activity;sid:84511122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648017)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648017/; classtype:trojan-activity;sid:84511117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648018)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648018/; classtype:trojan-activity;sid:84511118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648020)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648020/; classtype:trojan-activity;sid:84511120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648021)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648021/; classtype:trojan-activity;sid:84511121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648012)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648012/; classtype:trojan-activity;sid:84511112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648013/; classtype:trojan-activity;sid:84511113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648014/; classtype:trojan-activity;sid:84511114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648015)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648015/; classtype:trojan-activity;sid:84511115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230818-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648006/; classtype:trojan-activity;sid:84511106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648009)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648009/; classtype:trojan-activity;sid:84511109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648010)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241230-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648010/; classtype:trojan-activity;sid:84511110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648002)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250630-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648002/; classtype:trojan-activity;sid:84511102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648003)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648003/; classtype:trojan-activity;sid:84511103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648000)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648000/; classtype:trojan-activity;sid:84511100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648001/; classtype:trojan-activity;sid:84511101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647996)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/js/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647996/; classtype:trojan-activity;sid:84511096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647997)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647997/; classtype:trojan-activity;sid:84511097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647998)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647998/; classtype:trojan-activity;sid:84511098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647990)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647990/; classtype:trojan-activity;sid:84511090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647987)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647987/; classtype:trojan-activity;sid:84511087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647985)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647985/; classtype:trojan-activity;sid:84511085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250416-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647986/; classtype:trojan-activity;sid:84511086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647983)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647983/; classtype:trojan-activity;sid:84511083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647980)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230909-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647980/; classtype:trojan-activity;sid:84511080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647977)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240127-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647977/; classtype:trojan-activity;sid:84511077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647978)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647978/; classtype:trojan-activity;sid:84511078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647979)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647979/; classtype:trojan-activity;sid:84511079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647971)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221015-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647971/; classtype:trojan-activity;sid:84511071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647972)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647972/; classtype:trojan-activity;sid:84511072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647973)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647973/; classtype:trojan-activity;sid:84511073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647974)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230526-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647974/; classtype:trojan-activity;sid:84511074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230307-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647975/; classtype:trojan-activity;sid:84511075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647968)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647968/; classtype:trojan-activity;sid:84511068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647966)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647966/; classtype:trojan-activity;sid:84511066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647967)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647967/; classtype:trojan-activity;sid:84511067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647965)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647965/; classtype:trojan-activity;sid:84511065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647964)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240827-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647964/; classtype:trojan-activity;sid:84511064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647963)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.84.41.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647963/; classtype:trojan-activity;sid:84511063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647957)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647957/; classtype:trojan-activity;sid:84511057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647958)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647958/; classtype:trojan-activity;sid:84511058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647959)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250724-113/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647959/; classtype:trojan-activity;sid:84511059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647960)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647960/; classtype:trojan-activity;sid:84511060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647961)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647961/; classtype:trojan-activity;sid:84511061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647952)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647952/; classtype:trojan-activity;sid:84511052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647953)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241105-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647953/; classtype:trojan-activity;sid:84511053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647954)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240328-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647954/; classtype:trojan-activity;sid:84511054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647948)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647948/; classtype:trojan-activity;sid:84511048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647949)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647949/; classtype:trojan-activity;sid:84511049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647945)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647945/; classtype:trojan-activity;sid:84511045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647938)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220917-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647938/; classtype:trojan-activity;sid:84511038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647939)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647939/; classtype:trojan-activity;sid:84511039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647934)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647934/; classtype:trojan-activity;sid:84511034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647936)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240308-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647936/; classtype:trojan-activity;sid:84511036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647932)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647932/; classtype:trojan-activity;sid:84511032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647933)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647933/; classtype:trojan-activity;sid:84511033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647930)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647930/; classtype:trojan-activity;sid:84511030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647929)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647929/; classtype:trojan-activity;sid:84511029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647924)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647924/; classtype:trojan-activity;sid:84511024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647925)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647925/; classtype:trojan-activity;sid:84511025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-041/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647920/; classtype:trojan-activity;sid:84511020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647921)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/cpbz/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647921/; classtype:trojan-activity;sid:84511021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647923)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647923/; classtype:trojan-activity;sid:84511023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647914)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241106-151/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647914/; classtype:trojan-activity;sid:84511014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647916)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647916/; classtype:trojan-activity;sid:84511016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647917)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647917/; classtype:trojan-activity;sid:84511017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647918)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647918/; classtype:trojan-activity;sid:84511018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647913)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250212-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647913/; classtype:trojan-activity;sid:84511013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647910)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647910/; classtype:trojan-activity;sid:84511010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647911)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647911/; classtype:trojan-activity;sid:84511011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647909)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647909/; classtype:trojan-activity;sid:84511009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647908)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230817-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647908/; classtype:trojan-activity;sid:84511008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-119/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647905/; classtype:trojan-activity;sid:84511005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647906)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250219-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647906/; classtype:trojan-activity;sid:84511006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647901)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647901/; classtype:trojan-activity;sid:84511001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647902)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647902/; classtype:trojan-activity;sid:84511002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647904)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221227-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647904/; classtype:trojan-activity;sid:84511004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647898)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647898/; classtype:trojan-activity;sid:84510998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647899)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647899/; classtype:trojan-activity;sid:84510999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647897)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240423-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647897/; classtype:trojan-activity;sid:84510997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647895)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647895/; classtype:trojan-activity;sid:84510995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240919-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647887/; classtype:trojan-activity;sid:84510987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647888)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647888/; classtype:trojan-activity;sid:84510988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647890)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647890/; classtype:trojan-activity;sid:84510990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647891)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647891/; classtype:trojan-activity;sid:84510991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647892)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647892/; classtype:trojan-activity;sid:84510992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647883)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647883/; classtype:trojan-activity;sid:84510983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647884)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647884/; classtype:trojan-activity;sid:84510984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647885)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647885/; classtype:trojan-activity;sid:84510985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647886)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647886/; classtype:trojan-activity;sid:84510986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647878)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647878/; classtype:trojan-activity;sid:84510978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647874)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647874/; classtype:trojan-activity;sid:84510974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647875)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647875/; classtype:trojan-activity;sid:84510975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647872)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250214-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647872/; classtype:trojan-activity;sid:84510972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647873)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647873/; classtype:trojan-activity;sid:84510973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647870)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647870/; classtype:trojan-activity;sid:84510970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230403-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647871/; classtype:trojan-activity;sid:84510971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647865)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240711-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647865/; classtype:trojan-activity;sid:84510965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647867)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241008-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647867/; classtype:trojan-activity;sid:84510967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647868)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647868/; classtype:trojan-activity;sid:84510968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647859)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647859/; classtype:trojan-activity;sid:84510959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647860)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647860/; classtype:trojan-activity;sid:84510960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647862)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647862/; classtype:trojan-activity;sid:84510962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647857)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647857/; classtype:trojan-activity;sid:84510957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647854)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230607-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647854/; classtype:trojan-activity;sid:84510954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647855/; classtype:trojan-activity;sid:84510955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647847)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250110-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647847/; classtype:trojan-activity;sid:84510947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647848)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647848/; classtype:trojan-activity;sid:84510948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647849)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231120-099/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647849/; classtype:trojan-activity;sid:84510949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647850)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647850/; classtype:trojan-activity;sid:84510950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647846)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647846/; classtype:trojan-activity;sid:84510946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647839)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647839/; classtype:trojan-activity;sid:84510939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647841)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647841/; classtype:trojan-activity;sid:84510941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647843)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240912-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647843/; classtype:trojan-activity;sid:84510943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647844)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230406-086/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647844/; classtype:trojan-activity;sid:84510944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647845)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230424-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647845/; classtype:trojan-activity;sid:84510945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647832)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647832/; classtype:trojan-activity;sid:84510932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647833)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647833/; classtype:trojan-activity;sid:84510933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647827)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250604-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647827/; classtype:trojan-activity;sid:84510927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647828)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647828/; classtype:trojan-activity;sid:84510928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647829)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647829/; classtype:trojan-activity;sid:84510929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647830/; classtype:trojan-activity;sid:84510930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647831)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250626-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647831/; classtype:trojan-activity;sid:84510931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647823)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230918-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647823/; classtype:trojan-activity;sid:84510923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647824)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-165/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647824/; classtype:trojan-activity;sid:84510924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647816)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250104-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647816/; classtype:trojan-activity;sid:84510916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647817)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221213-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647817/; classtype:trojan-activity;sid:84510917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647815)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221110-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647815/; classtype:trojan-activity;sid:84510915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647812)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240619-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647812/; classtype:trojan-activity;sid:84510912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647806)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647806/; classtype:trojan-activity;sid:84510906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647803)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647803/; classtype:trojan-activity;sid:84510903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647805)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647805/; classtype:trojan-activity;sid:84510905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647800)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250628-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647800/; classtype:trojan-activity;sid:84510900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647801)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647801/; classtype:trojan-activity;sid:84510901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647802)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647802/; classtype:trojan-activity;sid:84510902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647795)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-096/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647795/; classtype:trojan-activity;sid:84510895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647798)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647798/; classtype:trojan-activity;sid:84510898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647792)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230414-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647792/; classtype:trojan-activity;sid:84510892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647790)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647790/; classtype:trojan-activity;sid:84510890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647791)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647791/; classtype:trojan-activity;sid:84510891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647787/; classtype:trojan-activity;sid:84510887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647788)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647788/; classtype:trojan-activity;sid:84510888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647786)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647786/; classtype:trojan-activity;sid:84510886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647782)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647782/; classtype:trojan-activity;sid:84510882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647783)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250328-154/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647783/; classtype:trojan-activity;sid:84510883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647780)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647780/; classtype:trojan-activity;sid:84510880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647781)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647781/; classtype:trojan-activity;sid:84510881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647777)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647777/; classtype:trojan-activity;sid:84510877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647778)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231213-078/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647778/; classtype:trojan-activity;sid:84510878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647779)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tx/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647779/; classtype:trojan-activity;sid:84510879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647772)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220825-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647772/; classtype:trojan-activity;sid:84510872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647773)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647773/; classtype:trojan-activity;sid:84510873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647776)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647776/; classtype:trojan-activity;sid:84510876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647771)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230503-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647771/; classtype:trojan-activity;sid:84510871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647769)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647769/; classtype:trojan-activity;sid:84510869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647764)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241211-068/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647764/; classtype:trojan-activity;sid:84510864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647765)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647765/; classtype:trojan-activity;sid:84510865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647767)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-108/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647767/; classtype:trojan-activity;sid:84510867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647760)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647760/; classtype:trojan-activity;sid:84510860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647762)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241219-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647762/; classtype:trojan-activity;sid:84510862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647757)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647757/; classtype:trojan-activity;sid:84510857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647758)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647758/; classtype:trojan-activity;sid:84510858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647750)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647750/; classtype:trojan-activity;sid:84510850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647751)"; flow:established,from_client; content:"GET"; http_method; content:"/dddrupdate/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647751/; classtype:trojan-activity;sid:84510851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647753)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/ylcgd/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647753/; classtype:trojan-activity;sid:84510853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647749)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/goods/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647749/; classtype:trojan-activity;sid:84510849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647744)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647744/; classtype:trojan-activity;sid:84510844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647745)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647745/; classtype:trojan-activity;sid:84510845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647746)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647746/; classtype:trojan-activity;sid:84510846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647743)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240701-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647743/; classtype:trojan-activity;sid:84510843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647740/; classtype:trojan-activity;sid:84510840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250305-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647738/; classtype:trojan-activity;sid:84510838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647739)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647739/; classtype:trojan-activity;sid:84510839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647736)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647736/; classtype:trojan-activity;sid:84510836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647732)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647732/; classtype:trojan-activity;sid:84510832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647729)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240224-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647729/; classtype:trojan-activity;sid:84510829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647724)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647724/; classtype:trojan-activity;sid:84510824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647722)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647722/; classtype:trojan-activity;sid:84510822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647720)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647720/; classtype:trojan-activity;sid:84510820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647721)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647721/; classtype:trojan-activity;sid:84510821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647709)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647709/; classtype:trojan-activity;sid:84510809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647707)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647707/; classtype:trojan-activity;sid:84510807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647701)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240521-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647701/; classtype:trojan-activity;sid:84510801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647703)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240907-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647703/; classtype:trojan-activity;sid:84510803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647704)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647704/; classtype:trojan-activity;sid:84510804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647705)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647705/; classtype:trojan-activity;sid:84510805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/images/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647698/; classtype:trojan-activity;sid:84510798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647694)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231026-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647694/; classtype:trojan-activity;sid:84510794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647695)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230728-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647695/; classtype:trojan-activity;sid:84510795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647692)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647692/; classtype:trojan-activity;sid:84510792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647687)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647687/; classtype:trojan-activity;sid:84510787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647686)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240315-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647686/; classtype:trojan-activity;sid:84510786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647684)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647684/; classtype:trojan-activity;sid:84510784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647677)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240413-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647677/; classtype:trojan-activity;sid:84510777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647678)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647678/; classtype:trojan-activity;sid:84510778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647673)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647673/; classtype:trojan-activity;sid:84510773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647675)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647675/; classtype:trojan-activity;sid:84510775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647669)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647669/; classtype:trojan-activity;sid:84510769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647670)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647670/; classtype:trojan-activity;sid:84510770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647671)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647671/; classtype:trojan-activity;sid:84510771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647672)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250621-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647672/; classtype:trojan-activity;sid:84510772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647667)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647667/; classtype:trojan-activity;sid:84510767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647663)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647663/; classtype:trojan-activity;sid:84510763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647659)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-126/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647659/; classtype:trojan-activity;sid:84510759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647660)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220913-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647660/; classtype:trojan-activity;sid:84510760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647661)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647661/; classtype:trojan-activity;sid:84510761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647652)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647652/; classtype:trojan-activity;sid:84510752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647653)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647653/; classtype:trojan-activity;sid:84510753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647656)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240830-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647656/; classtype:trojan-activity;sid:84510756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647657/; classtype:trojan-activity;sid:84510757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241130-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647648/; classtype:trojan-activity;sid:84510748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647644)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647644/; classtype:trojan-activity;sid:84510744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647646)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647646/; classtype:trojan-activity;sid:84510746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647639)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647639/; classtype:trojan-activity;sid:84510739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647640)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647640/; classtype:trojan-activity;sid:84510740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647637)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250516-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647637/; classtype:trojan-activity;sid:84510737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647629)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647629/; classtype:trojan-activity;sid:84510729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647630)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647630/; classtype:trojan-activity;sid:84510730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647631)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240618-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647631/; classtype:trojan-activity;sid:84510731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647632)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647632/; classtype:trojan-activity;sid:84510732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647633)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647633/; classtype:trojan-activity;sid:84510733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647634)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647634/; classtype:trojan-activity;sid:84510734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647636)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647636/; classtype:trojan-activity;sid:84510736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647624)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647624/; classtype:trojan-activity;sid:84510724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/famen/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647626/; classtype:trojan-activity;sid:84510726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647627)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647627/; classtype:trojan-activity;sid:84510727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647621)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647621/; classtype:trojan-activity;sid:84510721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647622)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241113-091/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647622/; classtype:trojan-activity;sid:84510722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647620)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220929-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647620/; classtype:trojan-activity;sid:84510720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647614)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647614/; classtype:trojan-activity;sid:84510714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647615)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647615/; classtype:trojan-activity;sid:84510715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647616)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241029-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647616/; classtype:trojan-activity;sid:84510716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647618)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647618/; classtype:trojan-activity;sid:84510718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647613)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647613/; classtype:trojan-activity;sid:84510713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647608)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647608/; classtype:trojan-activity;sid:84510708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647609)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647609/; classtype:trojan-activity;sid:84510709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647610)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647610/; classtype:trojan-activity;sid:84510710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647606)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647606/; classtype:trojan-activity;sid:84510706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647607/; classtype:trojan-activity;sid:84510707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647600)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241112-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647600/; classtype:trojan-activity;sid:84510700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647601)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647601/; classtype:trojan-activity;sid:84510701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647602)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647602/; classtype:trojan-activity;sid:84510702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647599)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221209-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647599/; classtype:trojan-activity;sid:84510699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647595)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647595/; classtype:trojan-activity;sid:84510695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647596)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240722-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647596/; classtype:trojan-activity;sid:84510696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647597)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647597/; classtype:trojan-activity;sid:84510697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647589)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240831-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647589/; classtype:trojan-activity;sid:84510689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647591)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240913-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647591/; classtype:trojan-activity;sid:84510691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647592)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250726-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647592/; classtype:trojan-activity;sid:84510692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647582)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647582/; classtype:trojan-activity;sid:84510682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647584)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647584/; classtype:trojan-activity;sid:84510684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647586)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231016-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647586/; classtype:trojan-activity;sid:84510686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647587)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sbillno/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647587/; classtype:trojan-activity;sid:84510687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647579)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250718-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647579/; classtype:trojan-activity;sid:84510679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647577)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647577/; classtype:trojan-activity;sid:84510677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221125-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647571/; classtype:trojan-activity;sid:84510671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-121/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647574/; classtype:trojan-activity;sid:84510674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647575)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647575/; classtype:trojan-activity;sid:84510675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647570)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647570/; classtype:trojan-activity;sid:84510670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647521)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.255.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647521/; classtype:trojan-activity;sid:84510621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647520)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.186.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647520/; classtype:trojan-activity;sid:84510620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.220.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647513/; classtype:trojan-activity;sid:84510613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.213.79.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647511/; classtype:trojan-activity;sid:84510611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.46.55.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647503/; classtype:trojan-activity;sid:84510603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647487/; classtype:trojan-activity;sid:84510587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647472/; classtype:trojan-activity;sid:84510572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647474/; classtype:trojan-activity;sid:84510574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647475)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647475/; classtype:trojan-activity;sid:84510575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647476/; classtype:trojan-activity;sid:84510576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647457)"; flow:established,from_client; content:"GET"; http_method; content:"/recipes/staging/a-89fb7017-7780-4b72-950d-c2db1146a34a.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"best10cdn.blob.core.windows.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647457/; classtype:trojan-activity;sid:84510557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646722)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.192.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646722/; classtype:trojan-activity;sid:84509822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646721)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646721/; classtype:trojan-activity;sid:84509821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646720)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646720/; classtype:trojan-activity;sid:84509820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646719)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646719/; classtype:trojan-activity;sid:84509819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646717)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646717/; classtype:trojan-activity;sid:84509817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646716)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646716/; classtype:trojan-activity;sid:84509816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646714)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646714/; classtype:trojan-activity;sid:84509814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646715)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646715/; classtype:trojan-activity;sid:84509815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646713)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646713/; classtype:trojan-activity;sid:84509813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646707)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646707/; classtype:trojan-activity;sid:84509807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646708)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646708/; classtype:trojan-activity;sid:84509808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646709)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646709/; classtype:trojan-activity;sid:84509809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646710)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646710/; classtype:trojan-activity;sid:84509810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646711)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646711/; classtype:trojan-activity;sid:84509811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646712)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646712/; classtype:trojan-activity;sid:84509812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646706)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646706/; classtype:trojan-activity;sid:84509806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646705)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646705/; classtype:trojan-activity;sid:84509805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646702)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646702/; classtype:trojan-activity;sid:84509802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646703)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646703/; classtype:trojan-activity;sid:84509803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646704)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/07/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646704/; classtype:trojan-activity;sid:84509804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646701)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646701/; classtype:trojan-activity;sid:84509801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.72.166.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646675/; classtype:trojan-activity;sid:84509775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646666)"; flow:established,from_client; content:"GET"; http_method; content:"/files/740061926/8ciugjz.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646666/; classtype:trojan-activity;sid:84509766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646601/; classtype:trojan-activity;sid:84509701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646536)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251002111333.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646536/; classtype:trojan-activity;sid:84509636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646426)"; flow:established,from_client; content:"GET"; http_method; content:"/images/optimized_msi.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646426/; classtype:trojan-activity;sid:84509526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/connectwisecontrol.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:88; isdataat:!1,relative; nocase; content:"jsc091.frauddefensecorp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646423/; classtype:trojan-activity;sid:84509523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646414)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646414/; classtype:trojan-activity;sid:84509514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646420)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646420/; classtype:trojan-activity;sid:84509520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646403)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343h"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646403/; classtype:trojan-activity;sid:84509503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646408)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jqqvlru0vaih3z.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"toolshare.com.tr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646408/; classtype:trojan-activity;sid:84509508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.13.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646344/; classtype:trojan-activity;sid:84509444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.90.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646327/; classtype:trojan-activity;sid:84509427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646205/; classtype:trojan-activity;sid:84509305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646197/; classtype:trojan-activity;sid:84509297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646151/; classtype:trojan-activity;sid:84509251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645969)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645969/; classtype:trojan-activity;sid:84509069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645970)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.scr"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645970/; classtype:trojan-activity;sid:84509070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645971)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645971/; classtype:trojan-activity;sid:84509071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645967)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645967/; classtype:trojan-activity;sid:84509067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645962)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645962/; classtype:trojan-activity;sid:84509062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645964)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645964/; classtype:trojan-activity;sid:84509064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645965)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645965/; classtype:trojan-activity;sid:84509065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645961)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645961/; classtype:trojan-activity;sid:84509061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645960)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645960/; classtype:trojan-activity;sid:84509060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645957)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645957/; classtype:trojan-activity;sid:84509057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645955)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645955/; classtype:trojan-activity;sid:84509055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645956)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645956/; classtype:trojan-activity;sid:84509056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.185.26.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645874/; classtype:trojan-activity;sid:84508974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645807/; classtype:trojan-activity;sid:84508907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642808)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642808/; classtype:trojan-activity;sid:84505908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642807)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642807/; classtype:trojan-activity;sid:84505907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642806)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/scripts/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642806/; classtype:trojan-activity;sid:84505906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642804)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/info/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642804/; classtype:trojan-activity;sid:84505904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642805)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642805/; classtype:trojan-activity;sid:84505905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642803)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/wicon/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642803/; classtype:trojan-activity;sid:84505903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642799)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202308/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642799/; classtype:trojan-activity;sid:84505899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642800)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/0f/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642800/; classtype:trojan-activity;sid:84505900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642801)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642801/; classtype:trojan-activity;sid:84505901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642802)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/exceptions/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642802/; classtype:trojan-activity;sid:84505902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642796)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202304/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642796/; classtype:trojan-activity;sid:84505896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642797)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/resource/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642797/; classtype:trojan-activity;sid:84505897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642798)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642798/; classtype:trojan-activity;sid:84505898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642794)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642794/; classtype:trojan-activity;sid:84505894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642795)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642795/; classtype:trojan-activity;sid:84505895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642791)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642791/; classtype:trojan-activity;sid:84505891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642792)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642792/; classtype:trojan-activity;sid:84505892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642793)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642793/; classtype:trojan-activity;sid:84505893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642789)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642789/; classtype:trojan-activity;sid:84505889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642790)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642790/; classtype:trojan-activity;sid:84505890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642786)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642786/; classtype:trojan-activity;sid:84505886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642787)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642787/; classtype:trojan-activity;sid:84505887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642788)"; flow:established,from_client; content:"GET"; http_method; content:"/big/microsoft.sql.server.2012.enterprise.edition.with.service.pack.1-kopie/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642788/; classtype:trojan-activity;sid:84505888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642785)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642785/; classtype:trojan-activity;sid:84505885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642783)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642783/; classtype:trojan-activity;sid:84505883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642784)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642784/; classtype:trojan-activity;sid:84505884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642781)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642781/; classtype:trojan-activity;sid:84505881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642782)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642782/; classtype:trojan-activity;sid:84505882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642777)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642777/; classtype:trojan-activity;sid:84505877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642778)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642778/; classtype:trojan-activity;sid:84505878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642779)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642779/; classtype:trojan-activity;sid:84505879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642780)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642780/; classtype:trojan-activity;sid:84505880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642775)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642775/; classtype:trojan-activity;sid:84505875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642776)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642776/; classtype:trojan-activity;sid:84505876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642770)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642770/; classtype:trojan-activity;sid:84505870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642771)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642771/; classtype:trojan-activity;sid:84505871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642772)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642772/; classtype:trojan-activity;sid:84505872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642773)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642773/; classtype:trojan-activity;sid:84505873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642769)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642769/; classtype:trojan-activity;sid:84505869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642765)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202206/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642765/; classtype:trojan-activity;sid:84505865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642766)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642766/; classtype:trojan-activity;sid:84505866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642767)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642767/; classtype:trojan-activity;sid:84505867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642768)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642768/; classtype:trojan-activity;sid:84505868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642761)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642761/; classtype:trojan-activity;sid:84505861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642762)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/8a/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642762/; classtype:trojan-activity;sid:84505862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642763)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642763/; classtype:trojan-activity;sid:84505863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642764)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642764/; classtype:trojan-activity;sid:84505864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642758)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642758/; classtype:trojan-activity;sid:84505858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642759)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642759/; classtype:trojan-activity;sid:84505859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642760)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642760/; classtype:trojan-activity;sid:84505860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642756)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/scripts/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642756/; classtype:trojan-activity;sid:84505856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642757)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/wicon/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642757/; classtype:trojan-activity;sid:84505857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642754)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642754/; classtype:trojan-activity;sid:84505854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642755)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642755/; classtype:trojan-activity;sid:84505855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642753)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642753/; classtype:trojan-activity;sid:84505853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642750)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642750/; classtype:trojan-activity;sid:84505850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642751)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642751/; classtype:trojan-activity;sid:84505851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642748)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642748/; classtype:trojan-activity;sid:84505848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642749)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642749/; classtype:trojan-activity;sid:84505849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642746)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642746/; classtype:trojan-activity;sid:84505846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642747)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642747/; classtype:trojan-activity;sid:84505847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642744)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642744/; classtype:trojan-activity;sid:84505844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642743)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642743/; classtype:trojan-activity;sid:84505843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642741)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202205/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642741/; classtype:trojan-activity;sid:84505841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642742)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642742/; classtype:trojan-activity;sid:84505842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642739)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642739/; classtype:trojan-activity;sid:84505839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642735)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642735/; classtype:trojan-activity;sid:84505835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642736)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642736/; classtype:trojan-activity;sid:84505836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642737)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642737/; classtype:trojan-activity;sid:84505837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642738)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642738/; classtype:trojan-activity;sid:84505838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642733)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642733/; classtype:trojan-activity;sid:84505833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642734)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642734/; classtype:trojan-activity;sid:84505834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642731)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642731/; classtype:trojan-activity;sid:84505831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642732)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642732/; classtype:trojan-activity;sid:84505832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642727)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202207/sjk-ic/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642727/; classtype:trojan-activity;sid:84505827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642728)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642728/; classtype:trojan-activity;sid:84505828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642729)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642729/; classtype:trojan-activity;sid:84505829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642730)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642730/; classtype:trojan-activity;sid:84505830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642726)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642726/; classtype:trojan-activity;sid:84505826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642725)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642725/; classtype:trojan-activity;sid:84505825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642724)"; flow:established,from_client; content:"GET"; http_method; content:"/wimx/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642724/; classtype:trojan-activity;sid:84505824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642722)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642722/; classtype:trojan-activity;sid:84505822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642723)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642723/; classtype:trojan-activity;sid:84505823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642720)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642720/; classtype:trojan-activity;sid:84505820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642721)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642721/; classtype:trojan-activity;sid:84505821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642714)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642714/; classtype:trojan-activity;sid:84505814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642715)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642715/; classtype:trojan-activity;sid:84505815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642716)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642716/; classtype:trojan-activity;sid:84505816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642717)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/inipaytest/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642717/; classtype:trojan-activity;sid:84505817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642718)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/heads/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642718/; classtype:trojan-activity;sid:84505818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642719)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642719/; classtype:trojan-activity;sid:84505819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642712)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642712/; classtype:trojan-activity;sid:84505812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642713)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642713/; classtype:trojan-activity;sid:84505813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642710)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642710/; classtype:trojan-activity;sid:84505810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642707)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642707/; classtype:trojan-activity;sid:84505807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642703)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642703/; classtype:trojan-activity;sid:84505803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642704)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642704/; classtype:trojan-activity;sid:84505804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642705)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642705/; classtype:trojan-activity;sid:84505805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642706)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642706/; classtype:trojan-activity;sid:84505806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642700)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642700/; classtype:trojan-activity;sid:84505800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642702)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642702/; classtype:trojan-activity;sid:84505802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642699)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642699/; classtype:trojan-activity;sid:84505799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642695)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/plc/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642695/; classtype:trojan-activity;sid:84505795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642696)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642696/; classtype:trojan-activity;sid:84505796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642697)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642697/; classtype:trojan-activity;sid:84505797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642694)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642694/; classtype:trojan-activity;sid:84505794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642693)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642693/; classtype:trojan-activity;sid:84505793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642689)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642689/; classtype:trojan-activity;sid:84505789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642690)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642690/; classtype:trojan-activity;sid:84505790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642691)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642691/; classtype:trojan-activity;sid:84505791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642685)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642685/; classtype:trojan-activity;sid:84505785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642686)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642686/; classtype:trojan-activity;sid:84505786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642687)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642687/; classtype:trojan-activity;sid:84505787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642688)"; flow:established,from_client; content:"GET"; http_method; content:"/areas/helppage/models/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642688/; classtype:trojan-activity;sid:84505788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642679)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642679/; classtype:trojan-activity;sid:84505779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642680)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642680/; classtype:trojan-activity;sid:84505780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642681)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642681/; classtype:trojan-activity;sid:84505781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642682)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642682/; classtype:trojan-activity;sid:84505782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642683)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642683/; classtype:trojan-activity;sid:84505783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642684)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642684/; classtype:trojan-activity;sid:84505784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642678)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642678/; classtype:trojan-activity;sid:84505778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642674)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642674/; classtype:trojan-activity;sid:84505774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642675)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642675/; classtype:trojan-activity;sid:84505775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642676)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642676/; classtype:trojan-activity;sid:84505776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642677)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642677/; classtype:trojan-activity;sid:84505777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642673)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642673/; classtype:trojan-activity;sid:84505773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642667)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642667/; classtype:trojan-activity;sid:84505767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642668)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642668/; classtype:trojan-activity;sid:84505768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642669)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642669/; classtype:trojan-activity;sid:84505769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642670)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642670/; classtype:trojan-activity;sid:84505770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642671)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642671/; classtype:trojan-activity;sid:84505771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642672)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642672/; classtype:trojan-activity;sid:84505772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642664)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642664/; classtype:trojan-activity;sid:84505764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642665)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642665/; classtype:trojan-activity;sid:84505765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642666)"; flow:established,from_client; content:"GET"; http_method; content:"/data/ingprice_%ec%9b%90%eb%a3%8c%ea%b0%80%ea%b2%a9/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642666/; classtype:trojan-activity;sid:84505766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642663)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642663/; classtype:trojan-activity;sid:84505763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642662)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642662/; classtype:trojan-activity;sid:84505762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642661)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642661/; classtype:trojan-activity;sid:84505761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642655)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642655/; classtype:trojan-activity;sid:84505755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642657)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/a4/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642657/; classtype:trojan-activity;sid:84505757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642658)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642658/; classtype:trojan-activity;sid:84505758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642659)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642659/; classtype:trojan-activity;sid:84505759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642649)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642649/; classtype:trojan-activity;sid:84505749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642650)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/remotes/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642650/; classtype:trojan-activity;sid:84505750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642651)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642651/; classtype:trojan-activity;sid:84505751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642652)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/resource/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642652/; classtype:trojan-activity;sid:84505752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642653)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642653/; classtype:trojan-activity;sid:84505753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642646)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642646/; classtype:trojan-activity;sid:84505746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642647)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/scripts/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642647/; classtype:trojan-activity;sid:84505747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642648)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642648/; classtype:trojan-activity;sid:84505748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642644)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642644/; classtype:trojan-activity;sid:84505744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642645)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/wicon/__pycache__/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642645/; classtype:trojan-activity;sid:84505745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642640)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642640/; classtype:trojan-activity;sid:84505740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642641)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642641/; classtype:trojan-activity;sid:84505741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642642)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642642/; classtype:trojan-activity;sid:84505742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642643)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/log/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642643/; classtype:trojan-activity;sid:84505743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642637)"; flow:established,from_client; content:"GET"; http_method; content:"/device/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642637/; classtype:trojan-activity;sid:84505737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642638)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642638/; classtype:trojan-activity;sid:84505738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642636)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642636/; classtype:trojan-activity;sid:84505736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642635)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642635/; classtype:trojan-activity;sid:84505735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642633)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642633/; classtype:trojan-activity;sid:84505733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642631)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642631/; classtype:trojan-activity;sid:84505731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642624)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642624/; classtype:trojan-activity;sid:84505724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642625)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642625/; classtype:trojan-activity;sid:84505725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642626)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642626/; classtype:trojan-activity;sid:84505726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642627)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642627/; classtype:trojan-activity;sid:84505727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642628)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642628/; classtype:trojan-activity;sid:84505728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642629)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642629/; classtype:trojan-activity;sid:84505729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642630)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642630/; classtype:trojan-activity;sid:84505730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642623)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642623/; classtype:trojan-activity;sid:84505723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642621)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642621/; classtype:trojan-activity;sid:84505721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642622)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642622/; classtype:trojan-activity;sid:84505722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642617)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642617/; classtype:trojan-activity;sid:84505717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642618)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642618/; classtype:trojan-activity;sid:84505718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642619)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642619/; classtype:trojan-activity;sid:84505719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642620)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642620/; classtype:trojan-activity;sid:84505720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642616)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642616/; classtype:trojan-activity;sid:84505716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642613)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/eb/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642613/; classtype:trojan-activity;sid:84505713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642614)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/04/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642614/; classtype:trojan-activity;sid:84505714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642615)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"134.195.137.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642615/; classtype:trojan-activity;sid:84505715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642612)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642612/; classtype:trojan-activity;sid:84505712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642608)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642608/; classtype:trojan-activity;sid:84505708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642609)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642609/; classtype:trojan-activity;sid:84505709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642610)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642610/; classtype:trojan-activity;sid:84505710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642611)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642611/; classtype:trojan-activity;sid:84505711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642606)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642606/; classtype:trojan-activity;sid:84505706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642607)"; flow:established,from_client; content:"GET"; http_method; content:"/log/error/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642607/; classtype:trojan-activity;sid:84505707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642603)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642603/; classtype:trojan-activity;sid:84505703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642604)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642604/; classtype:trojan-activity;sid:84505704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642598)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642598/; classtype:trojan-activity;sid:84505698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642599)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642599/; classtype:trojan-activity;sid:84505699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642600)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642600/; classtype:trojan-activity;sid:84505700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642601)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642601/; classtype:trojan-activity;sid:84505701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642596)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642596/; classtype:trojan-activity;sid:84505696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642597)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642597/; classtype:trojan-activity;sid:84505697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642595)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642595/; classtype:trojan-activity;sid:84505695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642590)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/03/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642590/; classtype:trojan-activity;sid:84505690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642591)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642591/; classtype:trojan-activity;sid:84505691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642592)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/pack/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642592/; classtype:trojan-activity;sid:84505692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642593)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642593/; classtype:trojan-activity;sid:84505693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642594)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642594/; classtype:trojan-activity;sid:84505694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642588)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/logs/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642588/; classtype:trojan-activity;sid:84505688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642589)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/plc/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642589/; classtype:trojan-activity;sid:84505689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642584)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/ba/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642584/; classtype:trojan-activity;sid:84505684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642585)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642585/; classtype:trojan-activity;sid:84505685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642586)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/f9/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642586/; classtype:trojan-activity;sid:84505686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642587)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642587/; classtype:trojan-activity;sid:84505687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642579)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/remotes/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642579/; classtype:trojan-activity;sid:84505679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642580)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642580/; classtype:trojan-activity;sid:84505680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642581)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642581/; classtype:trojan-activity;sid:84505681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642582)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642582/; classtype:trojan-activity;sid:84505682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642575)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642575/; classtype:trojan-activity;sid:84505675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642576)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/exceptions/__pycache__/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642576/; classtype:trojan-activity;sid:84505676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642577)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/77/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642577/; classtype:trojan-activity;sid:84505677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642578)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642578/; classtype:trojan-activity;sid:84505678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642571)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642571/; classtype:trojan-activity;sid:84505671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642572)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642572/; classtype:trojan-activity;sid:84505672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642574)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642574/; classtype:trojan-activity;sid:84505674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642568)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642568/; classtype:trojan-activity;sid:84505668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642569)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642569/; classtype:trojan-activity;sid:84505669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642570)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/exceptions/__pycache__/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642570/; classtype:trojan-activity;sid:84505670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642563)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642563/; classtype:trojan-activity;sid:84505663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642564)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642564/; classtype:trojan-activity;sid:84505664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642565)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/15/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642565/; classtype:trojan-activity;sid:84505665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642566)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642566/; classtype:trojan-activity;sid:84505666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642567)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642567/; classtype:trojan-activity;sid:84505667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642561)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642561/; classtype:trojan-activity;sid:84505661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642562)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642562/; classtype:trojan-activity;sid:84505662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642560)"; flow:established,from_client; content:"GET"; http_method; content:"/areas/helppage/controllers/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642560/; classtype:trojan-activity;sid:84505660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642557)"; flow:established,from_client; content:"GET"; http_method; content:"/obj/debug/temppe/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642557/; classtype:trojan-activity;sid:84505657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642558)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642558/; classtype:trojan-activity;sid:84505658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642559)"; flow:established,from_client; content:"GET"; http_method; content:"/log/fatal/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642559/; classtype:trojan-activity;sid:84505659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642555)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642555/; classtype:trojan-activity;sid:84505655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642556)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/remotes/origin/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642556/; classtype:trojan-activity;sid:84505656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642554)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642554/; classtype:trojan-activity;sid:84505654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642551)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642551/; classtype:trojan-activity;sid:84505651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642552)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642552/; classtype:trojan-activity;sid:84505652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642553)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642553/; classtype:trojan-activity;sid:84505653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642547)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642547/; classtype:trojan-activity;sid:84505647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642548)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642548/; classtype:trojan-activity;sid:84505648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642549)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642549/; classtype:trojan-activity;sid:84505649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642550)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642550/; classtype:trojan-activity;sid:84505650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642546)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/c8/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642546/; classtype:trojan-activity;sid:84505646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642545)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642545/; classtype:trojan-activity;sid:84505645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642542)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/plc/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642542/; classtype:trojan-activity;sid:84505642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642541)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642541/; classtype:trojan-activity;sid:84505641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642538)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642538/; classtype:trojan-activity;sid:84505638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642539)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642539/; classtype:trojan-activity;sid:84505639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642540)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642540/; classtype:trojan-activity;sid:84505640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642534)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642534/; classtype:trojan-activity;sid:84505634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642535)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/__pycache__/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642535/; classtype:trojan-activity;sid:84505635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642536)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642536/; classtype:trojan-activity;sid:84505636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642537)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/wicon/__pycache__/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642537/; classtype:trojan-activity;sid:84505637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642529)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642529/; classtype:trojan-activity;sid:84505629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642530)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642530/; classtype:trojan-activity;sid:84505630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642531)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642531/; classtype:trojan-activity;sid:84505631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642532)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642532/; classtype:trojan-activity;sid:84505632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642533)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642533/; classtype:trojan-activity;sid:84505633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642526)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642526/; classtype:trojan-activity;sid:84505626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642527)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642527/; classtype:trojan-activity;sid:84505627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642528)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642528/; classtype:trojan-activity;sid:84505628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642525)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642525/; classtype:trojan-activity;sid:84505625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642522)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/ammicafesetup/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642522/; classtype:trojan-activity;sid:84505622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642523)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642523/; classtype:trojan-activity;sid:84505623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642524)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642524/; classtype:trojan-activity;sid:84505624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642516)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642516/; classtype:trojan-activity;sid:84505616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642519)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/plc/__pycache__/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642519/; classtype:trojan-activity;sid:84505619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642520)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642520/; classtype:trojan-activity;sid:84505620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642521)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642521/; classtype:trojan-activity;sid:84505621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642512)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642512/; classtype:trojan-activity;sid:84505612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642513)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642513/; classtype:trojan-activity;sid:84505613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642514)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642514/; classtype:trojan-activity;sid:84505614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642510)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642510/; classtype:trojan-activity;sid:84505610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642511)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642511/; classtype:trojan-activity;sid:84505611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642508)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642508/; classtype:trojan-activity;sid:84505608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642509)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642509/; classtype:trojan-activity;sid:84505609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642503)"; flow:established,from_client; content:"GET"; http_method; content:"/wimx/file/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642503/; classtype:trojan-activity;sid:84505603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642504)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642504/; classtype:trojan-activity;sid:84505604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642505)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642505/; classtype:trojan-activity;sid:84505605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642506)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642506/; classtype:trojan-activity;sid:84505606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642507)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642507/; classtype:trojan-activity;sid:84505607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642499)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642499/; classtype:trojan-activity;sid:84505599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642500)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642500/; classtype:trojan-activity;sid:84505600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642501)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642501/; classtype:trojan-activity;sid:84505601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642498)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/hooks/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642498/; classtype:trojan-activity;sid:84505598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642497)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642497/; classtype:trojan-activity;sid:84505597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642494)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642494/; classtype:trojan-activity;sid:84505594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642495)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642495/; classtype:trojan-activity;sid:84505595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642492)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642492/; classtype:trojan-activity;sid:84505592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642493)"; flow:established,from_client; content:"GET"; http_method; content:"/upgradefiles/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642493/; classtype:trojan-activity;sid:84505593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642490)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642490/; classtype:trojan-activity;sid:84505590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642491)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642491/; classtype:trojan-activity;sid:84505591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642487)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/b4/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642487/; classtype:trojan-activity;sid:84505587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642488)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642488/; classtype:trojan-activity;sid:84505588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642489)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642489/; classtype:trojan-activity;sid:84505589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642485)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642485/; classtype:trojan-activity;sid:84505585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642486)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642486/; classtype:trojan-activity;sid:84505586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642484)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642484/; classtype:trojan-activity;sid:84505584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642483)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642483/; classtype:trojan-activity;sid:84505583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642482)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642482/; classtype:trojan-activity;sid:84505582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642478)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642478/; classtype:trojan-activity;sid:84505578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642479)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642479/; classtype:trojan-activity;sid:84505579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642480)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642480/; classtype:trojan-activity;sid:84505580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642481)"; flow:established,from_client; content:"GET"; http_method; content:"/wimx/file/icon/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642481/; classtype:trojan-activity;sid:84505581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642475)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642475/; classtype:trojan-activity;sid:84505575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642476)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642476/; classtype:trojan-activity;sid:84505576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642477)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642477/; classtype:trojan-activity;sid:84505577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642468)"; flow:established,from_client; content:"GET"; http_method; content:"/data/ingprice_%ec%9b%90%eb%a3%8c%ea%b0%80%ea%b2%a9/202207/sjk-ic/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642468/; classtype:trojan-activity;sid:84505568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642470)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642470/; classtype:trojan-activity;sid:84505570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642471)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642471/; classtype:trojan-activity;sid:84505571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642472)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642472/; classtype:trojan-activity;sid:84505572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642473)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642473/; classtype:trojan-activity;sid:84505573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642474)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/22/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642474/; classtype:trojan-activity;sid:84505574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642466)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642466/; classtype:trojan-activity;sid:84505566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642467)"; flow:established,from_client; content:"GET"; http_method; content:"/data/ingprice_%ec%9b%90%eb%a3%8c%ea%b0%80%ea%b2%a9/202207/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642467/; classtype:trojan-activity;sid:84505567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642464)"; flow:established,from_client; content:"GET"; http_method; content:"/log/debug/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642464/; classtype:trojan-activity;sid:84505564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642459)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642459/; classtype:trojan-activity;sid:84505559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642460)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642460/; classtype:trojan-activity;sid:84505560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642461)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642461/; classtype:trojan-activity;sid:84505561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642462)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642462/; classtype:trojan-activity;sid:84505562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642463)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642463/; classtype:trojan-activity;sid:84505563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642457)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642457/; classtype:trojan-activity;sid:84505557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642458)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642458/; classtype:trojan-activity;sid:84505558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642456)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642456/; classtype:trojan-activity;sid:84505556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642451)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642451/; classtype:trojan-activity;sid:84505551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642452)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642452/; classtype:trojan-activity;sid:84505552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642453)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642453/; classtype:trojan-activity;sid:84505553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642454)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642454/; classtype:trojan-activity;sid:84505554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642449)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642449/; classtype:trojan-activity;sid:84505549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642450)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642450/; classtype:trojan-activity;sid:84505550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642447)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642447/; classtype:trojan-activity;sid:84505547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642448)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642448/; classtype:trojan-activity;sid:84505548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642446)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642446/; classtype:trojan-activity;sid:84505546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642436)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642436/; classtype:trojan-activity;sid:84505536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642438)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642438/; classtype:trojan-activity;sid:84505538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642439)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642439/; classtype:trojan-activity;sid:84505539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642440)"; flow:established,from_client; content:"GET"; http_method; content:"/log/fatal/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642440/; classtype:trojan-activity;sid:84505540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642441)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/exceptions/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642441/; classtype:trojan-activity;sid:84505541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642442)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642442/; classtype:trojan-activity;sid:84505542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642443)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642443/; classtype:trojan-activity;sid:84505543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642444)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642444/; classtype:trojan-activity;sid:84505544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642445)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642445/; classtype:trojan-activity;sid:84505545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642434)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642434/; classtype:trojan-activity;sid:84505534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642435)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202205/sjk-ic/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642435/; classtype:trojan-activity;sid:84505535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642432)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642432/; classtype:trojan-activity;sid:84505532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642429)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642429/; classtype:trojan-activity;sid:84505529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642430)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642430/; classtype:trojan-activity;sid:84505530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642431)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642431/; classtype:trojan-activity;sid:84505531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642428)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642428/; classtype:trojan-activity;sid:84505528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642426)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/01/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642426/; classtype:trojan-activity;sid:84505526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642427)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642427/; classtype:trojan-activity;sid:84505527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642424)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642424/; classtype:trojan-activity;sid:84505524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642425)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642425/; classtype:trojan-activity;sid:84505525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642421)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642421/; classtype:trojan-activity;sid:84505521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642422)"; flow:established,from_client; content:"GET"; http_method; content:"/02/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642422/; classtype:trojan-activity;sid:84505522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642423)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642423/; classtype:trojan-activity;sid:84505523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642419)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642419/; classtype:trojan-activity;sid:84505519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642420)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/remotes/origin/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642420/; classtype:trojan-activity;sid:84505520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642417)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642417/; classtype:trojan-activity;sid:84505517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642415)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642415/; classtype:trojan-activity;sid:84505515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642416)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642416/; classtype:trojan-activity;sid:84505516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642410)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642410/; classtype:trojan-activity;sid:84505510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642412)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642412/; classtype:trojan-activity;sid:84505512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642413)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642413/; classtype:trojan-activity;sid:84505513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642407)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642407/; classtype:trojan-activity;sid:84505507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642408)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642408/; classtype:trojan-activity;sid:84505508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642409)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/2b/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642409/; classtype:trojan-activity;sid:84505509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642406)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/ammicafe2setup/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642406/; classtype:trojan-activity;sid:84505506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642397)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642397/; classtype:trojan-activity;sid:84505497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642398)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642398/; classtype:trojan-activity;sid:84505498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642399)"; flow:established,from_client; content:"GET"; http_method; content:"/obj/debug/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642399/; classtype:trojan-activity;sid:84505499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642400)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642400/; classtype:trojan-activity;sid:84505500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642401)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/22/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642401/; classtype:trojan-activity;sid:84505501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642402)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642402/; classtype:trojan-activity;sid:84505502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642395)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642395/; classtype:trojan-activity;sid:84505495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642396)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642396/; classtype:trojan-activity;sid:84505496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642394)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642394/; classtype:trojan-activity;sid:84505494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642391)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/heads/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642391/; classtype:trojan-activity;sid:84505491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642392)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202308/sjp-bt/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642392/; classtype:trojan-activity;sid:84505492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642390)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642390/; classtype:trojan-activity;sid:84505490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642389)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642389/; classtype:trojan-activity;sid:84505489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642387)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642387/; classtype:trojan-activity;sid:84505487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642388)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642388/; classtype:trojan-activity;sid:84505488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642386)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642386/; classtype:trojan-activity;sid:84505486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642382)"; flow:established,from_client; content:"GET"; http_method; content:"/big/html/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642382/; classtype:trojan-activity;sid:84505482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642383)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642383/; classtype:trojan-activity;sid:84505483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642384)"; flow:established,from_client; content:"GET"; http_method; content:"/models/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642384/; classtype:trojan-activity;sid:84505484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642385)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642385/; classtype:trojan-activity;sid:84505485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642380)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642380/; classtype:trojan-activity;sid:84505480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642381)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/resource/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642381/; classtype:trojan-activity;sid:84505481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642379)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642379/; classtype:trojan-activity;sid:84505479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642378)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642378/; classtype:trojan-activity;sid:84505478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642374)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642374/; classtype:trojan-activity;sid:84505474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642375)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642375/; classtype:trojan-activity;sid:84505475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642376)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642376/; classtype:trojan-activity;sid:84505476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642377)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642377/; classtype:trojan-activity;sid:84505477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642368)"; flow:established,from_client; content:"GET"; http_method; content:"/log/error/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642368/; classtype:trojan-activity;sid:84505468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642369)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642369/; classtype:trojan-activity;sid:84505469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642370)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642370/; classtype:trojan-activity;sid:84505470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642371)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642371/; classtype:trojan-activity;sid:84505471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642372)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/__pycache__/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642372/; classtype:trojan-activity;sid:84505472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642373)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642373/; classtype:trojan-activity;sid:84505473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642365)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642365/; classtype:trojan-activity;sid:84505465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642367)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642367/; classtype:trojan-activity;sid:84505467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642362)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642362/; classtype:trojan-activity;sid:84505462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642360)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642360/; classtype:trojan-activity;sid:84505460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642361)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642361/; classtype:trojan-activity;sid:84505461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642359)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642359/; classtype:trojan-activity;sid:84505459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642357)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642357/; classtype:trojan-activity;sid:84505457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642358)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642358/; classtype:trojan-activity;sid:84505458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642355)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642355/; classtype:trojan-activity;sid:84505455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642356)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642356/; classtype:trojan-activity;sid:84505456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642354)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642354/; classtype:trojan-activity;sid:84505454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642352)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642352/; classtype:trojan-activity;sid:84505452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642350)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/01/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642350/; classtype:trojan-activity;sid:84505450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642351)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642351/; classtype:trojan-activity;sid:84505451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642345)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642345/; classtype:trojan-activity;sid:84505445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642346)"; flow:established,from_client; content:"GET"; http_method; content:"/big/sql%20server%202014/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642346/; classtype:trojan-activity;sid:84505446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642348)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642348/; classtype:trojan-activity;sid:84505448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642349)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642349/; classtype:trojan-activity;sid:84505449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642342)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642342/; classtype:trojan-activity;sid:84505442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642332)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642332/; classtype:trojan-activity;sid:84505432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642333)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642333/; classtype:trojan-activity;sid:84505433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642334)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642334/; classtype:trojan-activity;sid:84505434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642335)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642335/; classtype:trojan-activity;sid:84505435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642336)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642336/; classtype:trojan-activity;sid:84505436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642337)"; flow:established,from_client; content:"GET"; http_method; content:"/log/warn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642337/; classtype:trojan-activity;sid:84505437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642338)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642338/; classtype:trojan-activity;sid:84505438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642339)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642339/; classtype:trojan-activity;sid:84505439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642340)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642340/; classtype:trojan-activity;sid:84505440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642341)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202207/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642341/; classtype:trojan-activity;sid:84505441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642330)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202207/sjk-ic/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642330/; classtype:trojan-activity;sid:84505430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642331)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642331/; classtype:trojan-activity;sid:84505431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642326)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642326/; classtype:trojan-activity;sid:84505426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642327)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642327/; classtype:trojan-activity;sid:84505427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642328)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642328/; classtype:trojan-activity;sid:84505428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642329)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642329/; classtype:trojan-activity;sid:84505429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642325)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642325/; classtype:trojan-activity;sid:84505425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642323)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642323/; classtype:trojan-activity;sid:84505423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642324)"; flow:established,from_client; content:"GET"; http_method; content:"/01/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642324/; classtype:trojan-activity;sid:84505424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642320)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642320/; classtype:trojan-activity;sid:84505420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642322)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/client/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642322/; classtype:trojan-activity;sid:84505422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642319)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642319/; classtype:trojan-activity;sid:84505419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642316)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642316/; classtype:trojan-activity;sid:84505416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642317)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642317/; classtype:trojan-activity;sid:84505417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642318)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642318/; classtype:trojan-activity;sid:84505418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642315)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642315/; classtype:trojan-activity;sid:84505415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642313)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642313/; classtype:trojan-activity;sid:84505413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642314)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642314/; classtype:trojan-activity;sid:84505414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642312)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642312/; classtype:trojan-activity;sid:84505412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642311)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/exceptions/__pycache__/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642311/; classtype:trojan-activity;sid:84505411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642310)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642310/; classtype:trojan-activity;sid:84505410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642304)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642304/; classtype:trojan-activity;sid:84505404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642305)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642305/; classtype:trojan-activity;sid:84505405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642306)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642306/; classtype:trojan-activity;sid:84505406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642308)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642308/; classtype:trojan-activity;sid:84505408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642309)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642309/; classtype:trojan-activity;sid:84505409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642301)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642301/; classtype:trojan-activity;sid:84505401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642302)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/d1/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642302/; classtype:trojan-activity;sid:84505402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642303)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642303/; classtype:trojan-activity;sid:84505403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642296)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642296/; classtype:trojan-activity;sid:84505396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642298)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642298/; classtype:trojan-activity;sid:84505398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642299)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642299/; classtype:trojan-activity;sid:84505399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642300)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642300/; classtype:trojan-activity;sid:84505400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642294)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/inipaytest/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642294/; classtype:trojan-activity;sid:84505394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642292)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642292/; classtype:trojan-activity;sid:84505392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642289)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642289/; classtype:trojan-activity;sid:84505389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642290)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/exceptions/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642290/; classtype:trojan-activity;sid:84505390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642291)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642291/; classtype:trojan-activity;sid:84505391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642284)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642284/; classtype:trojan-activity;sid:84505384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642285)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642285/; classtype:trojan-activity;sid:84505385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642286)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642286/; classtype:trojan-activity;sid:84505386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642287)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642287/; classtype:trojan-activity;sid:84505387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642282)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642282/; classtype:trojan-activity;sid:84505382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642283)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/9a/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642283/; classtype:trojan-activity;sid:84505383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642281)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642281/; classtype:trojan-activity;sid:84505381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642278)"; flow:established,from_client; content:"GET"; http_method; content:"/log/warn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642278/; classtype:trojan-activity;sid:84505378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642279)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/03/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642279/; classtype:trojan-activity;sid:84505379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642275)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642275/; classtype:trojan-activity;sid:84505375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642276)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642276/; classtype:trojan-activity;sid:84505376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642277)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/5e/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642277/; classtype:trojan-activity;sid:84505377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642273)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/__pycache__/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642273/; classtype:trojan-activity;sid:84505373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642268)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642268/; classtype:trojan-activity;sid:84505368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642269)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642269/; classtype:trojan-activity;sid:84505369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642270)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642270/; classtype:trojan-activity;sid:84505370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642271)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642271/; classtype:trojan-activity;sid:84505371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642267)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642267/; classtype:trojan-activity;sid:84505367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642265)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-moxa/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642265/; classtype:trojan-activity;sid:84505365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642266)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202206/sjk-ic/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642266/; classtype:trojan-activity;sid:84505366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642264)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642264/; classtype:trojan-activity;sid:84505364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642262)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642262/; classtype:trojan-activity;sid:84505362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642263)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642263/; classtype:trojan-activity;sid:84505363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642257)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642257/; classtype:trojan-activity;sid:84505357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642258)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642258/; classtype:trojan-activity;sid:84505358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642259)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642259/; classtype:trojan-activity;sid:84505359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642260)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642260/; classtype:trojan-activity;sid:84505360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642261)"; flow:established,from_client; content:"GET"; http_method; content:"/log/debug/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642261/; classtype:trojan-activity;sid:84505361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642256)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642256/; classtype:trojan-activity;sid:84505356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642254)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642254/; classtype:trojan-activity;sid:84505354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642255)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642255/; classtype:trojan-activity;sid:84505355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642252)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642252/; classtype:trojan-activity;sid:84505352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642253)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642253/; classtype:trojan-activity;sid:84505353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642248)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642248/; classtype:trojan-activity;sid:84505348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642251)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642251/; classtype:trojan-activity;sid:84505351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642245)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642245/; classtype:trojan-activity;sid:84505345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642246)"; flow:established,from_client; content:"GET"; http_method; content:"/big/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642246/; classtype:trojan-activity;sid:84505346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642247)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642247/; classtype:trojan-activity;sid:84505347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642244)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642244/; classtype:trojan-activity;sid:84505344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642243)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642243/; classtype:trojan-activity;sid:84505343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642241)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642241/; classtype:trojan-activity;sid:84505341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642242)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642242/; classtype:trojan-activity;sid:84505342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642240)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642240/; classtype:trojan-activity;sid:84505340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642239)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642239/; classtype:trojan-activity;sid:84505339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642238)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642238/; classtype:trojan-activity;sid:84505338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642236)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642236/; classtype:trojan-activity;sid:84505336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642237)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642237/; classtype:trojan-activity;sid:84505337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642234)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642234/; classtype:trojan-activity;sid:84505334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642235)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642235/; classtype:trojan-activity;sid:84505335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642227)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642227/; classtype:trojan-activity;sid:84505327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642231)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642231/; classtype:trojan-activity;sid:84505331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642232)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642232/; classtype:trojan-activity;sid:84505332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642233)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642233/; classtype:trojan-activity;sid:84505333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642224)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642224/; classtype:trojan-activity;sid:84505324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642225)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642225/; classtype:trojan-activity;sid:84505325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642226)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/jungminsof/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642226/; classtype:trojan-activity;sid:84505326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642216)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642216/; classtype:trojan-activity;sid:84505316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642215)"; flow:established,from_client; content:"GET"; http_method; content:"/workimage2/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642215/; classtype:trojan-activity;sid:84505315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642213)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642213/; classtype:trojan-activity;sid:84505313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642207)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/07/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642207/; classtype:trojan-activity;sid:84505307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642208)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642208/; classtype:trojan-activity;sid:84505308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642209)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642209/; classtype:trojan-activity;sid:84505309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642210)"; flow:established,from_client; content:"GET"; http_method; content:"/workimage/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642210/; classtype:trojan-activity;sid:84505310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642211)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642211/; classtype:trojan-activity;sid:84505311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642212)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642212/; classtype:trojan-activity;sid:84505312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642204)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642204/; classtype:trojan-activity;sid:84505304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642205)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage/201902/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642205/; classtype:trojan-activity;sid:84505305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642206)"; flow:established,from_client; content:"GET"; http_method; content:"/froala/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642206/; classtype:trojan-activity;sid:84505306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642202)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12424_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642202/; classtype:trojan-activity;sid:84505302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642203)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642203/; classtype:trojan-activity;sid:84505303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642199)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642199/; classtype:trojan-activity;sid:84505299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642200)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642200/; classtype:trojan-activity;sid:84505300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642201)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102124_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642201/; classtype:trojan-activity;sid:84505301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642196)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11125_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642196/; classtype:trojan-activity;sid:84505296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642197)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2018/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642197/; classtype:trojan-activity;sid:84505297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642193)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642193/; classtype:trojan-activity;sid:84505293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642194)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642194/; classtype:trojan-activity;sid:84505294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642195)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642195/; classtype:trojan-activity;sid:84505295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642190)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642190/; classtype:trojan-activity;sid:84505290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642191)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_3925_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642191/; classtype:trojan-activity;sid:84505291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642192)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642192/; classtype:trojan-activity;sid:84505292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642187)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage/201909/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642187/; classtype:trojan-activity;sid:84505287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642188)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642188/; classtype:trojan-activity;sid:84505288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642189)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102624_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642189/; classtype:trojan-activity;sid:84505289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642182)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642182/; classtype:trojan-activity;sid:84505282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642184)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642184/; classtype:trojan-activity;sid:84505284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642185)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642185/; classtype:trojan-activity;sid:84505285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642186)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642186/; classtype:trojan-activity;sid:84505286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642180)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642180/; classtype:trojan-activity;sid:84505280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642181)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/07/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642181/; classtype:trojan-activity;sid:84505281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642177)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642177/; classtype:trojan-activity;sid:84505277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642178)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642178/; classtype:trojan-activity;sid:84505278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642179)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21025_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642179/; classtype:trojan-activity;sid:84505279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642171)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_121024_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642171/; classtype:trojan-activity;sid:84505271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642172)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642172/; classtype:trojan-activity;sid:84505272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642173)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642173/; classtype:trojan-activity;sid:84505273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642174)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage/201912/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642174/; classtype:trojan-activity;sid:84505274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642175)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642175/; classtype:trojan-activity;sid:84505275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642176)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642176/; classtype:trojan-activity;sid:84505276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642168)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12525_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642168/; classtype:trojan-activity;sid:84505268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642169)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82624_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642169/; classtype:trojan-activity;sid:84505269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642170)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11425_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642170/; classtype:trojan-activity;sid:84505270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642166)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10824_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642166/; classtype:trojan-activity;sid:84505266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642167)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642167/; classtype:trojan-activity;sid:84505267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642165)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2018/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642165/; classtype:trojan-activity;sid:84505265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642162)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/06/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642162/; classtype:trojan-activity;sid:84505262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642163)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642163/; classtype:trojan-activity;sid:84505263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642164)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642164/; classtype:trojan-activity;sid:84505264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642160)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642160/; classtype:trojan-activity;sid:84505260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642161)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642161/; classtype:trojan-activity;sid:84505261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642156)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642156/; classtype:trojan-activity;sid:84505256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642158)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642158/; classtype:trojan-activity;sid:84505258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642159)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_121424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642159/; classtype:trojan-activity;sid:84505259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642153)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10824_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642153/; classtype:trojan-activity;sid:84505253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642154)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_112924_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642154/; classtype:trojan-activity;sid:84505254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642155)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642155/; classtype:trojan-activity;sid:84505255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642152)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101124_mahal-server/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642152/; classtype:trojan-activity;sid:84505252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642151)"; flow:established,from_client; content:"GET"; http_method; content:"/docuimage/201911/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642151/; classtype:trojan-activity;sid:84505251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642148)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_112724_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642148/; classtype:trojan-activity;sid:84505248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642149/; classtype:trojan-activity;sid:84505249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642150)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11225_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642150/; classtype:trojan-activity;sid:84505250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642147)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642147/; classtype:trojan-activity;sid:84505247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642145)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642145/; classtype:trojan-activity;sid:84505245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642142)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642142/; classtype:trojan-activity;sid:84505242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642143)"; flow:established,from_client; content:"GET"; http_method; content:"/userscreenshot/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642143/; classtype:trojan-activity;sid:84505243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642144)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/04/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642144/; classtype:trojan-activity;sid:84505244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642140)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642140/; classtype:trojan-activity;sid:84505240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642141)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642141/; classtype:trojan-activity;sid:84505241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642130)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642130/; classtype:trojan-activity;sid:84505230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642131)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642131/; classtype:trojan-activity;sid:84505231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642132)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642132/; classtype:trojan-activity;sid:84505232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642133)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642133/; classtype:trojan-activity;sid:84505233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642134)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642134/; classtype:trojan-activity;sid:84505234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642135)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/05/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642135/; classtype:trojan-activity;sid:84505235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642136)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642136/; classtype:trojan-activity;sid:84505236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642137)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642137/; classtype:trojan-activity;sid:84505237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642138)"; flow:established,from_client; content:"GET"; http_method; content:"/equipimage/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642138/; classtype:trojan-activity;sid:84505238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642139)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642139/; classtype:trojan-activity;sid:84505239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642125)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642125/; classtype:trojan-activity;sid:84505225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642126)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642126/; classtype:trojan-activity;sid:84505226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642127)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/08/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642127/; classtype:trojan-activity;sid:84505227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642128)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642128/; classtype:trojan-activity;sid:84505228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642129)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642129/; classtype:trojan-activity;sid:84505229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642122)"; flow:established,from_client; content:"GET"; http_method; content:"/docimg/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642122/; classtype:trojan-activity;sid:84505222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642123)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/10/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642123/; classtype:trojan-activity;sid:84505223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642124)"; flow:established,from_client; content:"GET"; http_method; content:"/froala/froalaimage/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642124/; classtype:trojan-activity;sid:84505224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642121)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2020/11/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642121/; classtype:trojan-activity;sid:84505221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642118)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2019/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642118/; classtype:trojan-activity;sid:84505218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642119)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10124_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642119/; classtype:trojan-activity;sid:84505219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642120)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/01/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642120/; classtype:trojan-activity;sid:84505220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642117)"; flow:established,from_client; content:"GET"; http_method; content:"/workimage1/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642117/; classtype:trojan-activity;sid:84505217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642116)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2018/12/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642116/; classtype:trojan-activity;sid:84505216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642112)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11424_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642112/; classtype:trojan-activity;sid:84505212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642113)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21625_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642113/; classtype:trojan-activity;sid:84505213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642114)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/userimage.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642114/; classtype:trojan-activity;sid:84505214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642109)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11825_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642109/; classtype:trojan-activity;sid:84505209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642110)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_92424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642110/; classtype:trojan-activity;sid:84505210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642108)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_3225_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642108/; classtype:trojan-activity;sid:84505208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642105)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2025/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642105/; classtype:trojan-activity;sid:84505205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642106)"; flow:established,from_client; content:"GET"; http_method; content:"/userimage/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642106/; classtype:trojan-activity;sid:84505206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642107)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642107/; classtype:trojan-activity;sid:84505207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642102)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/02/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642102/; classtype:trojan-activity;sid:84505202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642103)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/09/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642103/; classtype:trojan-activity;sid:84505203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642104)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_122624_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642104/; classtype:trojan-activity;sid:84505204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642101)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2024/07/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642101/; classtype:trojan-activity;sid:84505201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642098)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2022/03/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642098/; classtype:trojan-activity;sid:84505198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642099)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2023/07/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642099/; classtype:trojan-activity;sid:84505199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642100)"; flow:established,from_client; content:"GET"; http_method; content:"/ckeditorimage/2021/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"121.191.165.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642100/; classtype:trojan-activity;sid:84505200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642097)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102524_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642097/; classtype:trojan-activity;sid:84505197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642096)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_32824_mahal-server/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642096/; classtype:trojan-activity;sid:84505196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642095/; classtype:trojan-activity;sid:84505195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642094/; classtype:trojan-activity;sid:84505194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642093/; classtype:trojan-activity;sid:84505193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642092/; classtype:trojan-activity;sid:84505192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642091/; classtype:trojan-activity;sid:84505191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642090/; classtype:trojan-activity;sid:84505190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642089/; classtype:trojan-activity;sid:84505189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642088/; classtype:trojan-activity;sid:84505188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642086/; classtype:trojan-activity;sid:84505186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020090013/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642085/; classtype:trojan-activity;sid:84505185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642084)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/outlook.pt-br/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642084/; classtype:trojan-activity;sid:84505184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642083/; classtype:trojan-activity;sid:84505183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642082/; classtype:trojan-activity;sid:84505182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642081/; classtype:trojan-activity;sid:84505181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642080/; classtype:trojan-activity;sid:84505180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642079/; classtype:trojan-activity;sid:84505179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08092020083703/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642077/; classtype:trojan-activity;sid:84505177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642076/; classtype:trojan-activity;sid:84505176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06102020120914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642074/; classtype:trojan-activity;sid:84505174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020102922/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642075/; classtype:trojan-activity;sid:84505175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642073/; classtype:trojan-activity;sid:84505173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20022020082449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642072/; classtype:trojan-activity;sid:84505172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642071/; classtype:trojan-activity;sid:84505171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12032020083345/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642070/; classtype:trojan-activity;sid:84505170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642068/; classtype:trojan-activity;sid:84505168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642067/; classtype:trojan-activity;sid:84505167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642066/; classtype:trojan-activity;sid:84505166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642065/; classtype:trojan-activity;sid:84505165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642064/; classtype:trojan-activity;sid:84505164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642063/; classtype:trojan-activity;sid:84505163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27082019111951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642062/; classtype:trojan-activity;sid:84505162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642061/; classtype:trojan-activity;sid:84505161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20112020075659/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642060/; classtype:trojan-activity;sid:84505160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020085842/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642059/; classtype:trojan-activity;sid:84505159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642058/; classtype:trojan-activity;sid:84505158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30042020084106/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642057/; classtype:trojan-activity;sid:84505157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642056/; classtype:trojan-activity;sid:84505156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642054/; classtype:trojan-activity;sid:84505154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22012020083435/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642055/; classtype:trojan-activity;sid:84505155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642051/; classtype:trojan-activity;sid:84505151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/22072020095449/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642052/; classtype:trojan-activity;sid:84505152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642053/; classtype:trojan-activity;sid:84505153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07082019095156/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642049/; classtype:trojan-activity;sid:84505149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02062020083409/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642048/; classtype:trojan-activity;sid:84505148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642046/; classtype:trojan-activity;sid:84505146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642047/; classtype:trojan-activity;sid:84505147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642044/; classtype:trojan-activity;sid:84505144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642043/; classtype:trojan-activity;sid:84505143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05082020084128/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642042/; classtype:trojan-activity;sid:84505142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020084825/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642041/; classtype:trojan-activity;sid:84505141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642040/; classtype:trojan-activity;sid:84505140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642038/; classtype:trojan-activity;sid:84505138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642037/; classtype:trojan-activity;sid:84505137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09012020082105/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642033/; classtype:trojan-activity;sid:84505133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642027/; classtype:trojan-activity;sid:84505127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642026/; classtype:trojan-activity;sid:84505126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642025/; classtype:trojan-activity;sid:84505125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642024/; classtype:trojan-activity;sid:84505124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09092019082602/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642023/; classtype:trojan-activity;sid:84505123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24032020073038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642022/; classtype:trojan-activity;sid:84505122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642021/; classtype:trojan-activity;sid:84505121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642020/; classtype:trojan-activity;sid:84505120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642016/; classtype:trojan-activity;sid:84505116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642017/; classtype:trojan-activity;sid:84505117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642015/; classtype:trojan-activity;sid:84505115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642013/; classtype:trojan-activity;sid:84505113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642012/; classtype:trojan-activity;sid:84505112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642011/; classtype:trojan-activity;sid:84505111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-07/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642009/; classtype:trojan-activity;sid:84505109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642010/; classtype:trojan-activity;sid:84505110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642008/; classtype:trojan-activity;sid:84505108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642007/; classtype:trojan-activity;sid:84505107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642006/; classtype:trojan-activity;sid:84505106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26112019085945/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642004/; classtype:trojan-activity;sid:84505104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642003/; classtype:trojan-activity;sid:84505103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642002/; classtype:trojan-activity;sid:84505102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642001/; classtype:trojan-activity;sid:84505101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11082019114157/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642000/; classtype:trojan-activity;sid:84505100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/31082020082340/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641999/; classtype:trojan-activity;sid:84505099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06102019070128/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641998/; classtype:trojan-activity;sid:84505098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641997)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/word.pt-br/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641997/; classtype:trojan-activity;sid:84505097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25102019084914/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641996/; classtype:trojan-activity;sid:84505096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641994/; classtype:trojan-activity;sid:84505094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07112019111454/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641995/; classtype:trojan-activity;sid:84505095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641993/; classtype:trojan-activity;sid:84505093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641992/; classtype:trojan-activity;sid:84505092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641991/; classtype:trojan-activity;sid:84505091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641990/; classtype:trojan-activity;sid:84505090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641988/; classtype:trojan-activity;sid:84505088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641987/; classtype:trojan-activity;sid:84505087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641985/; classtype:trojan-activity;sid:84505085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12032020102935/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641984/; classtype:trojan-activity;sid:84505084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641983/; classtype:trojan-activity;sid:84505083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15082019084619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641982/; classtype:trojan-activity;sid:84505082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641981/; classtype:trojan-activity;sid:84505081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641980/; classtype:trojan-activity;sid:84505080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641979/; classtype:trojan-activity;sid:84505079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19082020090554/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641978/; classtype:trojan-activity;sid:84505078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641977/; classtype:trojan-activity;sid:84505077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12012020114658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641975/; classtype:trojan-activity;sid:84505075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-15/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641976/; classtype:trojan-activity;sid:84505076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020131203/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641974/; classtype:trojan-activity;sid:84505074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641973/; classtype:trojan-activity;sid:84505073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641971/; classtype:trojan-activity;sid:84505071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641970/; classtype:trojan-activity;sid:84505070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641967/; classtype:trojan-activity;sid:84505067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641966/; classtype:trojan-activity;sid:84505066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019100253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641964/; classtype:trojan-activity;sid:84505064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641965/; classtype:trojan-activity;sid:84505065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22052020090704/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641963/; classtype:trojan-activity;sid:84505063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641962/; classtype:trojan-activity;sid:84505062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09062020065325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641961/; classtype:trojan-activity;sid:84505061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641959/; classtype:trojan-activity;sid:84505059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641960/; classtype:trojan-activity;sid:84505060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-07/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641958/; classtype:trojan-activity;sid:84505058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641956/; classtype:trojan-activity;sid:84505056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641955/; classtype:trojan-activity;sid:84505055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23112020082722/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641954/; classtype:trojan-activity;sid:84505054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641952/; classtype:trojan-activity;sid:84505052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641953/; classtype:trojan-activity;sid:84505053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-10/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641950/; classtype:trojan-activity;sid:84505050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641949/; classtype:trojan-activity;sid:84505049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641948/; classtype:trojan-activity;sid:84505048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20032020075744/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641947/; classtype:trojan-activity;sid:84505047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102019084639/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641946/; classtype:trojan-activity;sid:84505046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641945/; classtype:trojan-activity;sid:84505045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641944/; classtype:trojan-activity;sid:84505044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641943/; classtype:trojan-activity;sid:84505043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/22092020082856/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641942/; classtype:trojan-activity;sid:84505042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14032020102525/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641941/; classtype:trojan-activity;sid:84505041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20112019085047/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641940/; classtype:trojan-activity;sid:84505040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641939/; classtype:trojan-activity;sid:84505039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641938/; classtype:trojan-activity;sid:84505038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641937/; classtype:trojan-activity;sid:84505037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06082020090723/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641935/; classtype:trojan-activity;sid:84505035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641930/; classtype:trojan-activity;sid:84505030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641929)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_29/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641929/; classtype:trojan-activity;sid:84505029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641928/; classtype:trojan-activity;sid:84505028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641927)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/office.pt-br/1046/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641927/; classtype:trojan-activity;sid:84505027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641925/; classtype:trojan-activity;sid:84505025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020135624/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641924/; classtype:trojan-activity;sid:84505024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641922/; classtype:trojan-activity;sid:84505022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641923/; classtype:trojan-activity;sid:84505023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641921/; classtype:trojan-activity;sid:84505021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641920/; classtype:trojan-activity;sid:84505020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641919)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641919/; classtype:trojan-activity;sid:84505019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641918/; classtype:trojan-activity;sid:84505018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641917/; classtype:trojan-activity;sid:84505017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641915/; classtype:trojan-activity;sid:84505015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641914/; classtype:trojan-activity;sid:84505014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641912/; classtype:trojan-activity;sid:84505012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27112019090820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641911/; classtype:trojan-activity;sid:84505011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020084438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641909/; classtype:trojan-activity;sid:84505009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641907)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/updates/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641907/; classtype:trojan-activity;sid:84505007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641906/; classtype:trojan-activity;sid:84505006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18112019131027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641905/; classtype:trojan-activity;sid:84505005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641903/; classtype:trojan-activity;sid:84505003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641902/; classtype:trojan-activity;sid:84505002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641901/; classtype:trojan-activity;sid:84505001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641900/; classtype:trojan-activity;sid:84505000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641899/; classtype:trojan-activity;sid:84504999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641897)"; flow:established,from_client; content:"GET"; http_method; content:"/r2.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.227.187.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641897/; classtype:trojan-activity;sid:84504997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641896/; classtype:trojan-activity;sid:84504996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641894/; classtype:trojan-activity;sid:84504994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641893/; classtype:trojan-activity;sid:84504993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641892/; classtype:trojan-activity;sid:84504992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09032020102512/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641891/; classtype:trojan-activity;sid:84504991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28082020083513/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641890/; classtype:trojan-activity;sid:84504990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641889/; classtype:trojan-activity;sid:84504989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641887/; classtype:trojan-activity;sid:84504987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641888/; classtype:trojan-activity;sid:84504988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641886/; classtype:trojan-activity;sid:84504986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641885)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proplus.ww/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641885/; classtype:trojan-activity;sid:84504985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11032020083252/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641884/; classtype:trojan-activity;sid:84504984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641883/; classtype:trojan-activity;sid:84504983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641882/; classtype:trojan-activity;sid:84504982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641881/; classtype:trojan-activity;sid:84504981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07052020090035/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641880/; classtype:trojan-activity;sid:84504980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641877/; classtype:trojan-activity;sid:84504977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641875/; classtype:trojan-activity;sid:84504975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641873)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/onenote.pt-br/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641873/; classtype:trojan-activity;sid:84504973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641874/; classtype:trojan-activity;sid:84504974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641872/; classtype:trojan-activity;sid:84504972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641871/; classtype:trojan-activity;sid:84504971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641870/; classtype:trojan-activity;sid:84504970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020091226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641868/; classtype:trojan-activity;sid:84504968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641866/; classtype:trojan-activity;sid:84504966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641867/; classtype:trojan-activity;sid:84504967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641865/; classtype:trojan-activity;sid:84504965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641864/; classtype:trojan-activity;sid:84504964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10032020085405/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641863/; classtype:trojan-activity;sid:84504963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641860)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_36/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641860/; classtype:trojan-activity;sid:84504960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641861/; classtype:trojan-activity;sid:84504961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641859/; classtype:trojan-activity;sid:84504959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641858/; classtype:trojan-activity;sid:84504958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641857/; classtype:trojan-activity;sid:84504957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641856/; classtype:trojan-activity;sid:84504956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641855/; classtype:trojan-activity;sid:84504955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641853/; classtype:trojan-activity;sid:84504953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641852/; classtype:trojan-activity;sid:84504952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641849/; classtype:trojan-activity;sid:84504949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14112019083146/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641848/; classtype:trojan-activity;sid:84504948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019101059/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641845/; classtype:trojan-activity;sid:84504945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641842/; classtype:trojan-activity;sid:84504942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641834)"; flow:established,from_client; content:"GET"; http_method; content:"/images/art/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641834/; classtype:trojan-activity;sid:84504934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641832/; classtype:trojan-activity;sid:84504932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641831/; classtype:trojan-activity;sid:84504931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641830/; classtype:trojan-activity;sid:84504930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25102019073347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641828/; classtype:trojan-activity;sid:84504928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641827/; classtype:trojan-activity;sid:84504927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641826/; classtype:trojan-activity;sid:84504926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25062020085902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641825/; classtype:trojan-activity;sid:84504925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641824/; classtype:trojan-activity;sid:84504924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641822/; classtype:trojan-activity;sid:84504922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641823/; classtype:trojan-activity;sid:84504923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641821/; classtype:trojan-activity;sid:84504921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641820/; classtype:trojan-activity;sid:84504920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641818/; classtype:trojan-activity;sid:84504918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641819/; classtype:trojan-activity;sid:84504919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641817/; classtype:trojan-activity;sid:84504917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641815/; classtype:trojan-activity;sid:84504915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641814)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641814/; classtype:trojan-activity;sid:84504914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641813/; classtype:trojan-activity;sid:84504913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641812/; classtype:trojan-activity;sid:84504912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641811/; classtype:trojan-activity;sid:84504911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641810/; classtype:trojan-activity;sid:84504910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641809)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/office.pt-br/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641809/; classtype:trojan-activity;sid:84504909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112019085211/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641808/; classtype:trojan-activity;sid:84504908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641807)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_144/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641807/; classtype:trojan-activity;sid:84504907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641804/; classtype:trojan-activity;sid:84504904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641805/; classtype:trojan-activity;sid:84504905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641806/; classtype:trojan-activity;sid:84504906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019084824/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641803/; classtype:trojan-activity;sid:84504903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641802/; classtype:trojan-activity;sid:84504902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641800)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/publisher.pt-br/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641800/; classtype:trojan-activity;sid:84504900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641801/; classtype:trojan-activity;sid:84504901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27022020083333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641799/; classtype:trojan-activity;sid:84504899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19032020073909/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641798/; classtype:trojan-activity;sid:84504898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641797/; classtype:trojan-activity;sid:84504897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641796/; classtype:trojan-activity;sid:84504896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641794/; classtype:trojan-activity;sid:84504894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21012020082218/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641793/; classtype:trojan-activity;sid:84504893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641792/; classtype:trojan-activity;sid:84504892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641790/; classtype:trojan-activity;sid:84504890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020095618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641791/; classtype:trojan-activity;sid:84504891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641788/; classtype:trojan-activity;sid:84504888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641789/; classtype:trojan-activity;sid:84504889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641787/; classtype:trojan-activity;sid:84504887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06022020093844/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641785/; classtype:trojan-activity;sid:84504885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641784/; classtype:trojan-activity;sid:84504884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-25/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641783/; classtype:trojan-activity;sid:84504883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641782/; classtype:trojan-activity;sid:84504882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641781/; classtype:trojan-activity;sid:84504881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641779/; classtype:trojan-activity;sid:84504879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17082020083348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641777/; classtype:trojan-activity;sid:84504877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641776/; classtype:trojan-activity;sid:84504876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641775/; classtype:trojan-activity;sid:84504875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641774/; classtype:trojan-activity;sid:84504874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641773/; classtype:trojan-activity;sid:84504873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641772/; classtype:trojan-activity;sid:84504872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641771/; classtype:trojan-activity;sid:84504871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641770/; classtype:trojan-activity;sid:84504870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641769/; classtype:trojan-activity;sid:84504869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17012020091428/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641768/; classtype:trojan-activity;sid:84504868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13082019090556/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641767/; classtype:trojan-activity;sid:84504867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18112019112607/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641766/; classtype:trojan-activity;sid:84504866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020082802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641765/; classtype:trojan-activity;sid:84504865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641764/; classtype:trojan-activity;sid:84504864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641762/; classtype:trojan-activity;sid:84504862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641761/; classtype:trojan-activity;sid:84504861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641760/; classtype:trojan-activity;sid:84504860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641759/; classtype:trojan-activity;sid:84504859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641758/; classtype:trojan-activity;sid:84504858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641757/; classtype:trojan-activity;sid:84504857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05062020082912/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641756/; classtype:trojan-activity;sid:84504856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641755/; classtype:trojan-activity;sid:84504855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0011/29072020113926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641753/; classtype:trojan-activity;sid:84504853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641752/; classtype:trojan-activity;sid:84504852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641751/; classtype:trojan-activity;sid:84504851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10022020085604/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641750/; classtype:trojan-activity;sid:84504850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641748/; classtype:trojan-activity;sid:84504848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641746/; classtype:trojan-activity;sid:84504846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10082020090725/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641747/; classtype:trojan-activity;sid:84504847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641745/; classtype:trojan-activity;sid:84504845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05102020084802/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641744/; classtype:trojan-activity;sid:84504844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16122019112226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641742/; classtype:trojan-activity;sid:84504842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641739/; classtype:trojan-activity;sid:84504839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641740/; classtype:trojan-activity;sid:84504840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641736/; classtype:trojan-activity;sid:84504836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-11/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641737/; classtype:trojan-activity;sid:84504837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641738/; classtype:trojan-activity;sid:84504838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641734/; classtype:trojan-activity;sid:84504834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16092019083649/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641733/; classtype:trojan-activity;sid:84504833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641732/; classtype:trojan-activity;sid:84504832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641730/; classtype:trojan-activity;sid:84504830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13102020085236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641729/; classtype:trojan-activity;sid:84504829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641728/; classtype:trojan-activity;sid:84504828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02042020085850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641727/; classtype:trojan-activity;sid:84504827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641726/; classtype:trojan-activity;sid:84504826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641711/; classtype:trojan-activity;sid:84504811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14022020075534/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641712/; classtype:trojan-activity;sid:84504812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641713/; classtype:trojan-activity;sid:84504813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20042020090107/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641714/; classtype:trojan-activity;sid:84504814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/01102020083605/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641715/; classtype:trojan-activity;sid:84504815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641716/; classtype:trojan-activity;sid:84504816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641717/; classtype:trojan-activity;sid:84504817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641718/; classtype:trojan-activity;sid:84504818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641720/; classtype:trojan-activity;sid:84504820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020083823/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641721/; classtype:trojan-activity;sid:84504821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641722/; classtype:trojan-activity;sid:84504822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641723/; classtype:trojan-activity;sid:84504823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14112019082716/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641724/; classtype:trojan-activity;sid:84504824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641725/; classtype:trojan-activity;sid:84504825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23012020080014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641709/; classtype:trojan-activity;sid:84504809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641710/; classtype:trojan-activity;sid:84504810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641708/; classtype:trojan-activity;sid:84504808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16112020080645/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641707/; classtype:trojan-activity;sid:84504807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641706)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/themes/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641706/; classtype:trojan-activity;sid:84504806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020083528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641704/; classtype:trojan-activity;sid:84504804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06122019085029/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641702/; classtype:trojan-activity;sid:84504802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641703/; classtype:trojan-activity;sid:84504803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641700/; classtype:trojan-activity;sid:84504800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06112019090428/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641701/; classtype:trojan-activity;sid:84504801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641699/; classtype:trojan-activity;sid:84504799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/31082020083336/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641698/; classtype:trojan-activity;sid:84504798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641697/; classtype:trojan-activity;sid:84504797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/04082020085104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641696/; classtype:trojan-activity;sid:84504796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641695/; classtype:trojan-activity;sid:84504795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28112019084833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641694/; classtype:trojan-activity;sid:84504794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641693/; classtype:trojan-activity;sid:84504793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24062020085042/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641692/; classtype:trojan-activity;sid:84504792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641690/; classtype:trojan-activity;sid:84504790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09112020084312/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641689/; classtype:trojan-activity;sid:84504789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30082019094430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641688/; classtype:trojan-activity;sid:84504788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641684/; classtype:trojan-activity;sid:84504784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641686/; classtype:trojan-activity;sid:84504786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06112019090008/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641683/; classtype:trojan-activity;sid:84504783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641680/; classtype:trojan-activity;sid:84504780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641681/; classtype:trojan-activity;sid:84504781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641682/; classtype:trojan-activity;sid:84504782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641678/; classtype:trojan-activity;sid:84504778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641679/; classtype:trojan-activity;sid:84504779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641677/; classtype:trojan-activity;sid:84504777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641676/; classtype:trojan-activity;sid:84504776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641675/; classtype:trojan-activity;sid:84504775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05032020083018/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641673/; classtype:trojan-activity;sid:84504773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641674/; classtype:trojan-activity;sid:84504774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641671/; classtype:trojan-activity;sid:84504771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641672/; classtype:trojan-activity;sid:84504772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641669/; classtype:trojan-activity;sid:84504769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641667/; classtype:trojan-activity;sid:84504767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641666/; classtype:trojan-activity;sid:84504766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641664/; classtype:trojan-activity;sid:84504764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020093800/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641662/; classtype:trojan-activity;sid:84504762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14052020083553/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641663/; classtype:trojan-activity;sid:84504763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641661/; classtype:trojan-activity;sid:84504761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641659/; classtype:trojan-activity;sid:84504759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641657/; classtype:trojan-activity;sid:84504757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641656/; classtype:trojan-activity;sid:84504756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18112019085624/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641654/; classtype:trojan-activity;sid:84504754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641651/; classtype:trojan-activity;sid:84504751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641650)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_69/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641650/; classtype:trojan-activity;sid:84504750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641649/; classtype:trojan-activity;sid:84504749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641644)"; flow:established,from_client; content:"GET"; http_method; content:"/r.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.227.187.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641644/; classtype:trojan-activity;sid:84504744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641642)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_3/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641642/; classtype:trojan-activity;sid:84504742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06112020090241/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641635/; classtype:trojan-activity;sid:84504735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641636/; classtype:trojan-activity;sid:84504736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24042020083722/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641634/; classtype:trojan-activity;sid:84504734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641633/; classtype:trojan-activity;sid:84504733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641629/; classtype:trojan-activity;sid:84504729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641628/; classtype:trojan-activity;sid:84504728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641625/; classtype:trojan-activity;sid:84504725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641626/; classtype:trojan-activity;sid:84504726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020091931/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641627/; classtype:trojan-activity;sid:84504727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641623/; classtype:trojan-activity;sid:84504723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01122019102545/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641621/; classtype:trojan-activity;sid:84504721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06032020084117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641622/; classtype:trojan-activity;sid:84504722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23102020082938/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641620/; classtype:trojan-activity;sid:84504720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641619/; classtype:trojan-activity;sid:84504719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641617/; classtype:trojan-activity;sid:84504717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641618/; classtype:trojan-activity;sid:84504718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/22102020084232/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641616/; classtype:trojan-activity;sid:84504716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641615/; classtype:trojan-activity;sid:84504715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019085719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641614/; classtype:trojan-activity;sid:84504714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641613/; classtype:trojan-activity;sid:84504713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20102020083408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641612/; classtype:trojan-activity;sid:84504712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641611/; classtype:trojan-activity;sid:84504711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641610/; classtype:trojan-activity;sid:84504710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641609/; classtype:trojan-activity;sid:84504709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019104034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641608/; classtype:trojan-activity;sid:84504708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641607/; classtype:trojan-activity;sid:84504707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10122019131606/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641606/; classtype:trojan-activity;sid:84504706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641602/; classtype:trojan-activity;sid:84504702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020072812/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641600/; classtype:trojan-activity;sid:84504700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20092019072321/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641598/; classtype:trojan-activity;sid:84504698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020090053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641599/; classtype:trojan-activity;sid:84504699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641596/; classtype:trojan-activity;sid:84504696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641595/; classtype:trojan-activity;sid:84504695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05112019084645/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641594/; classtype:trojan-activity;sid:84504694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641593/; classtype:trojan-activity;sid:84504693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641592/; classtype:trojan-activity;sid:84504692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16092019113153/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641591/; classtype:trojan-activity;sid:84504691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641590/; classtype:trojan-activity;sid:84504690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641589/; classtype:trojan-activity;sid:84504689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641588/; classtype:trojan-activity;sid:84504688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641587)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/resources/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641587/; classtype:trojan-activity;sid:84504687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641582/; classtype:trojan-activity;sid:84504682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17082020084115/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641583/; classtype:trojan-activity;sid:84504683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17082019083733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641585/; classtype:trojan-activity;sid:84504685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641586/; classtype:trojan-activity;sid:84504686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641581/; classtype:trojan-activity;sid:84504681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641579/; classtype:trojan-activity;sid:84504679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641578/; classtype:trojan-activity;sid:84504678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641576/; classtype:trojan-activity;sid:84504676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11022020085457/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641577/; classtype:trojan-activity;sid:84504677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641575/; classtype:trojan-activity;sid:84504675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641574/; classtype:trojan-activity;sid:84504674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641573/; classtype:trojan-activity;sid:84504673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641572/; classtype:trojan-activity;sid:84504672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641569/; classtype:trojan-activity;sid:84504669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641568/; classtype:trojan-activity;sid:84504668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641566/; classtype:trojan-activity;sid:84504666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641565/; classtype:trojan-activity;sid:84504665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641563/; classtype:trojan-activity;sid:84504663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13052020090138/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641564/; classtype:trojan-activity;sid:84504664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641562/; classtype:trojan-activity;sid:84504662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641561/; classtype:trojan-activity;sid:84504661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641560/; classtype:trojan-activity;sid:84504660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10032020084152/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641559/; classtype:trojan-activity;sid:84504659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020081632/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641558/; classtype:trojan-activity;sid:84504658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641557/; classtype:trojan-activity;sid:84504657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641556/; classtype:trojan-activity;sid:84504656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641555/; classtype:trojan-activity;sid:84504655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641554/; classtype:trojan-activity;sid:84504654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641553/; classtype:trojan-activity;sid:84504653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641551/; classtype:trojan-activity;sid:84504651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17102019085236/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641552/; classtype:trojan-activity;sid:84504652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641550/; classtype:trojan-activity;sid:84504650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641549/; classtype:trojan-activity;sid:84504649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23042020084528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641548/; classtype:trojan-activity;sid:84504648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641547/; classtype:trojan-activity;sid:84504647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641546/; classtype:trojan-activity;sid:84504646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08062020064956/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641544/; classtype:trojan-activity;sid:84504644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641542/; classtype:trojan-activity;sid:84504642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641541/; classtype:trojan-activity;sid:84504641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641540)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020074518/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641540/; classtype:trojan-activity;sid:84504640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019085806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641536/; classtype:trojan-activity;sid:84504636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641537/; classtype:trojan-activity;sid:84504637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641538)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17062020070325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641538/; classtype:trojan-activity;sid:84504638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641539/; classtype:trojan-activity;sid:84504639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641535)"; flow:established,from_client; content:"GET"; http_method; content:"/ln.enc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.43.149.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641535/; classtype:trojan-activity;sid:84504635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641534)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_92/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641534/; classtype:trojan-activity;sid:84504634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019094548/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641532/; classtype:trojan-activity;sid:84504632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641530/; classtype:trojan-activity;sid:84504630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641531/; classtype:trojan-activity;sid:84504631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641529/; classtype:trojan-activity;sid:84504629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641528/; classtype:trojan-activity;sid:84504628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641527)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_19/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641527/; classtype:trojan-activity;sid:84504627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641526/; classtype:trojan-activity;sid:84504626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641525)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_0/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641525/; classtype:trojan-activity;sid:84504625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112019140630/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641523/; classtype:trojan-activity;sid:84504623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641524/; classtype:trojan-activity;sid:84504624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641520/; classtype:trojan-activity;sid:84504620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641519/; classtype:trojan-activity;sid:84504619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641518/; classtype:trojan-activity;sid:84504618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641517/; classtype:trojan-activity;sid:84504617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641516/; classtype:trojan-activity;sid:84504616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641515/; classtype:trojan-activity;sid:84504615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019083450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641513/; classtype:trojan-activity;sid:84504613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641512/; classtype:trojan-activity;sid:84504612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641511)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_17/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641511/; classtype:trojan-activity;sid:84504611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29122019152504/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641510/; classtype:trojan-activity;sid:84504610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641509/; classtype:trojan-activity;sid:84504609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641508/; classtype:trojan-activity;sid:84504608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-08/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641507/; classtype:trojan-activity;sid:84504607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641506/; classtype:trojan-activity;sid:84504606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06052020085414/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641505/; classtype:trojan-activity;sid:84504605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17122019110411/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641504/; classtype:trojan-activity;sid:84504604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641501)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_191/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641501/; classtype:trojan-activity;sid:84504601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641499)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/proof.pt-br/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641499/; classtype:trojan-activity;sid:84504599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641498/; classtype:trojan-activity;sid:84504598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641496/; classtype:trojan-activity;sid:84504596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019094240/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641495/; classtype:trojan-activity;sid:84504595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641494/; classtype:trojan-activity;sid:84504594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641493/; classtype:trojan-activity;sid:84504593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641491/; classtype:trojan-activity;sid:84504591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641492/; classtype:trojan-activity;sid:84504592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641490/; classtype:trojan-activity;sid:84504590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641489/; classtype:trojan-activity;sid:84504589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641488/; classtype:trojan-activity;sid:84504588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641486/; classtype:trojan-activity;sid:84504586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05112020085432/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641484/; classtype:trojan-activity;sid:84504584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19102020082918/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641485/; classtype:trojan-activity;sid:84504585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641482/; classtype:trojan-activity;sid:84504582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13082020083033/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641480/; classtype:trojan-activity;sid:84504580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641481/; classtype:trojan-activity;sid:84504581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641479/; classtype:trojan-activity;sid:84504579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641478/; classtype:trojan-activity;sid:84504578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641475)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/idi/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641475/; classtype:trojan-activity;sid:84504575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641476/; classtype:trojan-activity;sid:84504576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641474/; classtype:trojan-activity;sid:84504574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641473/; classtype:trojan-activity;sid:84504573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10102019112808/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641472/; classtype:trojan-activity;sid:84504572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641471/; classtype:trojan-activity;sid:84504571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10112020091952/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641470/; classtype:trojan-activity;sid:84504570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641469/; classtype:trojan-activity;sid:84504569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641467/; classtype:trojan-activity;sid:84504567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020073013/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641468/; classtype:trojan-activity;sid:84504568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641465/; classtype:trojan-activity;sid:84504565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641466/; classtype:trojan-activity;sid:84504566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641464/; classtype:trojan-activity;sid:84504564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641463/; classtype:trojan-activity;sid:84504563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020114247/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641462/; classtype:trojan-activity;sid:84504562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15052020095253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641461/; classtype:trojan-activity;sid:84504561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28012020091001/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641460/; classtype:trojan-activity;sid:84504560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641459)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/proof.es/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641459/; classtype:trojan-activity;sid:84504559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641457/; classtype:trojan-activity;sid:84504557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641456/; classtype:trojan-activity;sid:84504556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641455/; classtype:trojan-activity;sid:84504555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641454/; classtype:trojan-activity;sid:84504554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641453/; classtype:trojan-activity;sid:84504553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020112701/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641450/; classtype:trojan-activity;sid:84504550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641449)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641449/; classtype:trojan-activity;sid:84504549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641448/; classtype:trojan-activity;sid:84504548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10022020071241/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641447/; classtype:trojan-activity;sid:84504547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25022020080706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641445/; classtype:trojan-activity;sid:84504545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641446/; classtype:trojan-activity;sid:84504546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641444/; classtype:trojan-activity;sid:84504544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641443/; classtype:trojan-activity;sid:84504543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641442/; classtype:trojan-activity;sid:84504542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641441/; classtype:trojan-activity;sid:84504541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641440/; classtype:trojan-activity;sid:84504540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641438/; classtype:trojan-activity;sid:84504538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641437/; classtype:trojan-activity;sid:84504537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-31/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641433/; classtype:trojan-activity;sid:84504533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11102019090058/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641434/; classtype:trojan-activity;sid:84504534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641435/; classtype:trojan-activity;sid:84504535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24062020085549/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641432/; classtype:trojan-activity;sid:84504532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641430)"; flow:established,from_client; content:"GET"; http_method; content:"/i.enc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"179.43.149.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641430/; classtype:trojan-activity;sid:84504530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641428/; classtype:trojan-activity;sid:84504528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18052020084343/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641426/; classtype:trojan-activity;sid:84504526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13102020085232/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641427/; classtype:trojan-activity;sid:84504527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641424/; classtype:trojan-activity;sid:84504524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641423/; classtype:trojan-activity;sid:84504523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641421/; classtype:trojan-activity;sid:84504521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641422/; classtype:trojan-activity;sid:84504522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09102019082543/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641420/; classtype:trojan-activity;sid:84504520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641418/; classtype:trojan-activity;sid:84504518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019102818/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641417/; classtype:trojan-activity;sid:84504517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641416/; classtype:trojan-activity;sid:84504516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641413/; classtype:trojan-activity;sid:84504513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641414/; classtype:trojan-activity;sid:84504514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641415/; classtype:trojan-activity;sid:84504515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641411/; classtype:trojan-activity;sid:84504511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641410/; classtype:trojan-activity;sid:84504510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641409/; classtype:trojan-activity;sid:84504509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02122019130901/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641408/; classtype:trojan-activity;sid:84504508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641406)"; flow:established,from_client; content:"GET"; http_method; content:"/cl.enc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.43.149.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641406/; classtype:trojan-activity;sid:84504506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03082020090209/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641404/; classtype:trojan-activity;sid:84504504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641401/; classtype:trojan-activity;sid:84504501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641396/; classtype:trojan-activity;sid:84504496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02102019104453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641395/; classtype:trojan-activity;sid:84504495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641394/; classtype:trojan-activity;sid:84504494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14022020103240/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641393/; classtype:trojan-activity;sid:84504493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04122019080359/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641392/; classtype:trojan-activity;sid:84504492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019082258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641390/; classtype:trojan-activity;sid:84504490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17092020090857/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641389/; classtype:trojan-activity;sid:84504489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641388/; classtype:trojan-activity;sid:84504488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17032020103439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641387/; classtype:trojan-activity;sid:84504487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641386/; classtype:trojan-activity;sid:84504486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03032020095833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641385/; classtype:trojan-activity;sid:84504485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641383/; classtype:trojan-activity;sid:84504483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10012020083037/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641382/; classtype:trojan-activity;sid:84504482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16012020082754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641381/; classtype:trojan-activity;sid:84504481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641380/; classtype:trojan-activity;sid:84504480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641379/; classtype:trojan-activity;sid:84504479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-24/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641376/; classtype:trojan-activity;sid:84504476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641375)"; flow:established,from_client; content:"GET"; http_method; content:"/d.d"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"179.43.149.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641375/; classtype:trojan-activity;sid:84504475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641374/; classtype:trojan-activity;sid:84504474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-21/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641372/; classtype:trojan-activity;sid:84504472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641373/; classtype:trojan-activity;sid:84504473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641371/; classtype:trojan-activity;sid:84504471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641370/; classtype:trojan-activity;sid:84504470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641368/; classtype:trojan-activity;sid:84504468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641366/; classtype:trojan-activity;sid:84504466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641365/; classtype:trojan-activity;sid:84504465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641363)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_16/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641363/; classtype:trojan-activity;sid:84504463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06022020082635/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641364/; classtype:trojan-activity;sid:84504464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019095431/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641360/; classtype:trojan-activity;sid:84504460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641361/; classtype:trojan-activity;sid:84504461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641358/; classtype:trojan-activity;sid:84504458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641359/; classtype:trojan-activity;sid:84504459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641357/; classtype:trojan-activity;sid:84504457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641356/; classtype:trojan-activity;sid:84504456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020075146/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641353/; classtype:trojan-activity;sid:84504453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641355/; classtype:trojan-activity;sid:84504455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641352/; classtype:trojan-activity;sid:84504452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020101213/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641351/; classtype:trojan-activity;sid:84504451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641350/; classtype:trojan-activity;sid:84504450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03012020082328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641349/; classtype:trojan-activity;sid:84504449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641348/; classtype:trojan-activity;sid:84504448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12122019124813/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641347/; classtype:trojan-activity;sid:84504447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641346/; classtype:trojan-activity;sid:84504446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641345/; classtype:trojan-activity;sid:84504445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641344/; classtype:trojan-activity;sid:84504444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18082019071306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641343/; classtype:trojan-activity;sid:84504443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641342/; classtype:trojan-activity;sid:84504442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07022020083601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641341/; classtype:trojan-activity;sid:84504441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09082019095803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641340/; classtype:trojan-activity;sid:84504440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641338/; classtype:trojan-activity;sid:84504438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641337/; classtype:trojan-activity;sid:84504437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641336)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_57/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641336/; classtype:trojan-activity;sid:84504436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13102020082733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641335/; classtype:trojan-activity;sid:84504435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641329)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_26/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641329/; classtype:trojan-activity;sid:84504429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641321)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_65/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641321/; classtype:trojan-activity;sid:84504421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641319/; classtype:trojan-activity;sid:84504419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641317)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/platform/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641317/; classtype:trojan-activity;sid:84504417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29012020102806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641315/; classtype:trojan-activity;sid:84504415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641314/; classtype:trojan-activity;sid:84504414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641313/; classtype:trojan-activity;sid:84504413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641312/; classtype:trojan-activity;sid:84504412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641311/; classtype:trojan-activity;sid:84504411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641310/; classtype:trojan-activity;sid:84504410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641309/; classtype:trojan-activity;sid:84504409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641307/; classtype:trojan-activity;sid:84504407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641303/; classtype:trojan-activity;sid:84504403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641304/; classtype:trojan-activity;sid:84504404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641302/; classtype:trojan-activity;sid:84504402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641301/; classtype:trojan-activity;sid:84504401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641300/; classtype:trojan-activity;sid:84504400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641299)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/excel.pt-br/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641299/; classtype:trojan-activity;sid:84504399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641298/; classtype:trojan-activity;sid:84504398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641297/; classtype:trojan-activity;sid:84504397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641296/; classtype:trojan-activity;sid:84504396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641295/; classtype:trojan-activity;sid:84504395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641294/; classtype:trojan-activity;sid:84504394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641293/; classtype:trojan-activity;sid:84504393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641292/; classtype:trojan-activity;sid:84504392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/11092020084859/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641291/; classtype:trojan-activity;sid:84504391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641290/; classtype:trojan-activity;sid:84504390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641289/; classtype:trojan-activity;sid:84504389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641288/; classtype:trojan-activity;sid:84504388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641287/; classtype:trojan-activity;sid:84504387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641283/; classtype:trojan-activity;sid:84504383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27122019091404/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641282/; classtype:trojan-activity;sid:84504382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641281/; classtype:trojan-activity;sid:84504381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21052020140329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641280/; classtype:trojan-activity;sid:84504380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641279/; classtype:trojan-activity;sid:84504379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18032020103100/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641278/; classtype:trojan-activity;sid:84504378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102019085251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641276/; classtype:trojan-activity;sid:84504376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641275/; classtype:trojan-activity;sid:84504375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641274/; classtype:trojan-activity;sid:84504374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27012020083530/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641273/; classtype:trojan-activity;sid:84504373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020104426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641272/; classtype:trojan-activity;sid:84504372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641271/; classtype:trojan-activity;sid:84504371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641270/; classtype:trojan-activity;sid:84504370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16122019125537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641269/; classtype:trojan-activity;sid:84504369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02092019094948/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641268/; classtype:trojan-activity;sid:84504368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641267/; classtype:trojan-activity;sid:84504367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28012020083516/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641266/; classtype:trojan-activity;sid:84504366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641264)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_70/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641264/; classtype:trojan-activity;sid:84504364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641263)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_202/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641263/; classtype:trojan-activity;sid:84504363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05052020085418/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641260/; classtype:trojan-activity;sid:84504360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641259/; classtype:trojan-activity;sid:84504359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641257)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/resources/xd/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641257/; classtype:trojan-activity;sid:84504357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641255/; classtype:trojan-activity;sid:84504355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/15102020085336/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641256/; classtype:trojan-activity;sid:84504356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05032020100126/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641254/; classtype:trojan-activity;sid:84504354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641253/; classtype:trojan-activity;sid:84504353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641252/; classtype:trojan-activity;sid:84504352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641251/; classtype:trojan-activity;sid:84504351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641250/; classtype:trojan-activity;sid:84504350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641249/; classtype:trojan-activity;sid:84504349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641248/; classtype:trojan-activity;sid:84504348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641247/; classtype:trojan-activity;sid:84504347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641245/; classtype:trojan-activity;sid:84504345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641242/; classtype:trojan-activity;sid:84504342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641241/; classtype:trojan-activity;sid:84504341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641240/; classtype:trojan-activity;sid:84504340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641239/; classtype:trojan-activity;sid:84504339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641237/; classtype:trojan-activity;sid:84504337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641236/; classtype:trojan-activity;sid:84504336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641234)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_158/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641234/; classtype:trojan-activity;sid:84504334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641233/; classtype:trojan-activity;sid:84504333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641232/; classtype:trojan-activity;sid:84504332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641231/; classtype:trojan-activity;sid:84504331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16102019085534/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641230/; classtype:trojan-activity;sid:84504330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10102019084942/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641228/; classtype:trojan-activity;sid:84504328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641229/; classtype:trojan-activity;sid:84504329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641227/; classtype:trojan-activity;sid:84504327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641226/; classtype:trojan-activity;sid:84504326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/30102020083443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641225/; classtype:trojan-activity;sid:84504325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17122019085328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641224/; classtype:trojan-activity;sid:84504324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641223/; classtype:trojan-activity;sid:84504323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641222/; classtype:trojan-activity;sid:84504322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641221/; classtype:trojan-activity;sid:84504321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13032020094005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641220/; classtype:trojan-activity;sid:84504320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641217/; classtype:trojan-activity;sid:84504317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641218/; classtype:trojan-activity;sid:84504318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641216/; classtype:trojan-activity;sid:84504316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641215/; classtype:trojan-activity;sid:84504315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641214/; classtype:trojan-activity;sid:84504314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641212/; classtype:trojan-activity;sid:84504312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641213/; classtype:trojan-activity;sid:84504313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641210/; classtype:trojan-activity;sid:84504310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020090347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641209/; classtype:trojan-activity;sid:84504309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01062020143051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641208/; classtype:trojan-activity;sid:84504308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641207/; classtype:trojan-activity;sid:84504307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641206/; classtype:trojan-activity;sid:84504306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641205/; classtype:trojan-activity;sid:84504305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641204/; classtype:trojan-activity;sid:84504304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10122019082613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641203/; classtype:trojan-activity;sid:84504303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020074750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641201/; classtype:trojan-activity;sid:84504301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22062020065913/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641200/; classtype:trojan-activity;sid:84504300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17122019074553/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641198/; classtype:trojan-activity;sid:84504298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641197)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641197/; classtype:trojan-activity;sid:84504297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17122019103312/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641196/; classtype:trojan-activity;sid:84504296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641194/; classtype:trojan-activity;sid:84504294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020064251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641189/; classtype:trojan-activity;sid:84504289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641184/; classtype:trojan-activity;sid:84504284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641181)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_22/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641181/; classtype:trojan-activity;sid:84504281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641176)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_9/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641176/; classtype:trojan-activity;sid:84504276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641171)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_2/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641171/; classtype:trojan-activity;sid:84504271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.141.98.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641151/; classtype:trojan-activity;sid:84504251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641104)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_277/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641104/; classtype:trojan-activity;sid:84504204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23012020075108/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641103/; classtype:trojan-activity;sid:84504203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019110621/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641102/; classtype:trojan-activity;sid:84504202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17102019084754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641101/; classtype:trojan-activity;sid:84504201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28012020083943/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641100/; classtype:trojan-activity;sid:84504200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020084029/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641099/; classtype:trojan-activity;sid:84504199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28082020083739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641098/; classtype:trojan-activity;sid:84504198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04102019085348/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641097/; classtype:trojan-activity;sid:84504197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641096/; classtype:trojan-activity;sid:84504196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641095)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_122/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641095/; classtype:trojan-activity;sid:84504195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19032020072054/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641094/; classtype:trojan-activity;sid:84504194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641093/; classtype:trojan-activity;sid:84504193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641092/; classtype:trojan-activity;sid:84504192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30092019112857/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641091/; classtype:trojan-activity;sid:84504191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28082019084303/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641090/; classtype:trojan-activity;sid:84504190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641088/; classtype:trojan-activity;sid:84504188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23032020073531/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641087/; classtype:trojan-activity;sid:84504187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18032020074832/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641086/; classtype:trojan-activity;sid:84504186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-18/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641084/; classtype:trojan-activity;sid:84504184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641083/; classtype:trojan-activity;sid:84504183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641082/; classtype:trojan-activity;sid:84504182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09102020084808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641080/; classtype:trojan-activity;sid:84504180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-18/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641079/; classtype:trojan-activity;sid:84504179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07112019081511/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641078/; classtype:trojan-activity;sid:84504178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641076/; classtype:trojan-activity;sid:84504176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641077/; classtype:trojan-activity;sid:84504177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641075/; classtype:trojan-activity;sid:84504175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641074)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_232/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641074/; classtype:trojan-activity;sid:84504174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641073/; classtype:trojan-activity;sid:84504173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26122019084135/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641072/; classtype:trojan-activity;sid:84504172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641071/; classtype:trojan-activity;sid:84504171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641070/; classtype:trojan-activity;sid:84504170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12112019085204/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641068/; classtype:trojan-activity;sid:84504168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020135409/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641067/; classtype:trojan-activity;sid:84504167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641065/; classtype:trojan-activity;sid:84504165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-21/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641064/; classtype:trojan-activity;sid:84504164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641063/; classtype:trojan-activity;sid:84504163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020084740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641061/; classtype:trojan-activity;sid:84504161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641060/; classtype:trojan-activity;sid:84504160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641059/; classtype:trojan-activity;sid:84504159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641057)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_90/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641057/; classtype:trojan-activity;sid:84504157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641050)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_352/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641050/; classtype:trojan-activity;sid:84504150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17022020084605/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641047/; classtype:trojan-activity;sid:84504147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03072020090848/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641046/; classtype:trojan-activity;sid:84504146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05022020083618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641045/; classtype:trojan-activity;sid:84504145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641044/; classtype:trojan-activity;sid:84504144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23062020070239/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641043/; classtype:trojan-activity;sid:84504143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019095448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641042/; classtype:trojan-activity;sid:84504142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641041/; classtype:trojan-activity;sid:84504141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641040/; classtype:trojan-activity;sid:84504140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641039/; classtype:trojan-activity;sid:84504139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641038/; classtype:trojan-activity;sid:84504138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641037/; classtype:trojan-activity;sid:84504137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641036/; classtype:trojan-activity;sid:84504136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641035/; classtype:trojan-activity;sid:84504135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641033/; classtype:trojan-activity;sid:84504133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641032/; classtype:trojan-activity;sid:84504132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019084356/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641031/; classtype:trojan-activity;sid:84504131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641030/; classtype:trojan-activity;sid:84504130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641029)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/access.pt-br/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641029/; classtype:trojan-activity;sid:84504129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641028/; classtype:trojan-activity;sid:84504128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641027/; classtype:trojan-activity;sid:84504127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641026/; classtype:trojan-activity;sid:84504126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641025/; classtype:trojan-activity;sid:84504125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641024/; classtype:trojan-activity;sid:84504124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641022/; classtype:trojan-activity;sid:84504122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641023/; classtype:trojan-activity;sid:84504123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641021/; classtype:trojan-activity;sid:84504121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641020/; classtype:trojan-activity;sid:84504120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641019/; classtype:trojan-activity;sid:84504119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641018/; classtype:trojan-activity;sid:84504118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641017/; classtype:trojan-activity;sid:84504117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020140950/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641016/; classtype:trojan-activity;sid:84504116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641014/; classtype:trojan-activity;sid:84504114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18022020084223/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641013/; classtype:trojan-activity;sid:84504113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13112019082710/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641012/; classtype:trojan-activity;sid:84504112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641011/; classtype:trojan-activity;sid:84504111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12122019081809/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641010/; classtype:trojan-activity;sid:84504110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641009/; classtype:trojan-activity;sid:84504109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641008/; classtype:trojan-activity;sid:84504108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641007/; classtype:trojan-activity;sid:84504107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14032020082323/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641006/; classtype:trojan-activity;sid:84504106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641005/; classtype:trojan-activity;sid:84504105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10102019084447/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641004/; classtype:trojan-activity;sid:84504104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641003/; classtype:trojan-activity;sid:84504103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019103329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641002/; classtype:trojan-activity;sid:84504102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020080803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641001/; classtype:trojan-activity;sid:84504101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641000/; classtype:trojan-activity;sid:84504100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640999/; classtype:trojan-activity;sid:84504099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019095135/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640998/; classtype:trojan-activity;sid:84504098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640997)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_291/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640997/; classtype:trojan-activity;sid:84504097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020083147/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640996/; classtype:trojan-activity;sid:84504096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15062020064910/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640995/; classtype:trojan-activity;sid:84504095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640994/; classtype:trojan-activity;sid:84504094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640992/; classtype:trojan-activity;sid:84504092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24042020083338/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640991/; classtype:trojan-activity;sid:84504091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25052020083123/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640990/; classtype:trojan-activity;sid:84504090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640987/; classtype:trojan-activity;sid:84504087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640988/; classtype:trojan-activity;sid:84504088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11022020084204/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640986/; classtype:trojan-activity;sid:84504086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640985/; classtype:trojan-activity;sid:84504085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640984/; classtype:trojan-activity;sid:84504084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640982/; classtype:trojan-activity;sid:84504082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112020083133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640981/; classtype:trojan-activity;sid:84504081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640980/; classtype:trojan-activity;sid:84504080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640978/; classtype:trojan-activity;sid:84504078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640976/; classtype:trojan-activity;sid:84504076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11122019084756/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640975/; classtype:trojan-activity;sid:84504075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640974/; classtype:trojan-activity;sid:84504074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640972/; classtype:trojan-activity;sid:84504072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640973/; classtype:trojan-activity;sid:84504073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640971/; classtype:trojan-activity;sid:84504071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640970/; classtype:trojan-activity;sid:84504070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640969/; classtype:trojan-activity;sid:84504069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640968/; classtype:trojan-activity;sid:84504068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640967/; classtype:trojan-activity;sid:84504067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640966/; classtype:trojan-activity;sid:84504066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640963/; classtype:trojan-activity;sid:84504063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02092019101733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640964/; classtype:trojan-activity;sid:84504064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640965/; classtype:trojan-activity;sid:84504065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640962/; classtype:trojan-activity;sid:84504062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18122019073940/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640961/; classtype:trojan-activity;sid:84504061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07022020094430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640960/; classtype:trojan-activity;sid:84504060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18062020070541/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640959/; classtype:trojan-activity;sid:84504059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640958/; classtype:trojan-activity;sid:84504058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640957/; classtype:trojan-activity;sid:84504057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020133306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640956/; classtype:trojan-activity;sid:84504056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21082020084357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640955/; classtype:trojan-activity;sid:84504055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640953/; classtype:trojan-activity;sid:84504053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640954/; classtype:trojan-activity;sid:84504054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640952/; classtype:trojan-activity;sid:84504052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26092019112650/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640951/; classtype:trojan-activity;sid:84504051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12112019085613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640950/; classtype:trojan-activity;sid:84504050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640949/; classtype:trojan-activity;sid:84504049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640948/; classtype:trojan-activity;sid:84504048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640947/; classtype:trojan-activity;sid:84504047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640946/; classtype:trojan-activity;sid:84504046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640945/; classtype:trojan-activity;sid:84504045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640944/; classtype:trojan-activity;sid:84504044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640943/; classtype:trojan-activity;sid:84504043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640942/; classtype:trojan-activity;sid:84504042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640941)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/proof.en/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640941/; classtype:trojan-activity;sid:84504041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25032020083745/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640940/; classtype:trojan-activity;sid:84504040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640938)"; flow:established,from_client; content:"GET"; http_method; content:"/gipexrelease/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640938/; classtype:trojan-activity;sid:84504038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17022020100642/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640937/; classtype:trojan-activity;sid:84504037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27072020084403/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640935/; classtype:trojan-activity;sid:84504035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640936/; classtype:trojan-activity;sid:84504036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640934/; classtype:trojan-activity;sid:84504034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640933/; classtype:trojan-activity;sid:84504033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640932/; classtype:trojan-activity;sid:84504032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640931/; classtype:trojan-activity;sid:84504031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24012020134137/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640929/; classtype:trojan-activity;sid:84504029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640928/; classtype:trojan-activity;sid:84504028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640927/; classtype:trojan-activity;sid:84504027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640926)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_21/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640926/; classtype:trojan-activity;sid:84504026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640925)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/groove.pt-br/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640925/; classtype:trojan-activity;sid:84504025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640924)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_5/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640924/; classtype:trojan-activity;sid:84504024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640923/; classtype:trojan-activity;sid:84504023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24012020073045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640921/; classtype:trojan-activity;sid:84504021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01112019085456/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640920/; classtype:trojan-activity;sid:84504020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640918/; classtype:trojan-activity;sid:84504018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/04305539000100/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640919/; classtype:trojan-activity;sid:84504019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020075445/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640917/; classtype:trojan-activity;sid:84504017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640916/; classtype:trojan-activity;sid:84504016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640915/; classtype:trojan-activity;sid:84504015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640914/; classtype:trojan-activity;sid:84504014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640913/; classtype:trojan-activity;sid:84504013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640912/; classtype:trojan-activity;sid:84504012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640911/; classtype:trojan-activity;sid:84504011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16102020084306/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640910/; classtype:trojan-activity;sid:84504010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640909/; classtype:trojan-activity;sid:84504009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640908/; classtype:trojan-activity;sid:84504008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23032020113135/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640907/; classtype:trojan-activity;sid:84504007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640906/; classtype:trojan-activity;sid:84504006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10102019130442/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640905/; classtype:trojan-activity;sid:84504005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07082020084256/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640904/; classtype:trojan-activity;sid:84504004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640903/; classtype:trojan-activity;sid:84504003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13122019135841/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640902/; classtype:trojan-activity;sid:84504002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24082020084635/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640901/; classtype:trojan-activity;sid:84504001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640900/; classtype:trojan-activity;sid:84504000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640899/; classtype:trojan-activity;sid:84503999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07072020085014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640898/; classtype:trojan-activity;sid:84503998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03082020084058/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640897/; classtype:trojan-activity;sid:84503997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640896/; classtype:trojan-activity;sid:84503996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12082019113527/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640895/; classtype:trojan-activity;sid:84503995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020081034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640894/; classtype:trojan-activity;sid:84503994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640893/; classtype:trojan-activity;sid:84503993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640892/; classtype:trojan-activity;sid:84503992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020075546/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640891/; classtype:trojan-activity;sid:84503991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06102020130008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640887/; classtype:trojan-activity;sid:84503987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13122019084859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640888/; classtype:trojan-activity;sid:84503988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640889)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/settings/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640889/; classtype:trojan-activity;sid:84503989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26112020085922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640890/; classtype:trojan-activity;sid:84503990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640885/; classtype:trojan-activity;sid:84503985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640886/; classtype:trojan-activity;sid:84503986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640884/; classtype:trojan-activity;sid:84503984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640883/; classtype:trojan-activity;sid:84503983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09012020081123/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640882/; classtype:trojan-activity;sid:84503982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640881/; classtype:trojan-activity;sid:84503981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31102019085119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640880/; classtype:trojan-activity;sid:84503980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640879/; classtype:trojan-activity;sid:84503979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640878/; classtype:trojan-activity;sid:84503978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640877/; classtype:trojan-activity;sid:84503977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640876/; classtype:trojan-activity;sid:84503976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-28/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640875/; classtype:trojan-activity;sid:84503975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28022020132906/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640874/; classtype:trojan-activity;sid:84503974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640873/; classtype:trojan-activity;sid:84503973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23092020092747/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640872/; classtype:trojan-activity;sid:84503972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640871/; classtype:trojan-activity;sid:84503971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640870/; classtype:trojan-activity;sid:84503970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640869)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/settings/usr/usr_1/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640869/; classtype:trojan-activity;sid:84503969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23102020082933/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640868/; classtype:trojan-activity;sid:84503968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640867/; classtype:trojan-activity;sid:84503967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640866/; classtype:trojan-activity;sid:84503966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020085635/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640865/; classtype:trojan-activity;sid:84503965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640864/; classtype:trojan-activity;sid:84503964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640863/; classtype:trojan-activity;sid:84503963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640862/; classtype:trojan-activity;sid:84503962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640861)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640861/; classtype:trojan-activity;sid:84503961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640859/; classtype:trojan-activity;sid:84503959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-03-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640858/; classtype:trojan-activity;sid:84503958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04082019110735/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640857/; classtype:trojan-activity;sid:84503957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17022020085751/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640856/; classtype:trojan-activity;sid:84503956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13022020101421/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640855/; classtype:trojan-activity;sid:84503955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640854/; classtype:trojan-activity;sid:84503954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640853)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_349/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640853/; classtype:trojan-activity;sid:84503953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640852/; classtype:trojan-activity;sid:84503952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640851/; classtype:trojan-activity;sid:84503951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640850/; classtype:trojan-activity;sid:84503950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03112020080207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640849/; classtype:trojan-activity;sid:84503949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20082020102716/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640847/; classtype:trojan-activity;sid:84503947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640846/; classtype:trojan-activity;sid:84503946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640845/; classtype:trojan-activity;sid:84503945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640844/; classtype:trojan-activity;sid:84503944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05122019085417/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640843/; classtype:trojan-activity;sid:84503943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640842/; classtype:trojan-activity;sid:84503942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640841/; classtype:trojan-activity;sid:84503941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20072020090228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640840/; classtype:trojan-activity;sid:84503940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640839/; classtype:trojan-activity;sid:84503939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640838/; classtype:trojan-activity;sid:84503938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19092019085117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640837/; classtype:trojan-activity;sid:84503937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640836/; classtype:trojan-activity;sid:84503936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640834/; classtype:trojan-activity;sid:84503934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020102056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640835/; classtype:trojan-activity;sid:84503935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640833/; classtype:trojan-activity;sid:84503933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640832)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_15/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640832/; classtype:trojan-activity;sid:84503932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640831/; classtype:trojan-activity;sid:84503931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25092019111750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640830/; classtype:trojan-activity;sid:84503930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640829)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_71/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640829/; classtype:trojan-activity;sid:84503929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13112019081923/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640828/; classtype:trojan-activity;sid:84503928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640827/; classtype:trojan-activity;sid:84503927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17032020084717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640825/; classtype:trojan-activity;sid:84503925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640824/; classtype:trojan-activity;sid:84503924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640823/; classtype:trojan-activity;sid:84503923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640822/; classtype:trojan-activity;sid:84503922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640821/; classtype:trojan-activity;sid:84503921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019103413/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640820/; classtype:trojan-activity;sid:84503920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640818/; classtype:trojan-activity;sid:84503918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18032020084148/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640819/; classtype:trojan-activity;sid:84503919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640817/; classtype:trojan-activity;sid:84503917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020082126/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640816/; classtype:trojan-activity;sid:84503916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640815/; classtype:trojan-activity;sid:84503915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640814)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_341/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640814/; classtype:trojan-activity;sid:84503914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640813/; classtype:trojan-activity;sid:84503913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640812/; classtype:trojan-activity;sid:84503912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640810/; classtype:trojan-activity;sid:84503910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640811)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_1/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640811/; classtype:trojan-activity;sid:84503911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07102020094539/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640809/; classtype:trojan-activity;sid:84503909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640808/; classtype:trojan-activity;sid:84503908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640807/; classtype:trojan-activity;sid:84503907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640806/; classtype:trojan-activity;sid:84503906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16032020084334/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640805/; classtype:trojan-activity;sid:84503905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09102019082036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640804/; classtype:trojan-activity;sid:84503904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01112019085008/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640803/; classtype:trojan-activity;sid:84503903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640802/; classtype:trojan-activity;sid:84503902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640800/; classtype:trojan-activity;sid:84503900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640799)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_38/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640799/; classtype:trojan-activity;sid:84503899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640798/; classtype:trojan-activity;sid:84503898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640797/; classtype:trojan-activity;sid:84503897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-08/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640796/; classtype:trojan-activity;sid:84503896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020102806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640794/; classtype:trojan-activity;sid:84503894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640795/; classtype:trojan-activity;sid:84503895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640793/; classtype:trojan-activity;sid:84503893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07042020090207/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640792/; classtype:trojan-activity;sid:84503892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06102020082321/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640791/; classtype:trojan-activity;sid:84503891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640790/; classtype:trojan-activity;sid:84503890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640789/; classtype:trojan-activity;sid:84503889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12032020085353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640788/; classtype:trojan-activity;sid:84503888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640787/; classtype:trojan-activity;sid:84503887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640786/; classtype:trojan-activity;sid:84503886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640785/; classtype:trojan-activity;sid:84503885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640783/; classtype:trojan-activity;sid:84503883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640784/; classtype:trojan-activity;sid:84503884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640782/; classtype:trojan-activity;sid:84503882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640781/; classtype:trojan-activity;sid:84503881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640780/; classtype:trojan-activity;sid:84503880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/02102020083443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640779/; classtype:trojan-activity;sid:84503879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083044/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640777/; classtype:trojan-activity;sid:84503877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640778/; classtype:trojan-activity;sid:84503878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640774/; classtype:trojan-activity;sid:84503874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640775/; classtype:trojan-activity;sid:84503875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640776)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_112/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640776/; classtype:trojan-activity;sid:84503876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13122019115656/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640773/; classtype:trojan-activity;sid:84503873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640772/; classtype:trojan-activity;sid:84503872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15082019085855/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640771/; classtype:trojan-activity;sid:84503871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16102019112159/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640770/; classtype:trojan-activity;sid:84503870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640769/; classtype:trojan-activity;sid:84503869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640768/; classtype:trojan-activity;sid:84503868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640767/; classtype:trojan-activity;sid:84503867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640766/; classtype:trojan-activity;sid:84503866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640764/; classtype:trojan-activity;sid:84503864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640763/; classtype:trojan-activity;sid:84503863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640761/; classtype:trojan-activity;sid:84503861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13102020085631/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640762/; classtype:trojan-activity;sid:84503862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07012020084041/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640760/; classtype:trojan-activity;sid:84503860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020080646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640759/; classtype:trojan-activity;sid:84503859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640758/; classtype:trojan-activity;sid:84503858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640757/; classtype:trojan-activity;sid:84503857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24012020092005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640755/; classtype:trojan-activity;sid:84503855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640754)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_41/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640754/; classtype:trojan-activity;sid:84503854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640751/; classtype:trojan-activity;sid:84503851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640752/; classtype:trojan-activity;sid:84503852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29092019093353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640753/; classtype:trojan-activity;sid:84503853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640750/; classtype:trojan-activity;sid:84503850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11112020084104/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640749/; classtype:trojan-activity;sid:84503849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640748/; classtype:trojan-activity;sid:84503848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640747)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/catalog/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640747/; classtype:trojan-activity;sid:84503847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640746/; classtype:trojan-activity;sid:84503846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640745/; classtype:trojan-activity;sid:84503845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640743/; classtype:trojan-activity;sid:84503843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640744/; classtype:trojan-activity;sid:84503844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08052020090605/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640742/; classtype:trojan-activity;sid:84503842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640739)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_348/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640739/; classtype:trojan-activity;sid:84503839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640741/; classtype:trojan-activity;sid:84503841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17092019111156/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640738/; classtype:trojan-activity;sid:84503838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16092019113647/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640737/; classtype:trojan-activity;sid:84503837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21092020083905/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640736/; classtype:trojan-activity;sid:84503836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04032020084326/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640734/; classtype:trojan-activity;sid:84503834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640735/; classtype:trojan-activity;sid:84503835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640732/; classtype:trojan-activity;sid:84503832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-01/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640733/; classtype:trojan-activity;sid:84503833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/18112020084730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640730/; classtype:trojan-activity;sid:84503830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640729/; classtype:trojan-activity;sid:84503829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640728/; classtype:trojan-activity;sid:84503828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640727/; classtype:trojan-activity;sid:84503827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640726/; classtype:trojan-activity;sid:84503826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640725/; classtype:trojan-activity;sid:84503825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020104033/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640724/; classtype:trojan-activity;sid:84503824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640723/; classtype:trojan-activity;sid:84503823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640722/; classtype:trojan-activity;sid:84503822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640720/; classtype:trojan-activity;sid:84503820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640721/; classtype:trojan-activity;sid:84503821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640719/; classtype:trojan-activity;sid:84503819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020134937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640718/; classtype:trojan-activity;sid:84503818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31102019073038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640717/; classtype:trojan-activity;sid:84503817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640716/; classtype:trojan-activity;sid:84503816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-10/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640715/; classtype:trojan-activity;sid:84503815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640714/; classtype:trojan-activity;sid:84503814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640713/; classtype:trojan-activity;sid:84503813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640712)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_31/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640712/; classtype:trojan-activity;sid:84503812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640710/; classtype:trojan-activity;sid:84503810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21082019110853/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640711/; classtype:trojan-activity;sid:84503811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640689/; classtype:trojan-activity;sid:84503789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640690/; classtype:trojan-activity;sid:84503790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640691/; classtype:trojan-activity;sid:84503791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24102019085345/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640692/; classtype:trojan-activity;sid:84503792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04022020094504/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640693/; classtype:trojan-activity;sid:84503793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640694/; classtype:trojan-activity;sid:84503794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640695/; classtype:trojan-activity;sid:84503795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640696/; classtype:trojan-activity;sid:84503796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16012020081311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640697/; classtype:trojan-activity;sid:84503797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640698/; classtype:trojan-activity;sid:84503798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640699/; classtype:trojan-activity;sid:84503799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640700/; classtype:trojan-activity;sid:84503800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640701/; classtype:trojan-activity;sid:84503801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21052020085354/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640703/; classtype:trojan-activity;sid:84503803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019085325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640704/; classtype:trojan-activity;sid:84503804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04122019075856/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640706/; classtype:trojan-activity;sid:84503806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640707/; classtype:trojan-activity;sid:84503807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640708/; classtype:trojan-activity;sid:84503808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102019090225/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640709/; classtype:trojan-activity;sid:84503809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640688/; classtype:trojan-activity;sid:84503788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640687/; classtype:trojan-activity;sid:84503787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640686/; classtype:trojan-activity;sid:84503786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640685/; classtype:trojan-activity;sid:84503785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640684/; classtype:trojan-activity;sid:84503784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640683/; classtype:trojan-activity;sid:84503783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640682/; classtype:trojan-activity;sid:84503782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640681/; classtype:trojan-activity;sid:84503781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640680/; classtype:trojan-activity;sid:84503780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640677)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_100/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640677/; classtype:trojan-activity;sid:84503777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019084625/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640676/; classtype:trojan-activity;sid:84503776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640675/; classtype:trojan-activity;sid:84503775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640674/; classtype:trojan-activity;sid:84503774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640673)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/settings/usr/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640673/; classtype:trojan-activity;sid:84503773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640671/; classtype:trojan-activity;sid:84503771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640670/; classtype:trojan-activity;sid:84503770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640668/; classtype:trojan-activity;sid:84503768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640669/; classtype:trojan-activity;sid:84503769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640667/; classtype:trojan-activity;sid:84503767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640666/; classtype:trojan-activity;sid:84503766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640665/; classtype:trojan-activity;sid:84503765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640664/; classtype:trojan-activity;sid:84503764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31122019083252/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640663/; classtype:trojan-activity;sid:84503763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22012020141348/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640662/; classtype:trojan-activity;sid:84503762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640661/; classtype:trojan-activity;sid:84503761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640660/; classtype:trojan-activity;sid:84503760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640659/; classtype:trojan-activity;sid:84503759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18032020075106/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640658/; classtype:trojan-activity;sid:84503758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640657)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/download/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640657/; classtype:trojan-activity;sid:84503757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640656/; classtype:trojan-activity;sid:84503756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640655)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_139/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640655/; classtype:trojan-activity;sid:84503755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640654/; classtype:trojan-activity;sid:84503754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640651/; classtype:trojan-activity;sid:84503751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03122019084638/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640652/; classtype:trojan-activity;sid:84503752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640653/; classtype:trojan-activity;sid:84503753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640650/; classtype:trojan-activity;sid:84503750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640648/; classtype:trojan-activity;sid:84503748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640647/; classtype:trojan-activity;sid:84503747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640645/; classtype:trojan-activity;sid:84503745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640646/; classtype:trojan-activity;sid:84503746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640644/; classtype:trojan-activity;sid:84503744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640642)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/resources/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640642/; classtype:trojan-activity;sid:84503742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640643/; classtype:trojan-activity;sid:84503743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640641/; classtype:trojan-activity;sid:84503741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21012020110856/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640638/; classtype:trojan-activity;sid:84503738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640639/; classtype:trojan-activity;sid:84503739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640640/; classtype:trojan-activity;sid:84503740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640637/; classtype:trojan-activity;sid:84503737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640636/; classtype:trojan-activity;sid:84503736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640635/; classtype:trojan-activity;sid:84503735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640634/; classtype:trojan-activity;sid:84503734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640632/; classtype:trojan-activity;sid:84503732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17112019112055/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640633/; classtype:trojan-activity;sid:84503733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640631/; classtype:trojan-activity;sid:84503731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640630/; classtype:trojan-activity;sid:84503730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640629/; classtype:trojan-activity;sid:84503729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10022020071733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640627/; classtype:trojan-activity;sid:84503727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640628/; classtype:trojan-activity;sid:84503728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640625/; classtype:trojan-activity;sid:84503725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640626/; classtype:trojan-activity;sid:84503726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30122019111133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640623/; classtype:trojan-activity;sid:84503723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29112019085537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640622/; classtype:trojan-activity;sid:84503722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640621/; classtype:trojan-activity;sid:84503721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-29/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640620/; classtype:trojan-activity;sid:84503720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14102019142359/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640619/; classtype:trojan-activity;sid:84503719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31012020084850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640618/; classtype:trojan-activity;sid:84503718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-07/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640616/; classtype:trojan-activity;sid:84503716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640617/; classtype:trojan-activity;sid:84503717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640614)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_384/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640614/; classtype:trojan-activity;sid:84503714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-22/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640613/; classtype:trojan-activity;sid:84503713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640612/; classtype:trojan-activity;sid:84503712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020100618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640611/; classtype:trojan-activity;sid:84503711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640609/; classtype:trojan-activity;sid:84503709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640610/; classtype:trojan-activity;sid:84503710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640608/; classtype:trojan-activity;sid:84503708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19102020081728/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640606/; classtype:trojan-activity;sid:84503706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06112019074030/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640607/; classtype:trojan-activity;sid:84503707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640604/; classtype:trojan-activity;sid:84503704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640603/; classtype:trojan-activity;sid:84503703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640602/; classtype:trojan-activity;sid:84503702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640601/; classtype:trojan-activity;sid:84503701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08112019073519/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640600/; classtype:trojan-activity;sid:84503700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29112019084741/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640599/; classtype:trojan-activity;sid:84503699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19022020083644/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640597/; classtype:trojan-activity;sid:84503697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640598/; classtype:trojan-activity;sid:84503698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-21/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640595/; classtype:trojan-activity;sid:84503695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19122019080549/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640596/; classtype:trojan-activity;sid:84503696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020135427/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640594/; classtype:trojan-activity;sid:84503694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640593/; classtype:trojan-activity;sid:84503693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21102020082752/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640592/; classtype:trojan-activity;sid:84503692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640591/; classtype:trojan-activity;sid:84503691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640589/; classtype:trojan-activity;sid:84503689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640590/; classtype:trojan-activity;sid:84503690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18112019113321/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640588/; classtype:trojan-activity;sid:84503688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640587/; classtype:trojan-activity;sid:84503687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30102019081202/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640585/; classtype:trojan-activity;sid:84503685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20112019085835/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640586/; classtype:trojan-activity;sid:84503686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640584/; classtype:trojan-activity;sid:84503684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640583/; classtype:trojan-activity;sid:84503683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640582/; classtype:trojan-activity;sid:84503682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14102019094817/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640579/; classtype:trojan-activity;sid:84503679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640580/; classtype:trojan-activity;sid:84503680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640581/; classtype:trojan-activity;sid:84503681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27012020083914/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640578/; classtype:trojan-activity;sid:84503678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640577/; classtype:trojan-activity;sid:84503677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640576/; classtype:trojan-activity;sid:84503676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640575/; classtype:trojan-activity;sid:84503675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020074905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640573/; classtype:trojan-activity;sid:84503673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640574/; classtype:trojan-activity;sid:84503674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28022020081928/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640571/; classtype:trojan-activity;sid:84503671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640572/; classtype:trojan-activity;sid:84503672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640570)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_366/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640570/; classtype:trojan-activity;sid:84503670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640568/; classtype:trojan-activity;sid:84503668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640569/; classtype:trojan-activity;sid:84503669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640567/; classtype:trojan-activity;sid:84503667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020073719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640566/; classtype:trojan-activity;sid:84503666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640565/; classtype:trojan-activity;sid:84503665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640564/; classtype:trojan-activity;sid:84503664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640563/; classtype:trojan-activity;sid:84503663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07102020083600/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640562/; classtype:trojan-activity;sid:84503662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11032020083845/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640561/; classtype:trojan-activity;sid:84503661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640560/; classtype:trojan-activity;sid:84503660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020111203/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640558/; classtype:trojan-activity;sid:84503658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640559/; classtype:trojan-activity;sid:84503659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/04112020082542/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640557/; classtype:trojan-activity;sid:84503657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/11082020091100/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640556/; classtype:trojan-activity;sid:84503656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640555)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_13/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640555/; classtype:trojan-activity;sid:84503655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640554)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/infopath.pt-br/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640554/; classtype:trojan-activity;sid:84503654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640553/; classtype:trojan-activity;sid:84503653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28022020133711/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640552/; classtype:trojan-activity;sid:84503652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640549/; classtype:trojan-activity;sid:84503649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640550/; classtype:trojan-activity;sid:84503650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020084812/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640548/; classtype:trojan-activity;sid:84503648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640547/; classtype:trojan-activity;sid:84503647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640543)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30012020083334/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640543/; classtype:trojan-activity;sid:84503643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26032020073728/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640544/; classtype:trojan-activity;sid:84503644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640545/; classtype:trojan-activity;sid:84503645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640546/; classtype:trojan-activity;sid:84503646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640539/; classtype:trojan-activity;sid:84503639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640540)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07012020084802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640540/; classtype:trojan-activity;sid:84503640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14112019082811/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640541/; classtype:trojan-activity;sid:84503641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640542/; classtype:trojan-activity;sid:84503642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640538)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640538/; classtype:trojan-activity;sid:84503638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640537/; classtype:trojan-activity;sid:84503637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06122019085350/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640536/; classtype:trojan-activity;sid:84503636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06112019111957/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640535/; classtype:trojan-activity;sid:84503635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640534/; classtype:trojan-activity;sid:84503634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640533/; classtype:trojan-activity;sid:84503633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03122019085229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640532/; classtype:trojan-activity;sid:84503632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27012020084316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640531/; classtype:trojan-activity;sid:84503631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19102020080708/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640530/; classtype:trojan-activity;sid:84503630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-11-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640528/; classtype:trojan-activity;sid:84503628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640527/; classtype:trojan-activity;sid:84503627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020074145/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640526/; classtype:trojan-activity;sid:84503626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640523/; classtype:trojan-activity;sid:84503623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640524/; classtype:trojan-activity;sid:84503624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640525/; classtype:trojan-activity;sid:84503625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020092624/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640522/; classtype:trojan-activity;sid:84503622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640521/; classtype:trojan-activity;sid:84503621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09112020083759/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640520/; classtype:trojan-activity;sid:84503620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640519/; classtype:trojan-activity;sid:84503619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640517/; classtype:trojan-activity;sid:84503617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640516/; classtype:trojan-activity;sid:84503616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640515/; classtype:trojan-activity;sid:84503615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640514/; classtype:trojan-activity;sid:84503614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640513/; classtype:trojan-activity;sid:84503613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020102318/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640512/; classtype:trojan-activity;sid:84503612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640511/; classtype:trojan-activity;sid:84503611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020081209/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640510/; classtype:trojan-activity;sid:84503610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26012020082038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640509/; classtype:trojan-activity;sid:84503609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640508/; classtype:trojan-activity;sid:84503608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640507/; classtype:trojan-activity;sid:84503607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640506/; classtype:trojan-activity;sid:84503606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10062020065859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640503/; classtype:trojan-activity;sid:84503603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640502/; classtype:trojan-activity;sid:84503602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020112213/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640501/; classtype:trojan-activity;sid:84503601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29102019085350/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640500/; classtype:trojan-activity;sid:84503600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640499/; classtype:trojan-activity;sid:84503599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640498/; classtype:trojan-activity;sid:84503598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020085209/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640497/; classtype:trojan-activity;sid:84503597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640496/; classtype:trojan-activity;sid:84503596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640495/; classtype:trojan-activity;sid:84503595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08102020083853/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640494/; classtype:trojan-activity;sid:84503594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640493/; classtype:trojan-activity;sid:84503593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640492/; classtype:trojan-activity;sid:84503592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640491/; classtype:trojan-activity;sid:84503591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01112019135307/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640490/; classtype:trojan-activity;sid:84503590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640488)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_320/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640488/; classtype:trojan-activity;sid:84503588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640486/; classtype:trojan-activity;sid:84503586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10092020082957/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640487/; classtype:trojan-activity;sid:84503587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640485/; classtype:trojan-activity;sid:84503585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640484/; classtype:trojan-activity;sid:84503584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640483)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/themes/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640483/; classtype:trojan-activity;sid:84503583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640482/; classtype:trojan-activity;sid:84503582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640481/; classtype:trojan-activity;sid:84503581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640479/; classtype:trojan-activity;sid:84503579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640478/; classtype:trojan-activity;sid:84503578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08102019084644/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640477/; classtype:trojan-activity;sid:84503577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08102019112741/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640476/; classtype:trojan-activity;sid:84503576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640474/; classtype:trojan-activity;sid:84503574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640475/; classtype:trojan-activity;sid:84503575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640472/; classtype:trojan-activity;sid:84503572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19112020085201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640473/; classtype:trojan-activity;sid:84503573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01112019111107/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640471/; classtype:trojan-activity;sid:84503571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640470/; classtype:trojan-activity;sid:84503570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640466/; classtype:trojan-activity;sid:84503566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22022020090140/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640467/; classtype:trojan-activity;sid:84503567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22022020073838/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640468/; classtype:trojan-activity;sid:84503568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640469/; classtype:trojan-activity;sid:84503569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640464/; classtype:trojan-activity;sid:84503564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640465/; classtype:trojan-activity;sid:84503565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22102019090506/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640460/; classtype:trojan-activity;sid:84503560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640461/; classtype:trojan-activity;sid:84503561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020071435/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640462/; classtype:trojan-activity;sid:84503562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640463/; classtype:trojan-activity;sid:84503563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640458/; classtype:trojan-activity;sid:84503558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640459/; classtype:trojan-activity;sid:84503559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02102020083438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640456/; classtype:trojan-activity;sid:84503556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16092020083653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640454/; classtype:trojan-activity;sid:84503554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640455/; classtype:trojan-activity;sid:84503555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08092020084719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640453/; classtype:trojan-activity;sid:84503553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14072020091038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640451/; classtype:trojan-activity;sid:84503551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08122019111842/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640449/; classtype:trojan-activity;sid:84503549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020091656/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640447/; classtype:trojan-activity;sid:84503547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020075758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640448/; classtype:trojan-activity;sid:84503548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640446/; classtype:trojan-activity;sid:84503546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640443/; classtype:trojan-activity;sid:84503543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640444/; classtype:trojan-activity;sid:84503544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11032020120109/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640445/; classtype:trojan-activity;sid:84503545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/25092020085038/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640442/; classtype:trojan-activity;sid:84503542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15072020092311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640441/; classtype:trojan-activity;sid:84503541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020103108/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640437/; classtype:trojan-activity;sid:84503537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13102019111251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640438/; classtype:trojan-activity;sid:84503538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16032020100530/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640439/; classtype:trojan-activity;sid:84503539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21022020070041/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640440/; classtype:trojan-activity;sid:84503540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640435/; classtype:trojan-activity;sid:84503535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020124342/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640429/; classtype:trojan-activity;sid:84503529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05032020111347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640431/; classtype:trojan-activity;sid:84503531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-11-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640432/; classtype:trojan-activity;sid:84503532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640433/; classtype:trojan-activity;sid:84503533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640434/; classtype:trojan-activity;sid:84503534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02072020084743/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640428/; classtype:trojan-activity;sid:84503528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640427/; classtype:trojan-activity;sid:84503527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640426/; classtype:trojan-activity;sid:84503526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640425/; classtype:trojan-activity;sid:84503525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640424/; classtype:trojan-activity;sid:84503524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640420/; classtype:trojan-activity;sid:84503520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020125811/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640422/; classtype:trojan-activity;sid:84503522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/12082020092146/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640418/; classtype:trojan-activity;sid:84503518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18092020083038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640419/; classtype:trojan-activity;sid:84503519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16092020083634/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640417/; classtype:trojan-activity;sid:84503517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640415/; classtype:trojan-activity;sid:84503515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640416/; classtype:trojan-activity;sid:84503516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020130444/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640414/; classtype:trojan-activity;sid:84503514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23022020101449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640413/; classtype:trojan-activity;sid:84503513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020084251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640412/; classtype:trojan-activity;sid:84503512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640410/; classtype:trojan-activity;sid:84503510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13082020083027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640411/; classtype:trojan-activity;sid:84503511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640409/; classtype:trojan-activity;sid:84503509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640405)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640405/; classtype:trojan-activity;sid:84503505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640406/; classtype:trojan-activity;sid:84503506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020091411/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640407/; classtype:trojan-activity;sid:84503507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26062020084710/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640408/; classtype:trojan-activity;sid:84503508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640403/; classtype:trojan-activity;sid:84503503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640404/; classtype:trojan-activity;sid:84503504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06082019093725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640402/; classtype:trojan-activity;sid:84503502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08102020100004/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640399/; classtype:trojan-activity;sid:84503499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29112019110822/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640400/; classtype:trojan-activity;sid:84503500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640401/; classtype:trojan-activity;sid:84503501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15072020085743/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640398/; classtype:trojan-activity;sid:84503498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640397/; classtype:trojan-activity;sid:84503497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640394/; classtype:trojan-activity;sid:84503494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01092019100303/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640395/; classtype:trojan-activity;sid:84503495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03012020110844/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640396/; classtype:trojan-activity;sid:84503496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640392/; classtype:trojan-activity;sid:84503492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20082019110313/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640391/; classtype:trojan-activity;sid:84503491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640389/; classtype:trojan-activity;sid:84503489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27082020084130/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640390/; classtype:trojan-activity;sid:84503490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640388/; classtype:trojan-activity;sid:84503488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640380/; classtype:trojan-activity;sid:84503480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640381/; classtype:trojan-activity;sid:84503481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640382/; classtype:trojan-activity;sid:84503482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019114118/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640383/; classtype:trojan-activity;sid:84503483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019103658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640384/; classtype:trojan-activity;sid:84503484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640385/; classtype:trojan-activity;sid:84503485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640386/; classtype:trojan-activity;sid:84503486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640387/; classtype:trojan-activity;sid:84503487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24112020081606/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640379/; classtype:trojan-activity;sid:84503479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640378/; classtype:trojan-activity;sid:84503478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16102020084300/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640377/; classtype:trojan-activity;sid:84503477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019110151/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640375/; classtype:trojan-activity;sid:84503475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640376/; classtype:trojan-activity;sid:84503476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26062020092258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640372/; classtype:trojan-activity;sid:84503472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640374/; classtype:trojan-activity;sid:84503474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26082020084159/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640371/; classtype:trojan-activity;sid:84503471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13102020085628/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640370/; classtype:trojan-activity;sid:84503470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640369/; classtype:trojan-activity;sid:84503469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640368/; classtype:trojan-activity;sid:84503468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640366/; classtype:trojan-activity;sid:84503466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08032020111641/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640364/; classtype:trojan-activity;sid:84503464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640365/; classtype:trojan-activity;sid:84503465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640363/; classtype:trojan-activity;sid:84503463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640362/; classtype:trojan-activity;sid:84503462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640361/; classtype:trojan-activity;sid:84503461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640360/; classtype:trojan-activity;sid:84503460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04092020084333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640359/; classtype:trojan-activity;sid:84503459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640358/; classtype:trojan-activity;sid:84503458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09092019111855/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640357/; classtype:trojan-activity;sid:84503457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18092019111304/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640356/; classtype:trojan-activity;sid:84503456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640355/; classtype:trojan-activity;sid:84503455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020070225/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640353/; classtype:trojan-activity;sid:84503453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640354/; classtype:trojan-activity;sid:84503454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31122019074448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640351/; classtype:trojan-activity;sid:84503451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02102019084911/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640352/; classtype:trojan-activity;sid:84503452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020120325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640348/; classtype:trojan-activity;sid:84503448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20082020082044/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640349/; classtype:trojan-activity;sid:84503449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640350/; classtype:trojan-activity;sid:84503450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640347/; classtype:trojan-activity;sid:84503447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640343/; classtype:trojan-activity;sid:84503443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020103458/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640344/; classtype:trojan-activity;sid:84503444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020072211/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640345/; classtype:trojan-activity;sid:84503445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640346/; classtype:trojan-activity;sid:84503446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640342/; classtype:trojan-activity;sid:84503442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2020-07-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640340/; classtype:trojan-activity;sid:84503440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30062020142635/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640341/; classtype:trojan-activity;sid:84503441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640338/; classtype:trojan-activity;sid:84503438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640335/; classtype:trojan-activity;sid:84503435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640336/; classtype:trojan-activity;sid:84503436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640337/; classtype:trojan-activity;sid:84503437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640334)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04122019111019/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640334/; classtype:trojan-activity;sid:84503434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020084358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640333/; classtype:trojan-activity;sid:84503433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020102745/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640327/; classtype:trojan-activity;sid:84503427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640328/; classtype:trojan-activity;sid:84503428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03082020091151/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640329/; classtype:trojan-activity;sid:84503429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12012020111432/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640330/; classtype:trojan-activity;sid:84503430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640331/; classtype:trojan-activity;sid:84503431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020132655/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640332/; classtype:trojan-activity;sid:84503432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020091755/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640326/; classtype:trojan-activity;sid:84503426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07022020083958/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640325/; classtype:trojan-activity;sid:84503425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640322/; classtype:trojan-activity;sid:84503422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17092020084342/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640323/; classtype:trojan-activity;sid:84503423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22012020111310/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640324/; classtype:trojan-activity;sid:84503424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24112020081150/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640320/; classtype:trojan-activity;sid:84503420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020102724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640321/; classtype:trojan-activity;sid:84503421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-04-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640316/; classtype:trojan-activity;sid:84503416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640317/; classtype:trojan-activity;sid:84503417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22082019111715/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640318/; classtype:trojan-activity;sid:84503418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640319/; classtype:trojan-activity;sid:84503419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17112019111453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640315/; classtype:trojan-activity;sid:84503415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640309/; classtype:trojan-activity;sid:84503409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640310/; classtype:trojan-activity;sid:84503410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12022020111505/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640311/; classtype:trojan-activity;sid:84503411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29062020085243/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640312/; classtype:trojan-activity;sid:84503412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12112019112424/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640313/; classtype:trojan-activity;sid:84503413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640314/; classtype:trojan-activity;sid:84503414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020080920/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640305/; classtype:trojan-activity;sid:84503405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06102019101754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640306/; classtype:trojan-activity;sid:84503406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640307/; classtype:trojan-activity;sid:84503407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640308/; classtype:trojan-activity;sid:84503408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28102020084220/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640304/; classtype:trojan-activity;sid:84503404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23102019104915/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640301/; classtype:trojan-activity;sid:84503401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27102020083249/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640302/; classtype:trojan-activity;sid:84503402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26122019090653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640299/; classtype:trojan-activity;sid:84503399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06092019073333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640300/; classtype:trojan-activity;sid:84503400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640298/; classtype:trojan-activity;sid:84503398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640293/; classtype:trojan-activity;sid:84503393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23082019103826/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640294/; classtype:trojan-activity;sid:84503394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06112020090234/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640295/; classtype:trojan-activity;sid:84503395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640296/; classtype:trojan-activity;sid:84503396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640297/; classtype:trojan-activity;sid:84503397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640291/; classtype:trojan-activity;sid:84503391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-10-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640292/; classtype:trojan-activity;sid:84503392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640289/; classtype:trojan-activity;sid:84503389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11032020111138/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640290/; classtype:trojan-activity;sid:84503390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25012020103550/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640288/; classtype:trojan-activity;sid:84503388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020073720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640286/; classtype:trojan-activity;sid:84503386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640287/; classtype:trojan-activity;sid:84503387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640285/; classtype:trojan-activity;sid:84503385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640282/; classtype:trojan-activity;sid:84503382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640283/; classtype:trojan-activity;sid:84503383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05102019081014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640284/; classtype:trojan-activity;sid:84503384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020083434/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640279/; classtype:trojan-activity;sid:84503379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640280/; classtype:trojan-activity;sid:84503380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05082020084122/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640281/; classtype:trojan-activity;sid:84503381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01072020083316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640278/; classtype:trojan-activity;sid:84503378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640274/; classtype:trojan-activity;sid:84503374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640275/; classtype:trojan-activity;sid:84503375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16062020082017/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640276/; classtype:trojan-activity;sid:84503376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640277/; classtype:trojan-activity;sid:84503377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640272/; classtype:trojan-activity;sid:84503372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640273/; classtype:trojan-activity;sid:84503373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26022020144542/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640268/; classtype:trojan-activity;sid:84503368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31012020141401/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640269/; classtype:trojan-activity;sid:84503369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09022020103704/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640270/; classtype:trojan-activity;sid:84503370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17082020084110/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640267/; classtype:trojan-activity;sid:84503367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640264/; classtype:trojan-activity;sid:84503364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640265/; classtype:trojan-activity;sid:84503365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02032020110905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640266/; classtype:trojan-activity;sid:84503366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640263/; classtype:trojan-activity;sid:84503363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640262/; classtype:trojan-activity;sid:84503362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640260/; classtype:trojan-activity;sid:84503360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17092020090851/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640261/; classtype:trojan-activity;sid:84503361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640259/; classtype:trojan-activity;sid:84503359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640256/; classtype:trojan-activity;sid:84503356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18082020081833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640257/; classtype:trojan-activity;sid:84503357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640258/; classtype:trojan-activity;sid:84503358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26102020075119/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640253/; classtype:trojan-activity;sid:84503353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05112019110750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640254/; classtype:trojan-activity;sid:84503354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020073308/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640255/; classtype:trojan-activity;sid:84503355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640252/; classtype:trojan-activity;sid:84503352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640251/; classtype:trojan-activity;sid:84503351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020093353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640250/; classtype:trojan-activity;sid:84503350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640246/; classtype:trojan-activity;sid:84503346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640247/; classtype:trojan-activity;sid:84503347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26012020082229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640248/; classtype:trojan-activity;sid:84503348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640249/; classtype:trojan-activity;sid:84503349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05082019111601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640244/; classtype:trojan-activity;sid:84503344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01092019095658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640245/; classtype:trojan-activity;sid:84503345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640238/; classtype:trojan-activity;sid:84503338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640239/; classtype:trojan-activity;sid:84503339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07102020082820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640240/; classtype:trojan-activity;sid:84503340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640241/; classtype:trojan-activity;sid:84503341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640242/; classtype:trojan-activity;sid:84503342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640243/; classtype:trojan-activity;sid:84503343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07082020085003/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640236/; classtype:trojan-activity;sid:84503336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15102019111749/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640235/; classtype:trojan-activity;sid:84503335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640230/; classtype:trojan-activity;sid:84503330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640231/; classtype:trojan-activity;sid:84503331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640232/; classtype:trojan-activity;sid:84503332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20122019111426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640233/; classtype:trojan-activity;sid:84503333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20092019112129/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640234/; classtype:trojan-activity;sid:84503334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/29092020084347/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640229/; classtype:trojan-activity;sid:84503329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640225/; classtype:trojan-activity;sid:84503325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22122019102757/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640226/; classtype:trojan-activity;sid:84503326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640227/; classtype:trojan-activity;sid:84503327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06122019110806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640228/; classtype:trojan-activity;sid:84503328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640224/; classtype:trojan-activity;sid:84503324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25082020144831/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640218/; classtype:trojan-activity;sid:84503318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09072020085136/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640219/; classtype:trojan-activity;sid:84503319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/29072020093546/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640220/; classtype:trojan-activity;sid:84503320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640221/; classtype:trojan-activity;sid:84503321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31102019111212/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640222/; classtype:trojan-activity;sid:84503322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28042020092036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640223/; classtype:trojan-activity;sid:84503323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640212/; classtype:trojan-activity;sid:84503312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640213/; classtype:trojan-activity;sid:84503313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21082020084614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640214/; classtype:trojan-activity;sid:84503314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640215/; classtype:trojan-activity;sid:84503315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019113128/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640216/; classtype:trojan-activity;sid:84503316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01102020083314/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640210/; classtype:trojan-activity;sid:84503310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21082020084351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640211/; classtype:trojan-activity;sid:84503311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640209/; classtype:trojan-activity;sid:84503309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020111257/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640206/; classtype:trojan-activity;sid:84503306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640207/; classtype:trojan-activity;sid:84503307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02102019111838/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640204/; classtype:trojan-activity;sid:84503304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28092020081646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640205/; classtype:trojan-activity;sid:84503305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13012020110907/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640202/; classtype:trojan-activity;sid:84503302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17082020083343/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640203/; classtype:trojan-activity;sid:84503303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04062020095615/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640201/; classtype:trojan-activity;sid:84503301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640200/; classtype:trojan-activity;sid:84503300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-03-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640197/; classtype:trojan-activity;sid:84503297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640198/; classtype:trojan-activity;sid:84503298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640199/; classtype:trojan-activity;sid:84503299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17082020135014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640193/; classtype:trojan-activity;sid:84503293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19082019110724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640195/; classtype:trojan-activity;sid:84503295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03112019070238/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640196/; classtype:trojan-activity;sid:84503296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020073817/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640192/; classtype:trojan-activity;sid:84503292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640191/; classtype:trojan-activity;sid:84503291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640190/; classtype:trojan-activity;sid:84503290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640189/; classtype:trojan-activity;sid:84503289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30072020083454/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640186/; classtype:trojan-activity;sid:84503286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640187/; classtype:trojan-activity;sid:84503287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020122636/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640188/; classtype:trojan-activity;sid:84503288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11122019111648/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640184/; classtype:trojan-activity;sid:84503284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640185/; classtype:trojan-activity;sid:84503285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17112020082856/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640181/; classtype:trojan-activity;sid:84503281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640182/; classtype:trojan-activity;sid:84503282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03092020083607/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640183/; classtype:trojan-activity;sid:84503283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31072020090603/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640179/; classtype:trojan-activity;sid:84503279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17112020082850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640175/; classtype:trojan-activity;sid:84503275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07012020110938/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640176/; classtype:trojan-activity;sid:84503276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06022020111317/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640177/; classtype:trojan-activity;sid:84503277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05122019102622/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640178/; classtype:trojan-activity;sid:84503278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11092019101353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640170/; classtype:trojan-activity;sid:84503270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020134415/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640171/; classtype:trojan-activity;sid:84503271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24112019092705/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640172/; classtype:trojan-activity;sid:84503272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020100109/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640173/; classtype:trojan-activity;sid:84503273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08012020085654/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640174/; classtype:trojan-activity;sid:84503274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019105311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640168/; classtype:trojan-activity;sid:84503268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19022020101950/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640169/; classtype:trojan-activity;sid:84503269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/01-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640167/; classtype:trojan-activity;sid:84503267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24092019114025/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640165/; classtype:trojan-activity;sid:84503265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16112019074835/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640164/; classtype:trojan-activity;sid:84503264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640163/; classtype:trojan-activity;sid:84503263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02072020090433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640162/; classtype:trojan-activity;sid:84503262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27082020090623/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640161/; classtype:trojan-activity;sid:84503261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640160/; classtype:trojan-activity;sid:84503260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640159/; classtype:trojan-activity;sid:84503259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640157/; classtype:trojan-activity;sid:84503257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640158/; classtype:trojan-activity;sid:84503258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020135302/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640154/; classtype:trojan-activity;sid:84503254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15112019075337/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640155/; classtype:trojan-activity;sid:84503255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19112019083249/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640156/; classtype:trojan-activity;sid:84503256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20082020102611/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640152/; classtype:trojan-activity;sid:84503252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03022020111935/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640153/; classtype:trojan-activity;sid:84503253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13032020083802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640150/; classtype:trojan-activity;sid:84503250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25102019112149/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640151/; classtype:trojan-activity;sid:84503251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04032020111247/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640149/; classtype:trojan-activity;sid:84503249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640146/; classtype:trojan-activity;sid:84503246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020101521/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640147/; classtype:trojan-activity;sid:84503247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640148/; classtype:trojan-activity;sid:84503248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640142/; classtype:trojan-activity;sid:84503242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16122019075948/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640143/; classtype:trojan-activity;sid:84503243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10112020091947/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640144/; classtype:trojan-activity;sid:84503244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06102019101439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640140/; classtype:trojan-activity;sid:84503240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05022020111116/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640141/; classtype:trojan-activity;sid:84503241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020104021/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640139/; classtype:trojan-activity;sid:84503239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31102019092133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640138/; classtype:trojan-activity;sid:84503238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640134/; classtype:trojan-activity;sid:84503234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640135/; classtype:trojan-activity;sid:84503235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640136/; classtype:trojan-activity;sid:84503236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02062020092842/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640137/; classtype:trojan-activity;sid:84503237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019105333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640131/; classtype:trojan-activity;sid:84503231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18112020084723/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640132/; classtype:trojan-activity;sid:84503232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640133/; classtype:trojan-activity;sid:84503233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640130/; classtype:trojan-activity;sid:84503230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640128/; classtype:trojan-activity;sid:84503228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640129/; classtype:trojan-activity;sid:84503229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640126/; classtype:trojan-activity;sid:84503226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640125/; classtype:trojan-activity;sid:84503225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08112019111614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640122/; classtype:trojan-activity;sid:84503222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020133526/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640123/; classtype:trojan-activity;sid:84503223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05082020084619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640124/; classtype:trojan-activity;sid:84503224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640121/; classtype:trojan-activity;sid:84503221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640119/; classtype:trojan-activity;sid:84503219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640120/; classtype:trojan-activity;sid:84503220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640118/; classtype:trojan-activity;sid:84503218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020102734/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640117/; classtype:trojan-activity;sid:84503217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16112020083847/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640116/; classtype:trojan-activity;sid:84503216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18122019104132/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640115/; classtype:trojan-activity;sid:84503215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13112019072053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640114/; classtype:trojan-activity;sid:84503214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23092020084739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640112/; classtype:trojan-activity;sid:84503212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26022020083229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640113/; classtype:trojan-activity;sid:84503213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27072020085711/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640111/; classtype:trojan-activity;sid:84503211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640110/; classtype:trojan-activity;sid:84503210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-08/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640109/; classtype:trojan-activity;sid:84503209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13072020090141/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640107/; classtype:trojan-activity;sid:84503207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17022020110254/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640108/; classtype:trojan-activity;sid:84503208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06012020110537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640106/; classtype:trojan-activity;sid:84503206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27022020081136/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640105/; classtype:trojan-activity;sid:84503205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31082020082957/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640104/; classtype:trojan-activity;sid:84503204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10012020110859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640101/; classtype:trojan-activity;sid:84503201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01012020081740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640102/; classtype:trojan-activity;sid:84503202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14022020071442/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640100/; classtype:trojan-activity;sid:84503200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640098/; classtype:trojan-activity;sid:84503198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12022020073613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640097/; classtype:trojan-activity;sid:84503197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640096/; classtype:trojan-activity;sid:84503196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020095020/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640095/; classtype:trojan-activity;sid:84503195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640093/; classtype:trojan-activity;sid:84503193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03072020085353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640094/; classtype:trojan-activity;sid:84503194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05092019112011/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640092/; classtype:trojan-activity;sid:84503192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26092019111629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640085/; classtype:trojan-activity;sid:84503185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640086/; classtype:trojan-activity;sid:84503186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03112019104921/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640087/; classtype:trojan-activity;sid:84503187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01032020080703/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640088/; classtype:trojan-activity;sid:84503188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640090/; classtype:trojan-activity;sid:84503190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640091/; classtype:trojan-activity;sid:84503191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640084/; classtype:trojan-activity;sid:84503184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640080/; classtype:trojan-activity;sid:84503180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640081/; classtype:trojan-activity;sid:84503181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11082019085643/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640082/; classtype:trojan-activity;sid:84503182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019084813/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640083/; classtype:trojan-activity;sid:84503183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640078/; classtype:trojan-activity;sid:84503178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640079/; classtype:trojan-activity;sid:84503179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22092020082850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640077/; classtype:trojan-activity;sid:84503177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640076/; classtype:trojan-activity;sid:84503176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640075/; classtype:trojan-activity;sid:84503175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/30092020084745/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640073/; classtype:trojan-activity;sid:84503173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19022020075912/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640074/; classtype:trojan-activity;sid:84503174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03032020110952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640070/; classtype:trojan-activity;sid:84503170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27122019111157/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640071/; classtype:trojan-activity;sid:84503171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03102019083900/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640072/; classtype:trojan-activity;sid:84503172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09082019111333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640068/; classtype:trojan-activity;sid:84503168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26012020083237/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640065/; classtype:trojan-activity;sid:84503165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14012020110758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640067/; classtype:trojan-activity;sid:84503167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04102019112220/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640063/; classtype:trojan-activity;sid:84503163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03022020111124/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640064/; classtype:trojan-activity;sid:84503164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15082019130601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640062/; classtype:trojan-activity;sid:84503162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22122019073226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640061/; classtype:trojan-activity;sid:84503161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21102020082747/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640060/; classtype:trojan-activity;sid:84503160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640058/; classtype:trojan-activity;sid:84503158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02092019094723/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640059/; classtype:trojan-activity;sid:84503159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08012020111051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640056/; classtype:trojan-activity;sid:84503156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30062020101303/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640057/; classtype:trojan-activity;sid:84503157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25092020083633/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640055/; classtype:trojan-activity;sid:84503155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640054/; classtype:trojan-activity;sid:84503154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10082020111342/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640053/; classtype:trojan-activity;sid:84503153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640050/; classtype:trojan-activity;sid:84503150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640051/; classtype:trojan-activity;sid:84503151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640052/; classtype:trojan-activity;sid:84503152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020102358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640048/; classtype:trojan-activity;sid:84503148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640049/; classtype:trojan-activity;sid:84503149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18092020084619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640047/; classtype:trojan-activity;sid:84503147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640042/; classtype:trojan-activity;sid:84503142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24012020073245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640043/; classtype:trojan-activity;sid:84503143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26102020075621/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640044/; classtype:trojan-activity;sid:84503144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11092020083630/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640045/; classtype:trojan-activity;sid:84503145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020072056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640041/; classtype:trojan-activity;sid:84503141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020074543/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640040/; classtype:trojan-activity;sid:84503140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640038/; classtype:trojan-activity;sid:84503138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020084258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640039/; classtype:trojan-activity;sid:84503139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26022020101729/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640034/; classtype:trojan-activity;sid:84503134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020081814/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640035/; classtype:trojan-activity;sid:84503135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640036/; classtype:trojan-activity;sid:84503136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10092019111201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640037/; classtype:trojan-activity;sid:84503137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083552/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640030/; classtype:trojan-activity;sid:84503130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640031/; classtype:trojan-activity;sid:84503131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640032/; classtype:trojan-activity;sid:84503132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2020-10-08/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640033/; classtype:trojan-activity;sid:84503133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29122019114423/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640029/; classtype:trojan-activity;sid:84503129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640026/; classtype:trojan-activity;sid:84503126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640027/; classtype:trojan-activity;sid:84503127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09082019072718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640028/; classtype:trojan-activity;sid:84503128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640025/; classtype:trojan-activity;sid:84503125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17022020102857/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640024/; classtype:trojan-activity;sid:84503124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640023/; classtype:trojan-activity;sid:84503123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640021/; classtype:trojan-activity;sid:84503121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640019/; classtype:trojan-activity;sid:84503119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15082019144543/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640020/; classtype:trojan-activity;sid:84503120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640018/; classtype:trojan-activity;sid:84503118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640014/; classtype:trojan-activity;sid:84503114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13112020084009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640015/; classtype:trojan-activity;sid:84503115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20022020075703/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640016/; classtype:trojan-activity;sid:84503116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640017/; classtype:trojan-activity;sid:84503117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27102020082932/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640008/; classtype:trojan-activity;sid:84503108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640009/; classtype:trojan-activity;sid:84503109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03062020090829/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640010/; classtype:trojan-activity;sid:84503110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30062020094507/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640011/; classtype:trojan-activity;sid:84503111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102020082929/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640012/; classtype:trojan-activity;sid:84503112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-07-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640013/; classtype:trojan-activity;sid:84503113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640007/; classtype:trojan-activity;sid:84503107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020100427/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640005/; classtype:trojan-activity;sid:84503105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23012020091928/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640006/; classtype:trojan-activity;sid:84503106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/2020-04-03/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640002/; classtype:trojan-activity;sid:84503102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08092020083536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640003/; classtype:trojan-activity;sid:84503103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640004/; classtype:trojan-activity;sid:84503104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640001/; classtype:trojan-activity;sid:84503101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639997/; classtype:trojan-activity;sid:84503097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020081552/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639998/; classtype:trojan-activity;sid:84503098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639999/; classtype:trojan-activity;sid:84503099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03092019105225/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639994/; classtype:trojan-activity;sid:84503094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020133808/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639995/; classtype:trojan-activity;sid:84503095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17012020084051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639996/; classtype:trojan-activity;sid:84503096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639989/; classtype:trojan-activity;sid:84503089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01102020083600/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639990/; classtype:trojan-activity;sid:84503090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13032020104927/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639991/; classtype:trojan-activity;sid:84503091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09112020083752/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639992/; classtype:trojan-activity;sid:84503092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09062020093848/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639993/; classtype:trojan-activity;sid:84503093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24082020090248/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639978/; classtype:trojan-activity;sid:84503078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16112020080638/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639979/; classtype:trojan-activity;sid:84503079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08022020072445/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639980/; classtype:trojan-activity;sid:84503080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07102020083555/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639981/; classtype:trojan-activity;sid:84503081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05032020083908/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639982/; classtype:trojan-activity;sid:84503082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639983/; classtype:trojan-activity;sid:84503083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19062020090232/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639984/; classtype:trojan-activity;sid:84503084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26012020111351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639985/; classtype:trojan-activity;sid:84503085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639986/; classtype:trojan-activity;sid:84503086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639987/; classtype:trojan-activity;sid:84503087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639988/; classtype:trojan-activity;sid:84503088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639977/; classtype:trojan-activity;sid:84503077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639972/; classtype:trojan-activity;sid:84503072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19092019074714/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639973/; classtype:trojan-activity;sid:84503073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21072020093617/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639974/; classtype:trojan-activity;sid:84503074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14082020081409/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639975/; classtype:trojan-activity;sid:84503075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10062020091936/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639976/; classtype:trojan-activity;sid:84503076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02082019112443/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639970/; classtype:trojan-activity;sid:84503070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08082019111219/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639971/; classtype:trojan-activity;sid:84503071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639967/; classtype:trojan-activity;sid:84503067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020081931/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639968/; classtype:trojan-activity;sid:84503068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23122019110916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639969/; classtype:trojan-activity;sid:84503069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639966/; classtype:trojan-activity;sid:84503066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17112019083053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639963/; classtype:trojan-activity;sid:84503063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27082020090628/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639964/; classtype:trojan-activity;sid:84503064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639965/; classtype:trojan-activity;sid:84503065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13032020103807/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639958/; classtype:trojan-activity;sid:84503058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112020082318/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639959/; classtype:trojan-activity;sid:84503059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020074114/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639960/; classtype:trojan-activity;sid:84503060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639961/; classtype:trojan-activity;sid:84503061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020123215/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639962/; classtype:trojan-activity;sid:84503062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639956/; classtype:trojan-activity;sid:84503056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-02-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639957/; classtype:trojan-activity;sid:84503057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020104048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639955/; classtype:trojan-activity;sid:84503055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639950/; classtype:trojan-activity;sid:84503050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639951/; classtype:trojan-activity;sid:84503051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639952/; classtype:trojan-activity;sid:84503052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22102019090025/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639953/; classtype:trojan-activity;sid:84503053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639954/; classtype:trojan-activity;sid:84503054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13072020085649/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639949/; classtype:trojan-activity;sid:84503049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20112019075837/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639948/; classtype:trojan-activity;sid:84503048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03112020074647/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639944/; classtype:trojan-activity;sid:84503044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639945/; classtype:trojan-activity;sid:84503045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639946/; classtype:trojan-activity;sid:84503046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639947/; classtype:trojan-activity;sid:84503047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04082019131545/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639934/; classtype:trojan-activity;sid:84503034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639935/; classtype:trojan-activity;sid:84503035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24122019093903/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639936/; classtype:trojan-activity;sid:84503036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20112020075653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639937/; classtype:trojan-activity;sid:84503037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639938/; classtype:trojan-activity;sid:84503038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639939/; classtype:trojan-activity;sid:84503039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639940/; classtype:trojan-activity;sid:84503040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020132949/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639941/; classtype:trojan-activity;sid:84503041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09032020100758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639942/; classtype:trojan-activity;sid:84503042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10082020090216/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639943/; classtype:trojan-activity;sid:84503043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08092020083658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639933/; classtype:trojan-activity;sid:84503033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639932/; classtype:trojan-activity;sid:84503032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639930/; classtype:trojan-activity;sid:84503030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30012020110551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639931/; classtype:trojan-activity;sid:84503031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01072020094419/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639929/; classtype:trojan-activity;sid:84503029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17082020090142/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639927/; classtype:trojan-activity;sid:84503027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19032020083840/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639928/; classtype:trojan-activity;sid:84503028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639925/; classtype:trojan-activity;sid:84503025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639926/; classtype:trojan-activity;sid:84503026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639924/; classtype:trojan-activity;sid:84503024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07022020111253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639923/; classtype:trojan-activity;sid:84503023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639922/; classtype:trojan-activity;sid:84503022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639918/; classtype:trojan-activity;sid:84503018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22112019100951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639919/; classtype:trojan-activity;sid:84503019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13122019111206/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639920/; classtype:trojan-activity;sid:84503020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020074513/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639921/; classtype:trojan-activity;sid:84503021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639917/; classtype:trojan-activity;sid:84503017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23012020092636/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639915/; classtype:trojan-activity;sid:84503015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639916/; classtype:trojan-activity;sid:84503016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29102020082309/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639914/; classtype:trojan-activity;sid:84503014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06082020090718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639911/; classtype:trojan-activity;sid:84503011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639912/; classtype:trojan-activity;sid:84503012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639910/; classtype:trojan-activity;sid:84503010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639909/; classtype:trojan-activity;sid:84503009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020081723/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639908/; classtype:trojan-activity;sid:84503008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639905/; classtype:trojan-activity;sid:84503005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639904/; classtype:trojan-activity;sid:84503004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18082019122449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639903/; classtype:trojan-activity;sid:84503003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020103538/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639902/; classtype:trojan-activity;sid:84503002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639901/; classtype:trojan-activity;sid:84503001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639895/; classtype:trojan-activity;sid:84502995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639896/; classtype:trojan-activity;sid:84502996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13122019135646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639897/; classtype:trojan-activity;sid:84502997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05012020143813/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639898/; classtype:trojan-activity;sid:84502998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15102020085329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639899/; classtype:trojan-activity;sid:84502999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27112019111246/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639900/; classtype:trojan-activity;sid:84503000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020083422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639887/; classtype:trojan-activity;sid:84502987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09012020110944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639888/; classtype:trojan-activity;sid:84502988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18092019085852/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639889/; classtype:trojan-activity;sid:84502989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639890/; classtype:trojan-activity;sid:84502990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639891/; classtype:trojan-activity;sid:84502991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020084523/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639892/; classtype:trojan-activity;sid:84502992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09072020081548/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639894/; classtype:trojan-activity;sid:84502994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08112019085005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639883/; classtype:trojan-activity;sid:84502983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04112019081526/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639884/; classtype:trojan-activity;sid:84502984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639885/; classtype:trojan-activity;sid:84502985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639882/; classtype:trojan-activity;sid:84502982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04092019110951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639879/; classtype:trojan-activity;sid:84502979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30092019083849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639880/; classtype:trojan-activity;sid:84502980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639881/; classtype:trojan-activity;sid:84502981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/erro%20processo/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639877/; classtype:trojan-activity;sid:84502977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639878/; classtype:trojan-activity;sid:84502978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11112020082600/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639874/; classtype:trojan-activity;sid:84502974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24012020111241/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639875/; classtype:trojan-activity;sid:84502975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639876/; classtype:trojan-activity;sid:84502976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639873/; classtype:trojan-activity;sid:84502973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14092020083253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639869/; classtype:trojan-activity;sid:84502969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639870/; classtype:trojan-activity;sid:84502970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05012020110642/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639871/; classtype:trojan-activity;sid:84502971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639868/; classtype:trojan-activity;sid:84502968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639866/; classtype:trojan-activity;sid:84502966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03032020102418/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639867/; classtype:trojan-activity;sid:84502967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639863/; classtype:trojan-activity;sid:84502963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639864/; classtype:trojan-activity;sid:84502964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20072020091121/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639865/; classtype:trojan-activity;sid:84502965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28012020073720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639861/; classtype:trojan-activity;sid:84502961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020114143/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639857/; classtype:trojan-activity;sid:84502957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639858/; classtype:trojan-activity;sid:84502958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639859/; classtype:trojan-activity;sid:84502959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639860/; classtype:trojan-activity;sid:84502960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23112020082717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639855/; classtype:trojan-activity;sid:84502955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/31072020085242/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639856/; classtype:trojan-activity;sid:84502956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04022020110839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639854/; classtype:trojan-activity;sid:84502954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019082345/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639853/; classtype:trojan-activity;sid:84502953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639852/; classtype:trojan-activity;sid:84502952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639851/; classtype:trojan-activity;sid:84502951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639850/; classtype:trojan-activity;sid:84502950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639847/; classtype:trojan-activity;sid:84502947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020085536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639848/; classtype:trojan-activity;sid:84502948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23112020080128/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639849/; classtype:trojan-activity;sid:84502949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639845/; classtype:trojan-activity;sid:84502945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30082019111821/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639846/; classtype:trojan-activity;sid:84502946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639843/; classtype:trojan-activity;sid:84502943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23102020113619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639844/; classtype:trojan-activity;sid:84502944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19012020071358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639842/; classtype:trojan-activity;sid:84502942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23012020092152/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639840/; classtype:trojan-activity;sid:84502940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09112020084306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639841/; classtype:trojan-activity;sid:84502941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05102020083904/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639833/; classtype:trojan-activity;sid:84502933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639834/; classtype:trojan-activity;sid:84502934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639835/; classtype:trojan-activity;sid:84502935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639836/; classtype:trojan-activity;sid:84502936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05102020081614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639837/; classtype:trojan-activity;sid:84502937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639838/; classtype:trojan-activity;sid:84502938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21112019085916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639839/; classtype:trojan-activity;sid:84502939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639829/; classtype:trojan-activity;sid:84502929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020075446/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639830/; classtype:trojan-activity;sid:84502930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639831/; classtype:trojan-activity;sid:84502931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07102020082825/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639832/; classtype:trojan-activity;sid:84502932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17062020084859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639827/; classtype:trojan-activity;sid:84502927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639828/; classtype:trojan-activity;sid:84502928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07082020084250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639819/; classtype:trojan-activity;sid:84502919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639820/; classtype:trojan-activity;sid:84502920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019110944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639821/; classtype:trojan-activity;sid:84502921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639822/; classtype:trojan-activity;sid:84502922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639823/; classtype:trojan-activity;sid:84502923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639824/; classtype:trojan-activity;sid:84502924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639825/; classtype:trojan-activity;sid:84502925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639826/; classtype:trojan-activity;sid:84502926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639814/; classtype:trojan-activity;sid:84502914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23102019105245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639815/; classtype:trojan-activity;sid:84502915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639816/; classtype:trojan-activity;sid:84502916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20102019110029/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639817/; classtype:trojan-activity;sid:84502917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08012020073801/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639818/; classtype:trojan-activity;sid:84502918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-09-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639813/; classtype:trojan-activity;sid:84502913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639812/; classtype:trojan-activity;sid:84502912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639811/; classtype:trojan-activity;sid:84502911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639809/; classtype:trojan-activity;sid:84502909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639810/; classtype:trojan-activity;sid:84502910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01022020102637/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639806/; classtype:trojan-activity;sid:84502906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639808/; classtype:trojan-activity;sid:84502908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639804/; classtype:trojan-activity;sid:84502904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11032020103137/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639805/; classtype:trojan-activity;sid:84502905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639801/; classtype:trojan-activity;sid:84502901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29022020081541/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639802/; classtype:trojan-activity;sid:84502902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29082019114231/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639803/; classtype:trojan-activity;sid:84502903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639798/; classtype:trojan-activity;sid:84502898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639799/; classtype:trojan-activity;sid:84502899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31012020085848/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639800/; classtype:trojan-activity;sid:84502900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020130026/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639796/; classtype:trojan-activity;sid:84502896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06082019113125/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639797/; classtype:trojan-activity;sid:84502897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03082020090205/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639795/; classtype:trojan-activity;sid:84502895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639794/; classtype:trojan-activity;sid:84502894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639788/; classtype:trojan-activity;sid:84502888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09062020095056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639789/; classtype:trojan-activity;sid:84502889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639790/; classtype:trojan-activity;sid:84502890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-05-28/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639791/; classtype:trojan-activity;sid:84502891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23102020082312/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639792/; classtype:trojan-activity;sid:84502892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639793/; classtype:trojan-activity;sid:84502893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639787/; classtype:trojan-activity;sid:84502887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21092020083859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639785/; classtype:trojan-activity;sid:84502885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639786/; classtype:trojan-activity;sid:84502886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020084709/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639781/; classtype:trojan-activity;sid:84502881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16082019111904/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639782/; classtype:trojan-activity;sid:84502882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020115230/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639783/; classtype:trojan-activity;sid:84502883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10122019102551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639784/; classtype:trojan-activity;sid:84502884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020083631/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639779/; classtype:trojan-activity;sid:84502879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10032020110052/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639780/; classtype:trojan-activity;sid:84502880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05102020084757/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639771/; classtype:trojan-activity;sid:84502871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639772/; classtype:trojan-activity;sid:84502872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639773/; classtype:trojan-activity;sid:84502873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24082020085902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639774/; classtype:trojan-activity;sid:84502874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639775/; classtype:trojan-activity;sid:84502875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639776/; classtype:trojan-activity;sid:84502876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/29102020082350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639777/; classtype:trojan-activity;sid:84502877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020090831/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639778/; classtype:trojan-activity;sid:84502878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-08-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639770/; classtype:trojan-activity;sid:84502870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20082019082941/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639767/; classtype:trojan-activity;sid:84502867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-10-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639768/; classtype:trojan-activity;sid:84502868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15032020103319/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639769/; classtype:trojan-activity;sid:84502869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020131117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639765/; classtype:trojan-activity;sid:84502865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020082718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639766/; classtype:trojan-activity;sid:84502866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639760/; classtype:trojan-activity;sid:84502860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020122030/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639761/; classtype:trojan-activity;sid:84502861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639763/; classtype:trojan-activity;sid:84502863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14102019084705/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639764/; classtype:trojan-activity;sid:84502864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639756/; classtype:trojan-activity;sid:84502856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639757/; classtype:trojan-activity;sid:84502857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639758/; classtype:trojan-activity;sid:84502858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639759/; classtype:trojan-activity;sid:84502859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639754/; classtype:trojan-activity;sid:84502854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30062020090329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639755/; classtype:trojan-activity;sid:84502855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-03-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639751/; classtype:trojan-activity;sid:84502851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019102909/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639752/; classtype:trojan-activity;sid:84502852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20022020082342/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639753/; classtype:trojan-activity;sid:84502853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11092019111609/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639746/; classtype:trojan-activity;sid:84502846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04032020110636/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639747/; classtype:trojan-activity;sid:84502847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639748/; classtype:trojan-activity;sid:84502848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09092020083221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639749/; classtype:trojan-activity;sid:84502849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639744/; classtype:trojan-activity;sid:84502844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15032020114400/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639745/; classtype:trojan-activity;sid:84502845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639742/; classtype:trojan-activity;sid:84502842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03082020084053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639743/; classtype:trojan-activity;sid:84502843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639740/; classtype:trojan-activity;sid:84502840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639741/; classtype:trojan-activity;sid:84502841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11082020084800/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639738/; classtype:trojan-activity;sid:84502838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639739/; classtype:trojan-activity;sid:84502839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28092020085509/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639735/; classtype:trojan-activity;sid:84502835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06072020085729/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639736/; classtype:trojan-activity;sid:84502836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639731/; classtype:trojan-activity;sid:84502831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020072536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639732/; classtype:trojan-activity;sid:84502832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18082019125623/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639734/; classtype:trojan-activity;sid:84502834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639729/; classtype:trojan-activity;sid:84502829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18082020084703/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639730/; classtype:trojan-activity;sid:84502830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11022020082315/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639728/; classtype:trojan-activity;sid:84502828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639727/; classtype:trojan-activity;sid:84502827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020120854/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639720/; classtype:trojan-activity;sid:84502820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639721/; classtype:trojan-activity;sid:84502821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639722/; classtype:trojan-activity;sid:84502822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639723/; classtype:trojan-activity;sid:84502823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020075736/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639724/; classtype:trojan-activity;sid:84502824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06112019135902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639718/; classtype:trojan-activity;sid:84502818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10082020090221/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639716/; classtype:trojan-activity;sid:84502816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083700/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639717/; classtype:trojan-activity;sid:84502817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639713/; classtype:trojan-activity;sid:84502813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639714/; classtype:trojan-activity;sid:84502814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639715/; classtype:trojan-activity;sid:84502815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639709/; classtype:trojan-activity;sid:84502809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01062020092311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639711/; classtype:trojan-activity;sid:84502811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639708/; classtype:trojan-activity;sid:84502808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24092020090102/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639699/; classtype:trojan-activity;sid:84502799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639700/; classtype:trojan-activity;sid:84502800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16022020101952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639701/; classtype:trojan-activity;sid:84502801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15092019133613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639702/; classtype:trojan-activity;sid:84502802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639703/; classtype:trojan-activity;sid:84502803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11092020084854/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639704/; classtype:trojan-activity;sid:84502804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12012020111716/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639705/; classtype:trojan-activity;sid:84502805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639706/; classtype:trojan-activity;sid:84502806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639707/; classtype:trojan-activity;sid:84502807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18062020084013/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639695/; classtype:trojan-activity;sid:84502795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020120603/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639696/; classtype:trojan-activity;sid:84502796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639697/; classtype:trojan-activity;sid:84502797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020120024/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639694/; classtype:trojan-activity;sid:84502794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639692/; classtype:trojan-activity;sid:84502792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15092019081708/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639693/; classtype:trojan-activity;sid:84502793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639689/; classtype:trojan-activity;sid:84502789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639690/; classtype:trojan-activity;sid:84502790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639691/; classtype:trojan-activity;sid:84502791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22062020084643/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639688/; classtype:trojan-activity;sid:84502788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08102020083849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639687/; classtype:trojan-activity;sid:84502787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639682/; classtype:trojan-activity;sid:84502782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16082019085315/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639683/; classtype:trojan-activity;sid:84502783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21022020080853/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639684/; classtype:trojan-activity;sid:84502784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639685/; classtype:trojan-activity;sid:84502785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639686/; classtype:trojan-activity;sid:84502786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020102228/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639679/; classtype:trojan-activity;sid:84502779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03102019112720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639681/; classtype:trojan-activity;sid:84502781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639678/; classtype:trojan-activity;sid:84502778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639676/; classtype:trojan-activity;sid:84502776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639674/; classtype:trojan-activity;sid:84502774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639675/; classtype:trojan-activity;sid:84502775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639669/; classtype:trojan-activity;sid:84502769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03112019070036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639670/; classtype:trojan-activity;sid:84502770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020080535/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639671/; classtype:trojan-activity;sid:84502771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01072020095640/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639672/; classtype:trojan-activity;sid:84502772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639673/; classtype:trojan-activity;sid:84502773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020092254/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639667/; classtype:trojan-activity;sid:84502767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03112020083749/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639668/; classtype:trojan-activity;sid:84502768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/12082020092141/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639663/; classtype:trojan-activity;sid:84502763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020084119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639665/; classtype:trojan-activity;sid:84502765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11102019111952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639666/; classtype:trojan-activity;sid:84502766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639662/; classtype:trojan-activity;sid:84502762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14092020084203/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639660/; classtype:trojan-activity;sid:84502760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639654/; classtype:trojan-activity;sid:84502754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10112020084012/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639655/; classtype:trojan-activity;sid:84502755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28122019084412/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639656/; classtype:trojan-activity;sid:84502756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019110715/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639657/; classtype:trojan-activity;sid:84502757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639658/; classtype:trojan-activity;sid:84502758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04112020082536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639659/; classtype:trojan-activity;sid:84502759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639649/; classtype:trojan-activity;sid:84502749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639650/; classtype:trojan-activity;sid:84502750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14092019094403/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639651/; classtype:trojan-activity;sid:84502751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09092020085507/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639652/; classtype:trojan-activity;sid:84502752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639653/; classtype:trojan-activity;sid:84502753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639647/; classtype:trojan-activity;sid:84502747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26082020084204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639641/; classtype:trojan-activity;sid:84502741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020134759/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639642/; classtype:trojan-activity;sid:84502742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10022020115748/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639643/; classtype:trojan-activity;sid:84502743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24102019081656/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639644/; classtype:trojan-activity;sid:84502744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639638/; classtype:trojan-activity;sid:84502738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639639/; classtype:trojan-activity;sid:84502739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639640/; classtype:trojan-activity;sid:84502740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639632/; classtype:trojan-activity;sid:84502732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639633/; classtype:trojan-activity;sid:84502733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639634/; classtype:trojan-activity;sid:84502734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020113111/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639635/; classtype:trojan-activity;sid:84502735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04082020085059/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639636/; classtype:trojan-activity;sid:84502736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639637/; classtype:trojan-activity;sid:84502737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16112020081236/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639631/; classtype:trojan-activity;sid:84502731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11022020082009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639629/; classtype:trojan-activity;sid:84502729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020075923/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639630/; classtype:trojan-activity;sid:84502730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-10-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639616/; classtype:trojan-activity;sid:84502716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01072020094018/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639617/; classtype:trojan-activity;sid:84502717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639618)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/2_0_50727/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639618/; classtype:trojan-activity;sid:84502718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08092020084724/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639619/; classtype:trojan-activity;sid:84502719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639620/; classtype:trojan-activity;sid:84502720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639621/; classtype:trojan-activity;sid:84502721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08012020074226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639622/; classtype:trojan-activity;sid:84502722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639623/; classtype:trojan-activity;sid:84502723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12112019075105/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639624/; classtype:trojan-activity;sid:84502724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639625/; classtype:trojan-activity;sid:84502725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020105757/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639626/; classtype:trojan-activity;sid:84502726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639627/; classtype:trojan-activity;sid:84502727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639628/; classtype:trojan-activity;sid:84502728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639613/; classtype:trojan-activity;sid:84502713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-08-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639614/; classtype:trojan-activity;sid:84502714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639615/; classtype:trojan-activity;sid:84502715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639611/; classtype:trojan-activity;sid:84502711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20102019112719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639612/; classtype:trojan-activity;sid:84502712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639609/; classtype:trojan-activity;sid:84502709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/30072020090333/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639610/; classtype:trojan-activity;sid:84502710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17122019110717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639608/; classtype:trojan-activity;sid:84502708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09092019111637/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639606/; classtype:trojan-activity;sid:84502706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639607/; classtype:trojan-activity;sid:84502707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639605/; classtype:trojan-activity;sid:84502705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639603/; classtype:trojan-activity;sid:84502703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29092019110355/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639604/; classtype:trojan-activity;sid:84502704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020102448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639602/; classtype:trojan-activity;sid:84502702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20012020114823/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639601/; classtype:trojan-activity;sid:84502701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02122019110838/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639598/; classtype:trojan-activity;sid:84502698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639599/; classtype:trojan-activity;sid:84502699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17112020082540/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639600/; classtype:trojan-activity;sid:84502700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639597/; classtype:trojan-activity;sid:84502697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/12-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639589/; classtype:trojan-activity;sid:84502689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03032020074449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639590/; classtype:trojan-activity;sid:84502690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-02-21/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639591/; classtype:trojan-activity;sid:84502691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05112020085426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639592/; classtype:trojan-activity;sid:84502692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639593/; classtype:trojan-activity;sid:84502693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21082019085347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639594/; classtype:trojan-activity;sid:84502694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639595/; classtype:trojan-activity;sid:84502695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639596/; classtype:trojan-activity;sid:84502696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639588/; classtype:trojan-activity;sid:84502688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020081408/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639583/; classtype:trojan-activity;sid:84502683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639584/; classtype:trojan-activity;sid:84502684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04082019084655/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639585/; classtype:trojan-activity;sid:84502685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639586/; classtype:trojan-activity;sid:84502686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31102019072830/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639581/; classtype:trojan-activity;sid:84502681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639582/; classtype:trojan-activity;sid:84502682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639577/; classtype:trojan-activity;sid:84502677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639578/; classtype:trojan-activity;sid:84502678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/03-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639579/; classtype:trojan-activity;sid:84502679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/31082020083341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639580/; classtype:trojan-activity;sid:84502680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639575/; classtype:trojan-activity;sid:84502675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22082019075937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639576/; classtype:trojan-activity;sid:84502676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09022020111331/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639571/; classtype:trojan-activity;sid:84502671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019110841/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639572/; classtype:trojan-activity;sid:84502672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639573/; classtype:trojan-activity;sid:84502673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639574/; classtype:trojan-activity;sid:84502674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639568/; classtype:trojan-activity;sid:84502668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639569/; classtype:trojan-activity;sid:84502669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639570/; classtype:trojan-activity;sid:84502670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639566/; classtype:trojan-activity;sid:84502666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639565/; classtype:trojan-activity;sid:84502665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639563/; classtype:trojan-activity;sid:84502663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020073214/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639564/; classtype:trojan-activity;sid:84502664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639562/; classtype:trojan-activity;sid:84502662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639557/; classtype:trojan-activity;sid:84502657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639558/; classtype:trojan-activity;sid:84502658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19012020102742/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639559/; classtype:trojan-activity;sid:84502659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639560/; classtype:trojan-activity;sid:84502660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28082020083744/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639561/; classtype:trojan-activity;sid:84502661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020113717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639555/; classtype:trojan-activity;sid:84502655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639554/; classtype:trojan-activity;sid:84502654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09102020082318/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639546/; classtype:trojan-activity;sid:84502646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020072707/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639547/; classtype:trojan-activity;sid:84502647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-08-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639549/; classtype:trojan-activity;sid:84502649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639550/; classtype:trojan-activity;sid:84502650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639551/; classtype:trojan-activity;sid:84502651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06102020130002/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639552/; classtype:trojan-activity;sid:84502652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16112020081243/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639553/; classtype:trojan-activity;sid:84502653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639543)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639543/; classtype:trojan-activity;sid:84502643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639544/; classtype:trojan-activity;sid:84502644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01092019071953/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639545/; classtype:trojan-activity;sid:84502645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639542/; classtype:trojan-activity;sid:84502642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639541/; classtype:trojan-activity;sid:84502641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639539/; classtype:trojan-activity;sid:84502639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639540)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05102020083859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639540/; classtype:trojan-activity;sid:84502640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020111707/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639534/; classtype:trojan-activity;sid:84502634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639535/; classtype:trojan-activity;sid:84502635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20112019100256/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639536/; classtype:trojan-activity;sid:84502636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22092019074945/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639537/; classtype:trojan-activity;sid:84502637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639538)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/12112020084702/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639538/; classtype:trojan-activity;sid:84502638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020092440/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639528/; classtype:trojan-activity;sid:84502628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19102020080704/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639529/; classtype:trojan-activity;sid:84502629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639530/; classtype:trojan-activity;sid:84502630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639531/; classtype:trojan-activity;sid:84502631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04082020083144/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639533/; classtype:trojan-activity;sid:84502633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639527/; classtype:trojan-activity;sid:84502627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639526/; classtype:trojan-activity;sid:84502626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11082020091056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639525/; classtype:trojan-activity;sid:84502625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28072020084117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639524/; classtype:trojan-activity;sid:84502624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21092020082654/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639519/; classtype:trojan-activity;sid:84502619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639520/; classtype:trojan-activity;sid:84502620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/14102020092025/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639521/; classtype:trojan-activity;sid:84502621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17112019081221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639522/; classtype:trojan-activity;sid:84502622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639523/; classtype:trojan-activity;sid:84502623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639517/; classtype:trojan-activity;sid:84502617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639518/; classtype:trojan-activity;sid:84502618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26112020083005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639512/; classtype:trojan-activity;sid:84502612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/02092020090350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639513/; classtype:trojan-activity;sid:84502613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23112020082726/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639515/; classtype:trojan-activity;sid:84502615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020125802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639516/; classtype:trojan-activity;sid:84502616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23102019132849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639511/; classtype:trojan-activity;sid:84502611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06092019110358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639508/; classtype:trojan-activity;sid:84502608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16032020100222/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639509/; classtype:trojan-activity;sid:84502609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639510/; classtype:trojan-activity;sid:84502610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020075725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639507/; classtype:trojan-activity;sid:84502607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12032020111238/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639503/; classtype:trojan-activity;sid:84502603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639504/; classtype:trojan-activity;sid:84502604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24092019102653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639505/; classtype:trojan-activity;sid:84502605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09022020144937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639501/; classtype:trojan-activity;sid:84502601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09062020113808/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639502/; classtype:trojan-activity;sid:84502602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17022020073339/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639500/; classtype:trojan-activity;sid:84502600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639498/; classtype:trojan-activity;sid:84502598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020073616/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639499/; classtype:trojan-activity;sid:84502599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26112019110601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639497/; classtype:trojan-activity;sid:84502597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639495/; classtype:trojan-activity;sid:84502595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639496/; classtype:trojan-activity;sid:84502596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28092020084805/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639492/; classtype:trojan-activity;sid:84502592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06112020083335/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639493/; classtype:trojan-activity;sid:84502593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639494/; classtype:trojan-activity;sid:84502594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/0011/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639483/; classtype:trojan-activity;sid:84502583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020103652/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639484/; classtype:trojan-activity;sid:84502584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03022020112951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639485/; classtype:trojan-activity;sid:84502585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639486/; classtype:trojan-activity;sid:84502586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07102019113952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639487/; classtype:trojan-activity;sid:84502587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19112020084628/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639488/; classtype:trojan-activity;sid:84502588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06102020120909/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639490/; classtype:trojan-activity;sid:84502590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639491/; classtype:trojan-activity;sid:84502591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639482/; classtype:trojan-activity;sid:84502582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02032020083839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639481/; classtype:trojan-activity;sid:84502581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08032020103000/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639479/; classtype:trojan-activity;sid:84502579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639480/; classtype:trojan-activity;sid:84502580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15092020083724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639474/; classtype:trojan-activity;sid:84502574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020110300/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639475/; classtype:trojan-activity;sid:84502575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639478/; classtype:trojan-activity;sid:84502578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639471/; classtype:trojan-activity;sid:84502571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639472/; classtype:trojan-activity;sid:84502572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639467/; classtype:trojan-activity;sid:84502567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22012020081724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639468/; classtype:trojan-activity;sid:84502568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03112020074640/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639469/; classtype:trojan-activity;sid:84502569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639470/; classtype:trojan-activity;sid:84502570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20072020090223/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639466/; classtype:trojan-activity;sid:84502566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639464/; classtype:trojan-activity;sid:84502564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639465/; classtype:trojan-activity;sid:84502565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020122058/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639463/; classtype:trojan-activity;sid:84502563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-06-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639460/; classtype:trojan-activity;sid:84502560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639461/; classtype:trojan-activity;sid:84502561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639462/; classtype:trojan-activity;sid:84502562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639458/; classtype:trojan-activity;sid:84502558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06102020083538/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639459/; classtype:trojan-activity;sid:84502559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/25112020083803/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639457/; classtype:trojan-activity;sid:84502557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020105330/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639449/; classtype:trojan-activity;sid:84502549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04062020092328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639450/; classtype:trojan-activity;sid:84502550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639451/; classtype:trojan-activity;sid:84502551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639452/; classtype:trojan-activity;sid:84502552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17032020085116/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639453/; classtype:trojan-activity;sid:84502553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22122019073549/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639454/; classtype:trojan-activity;sid:84502554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06112019135438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639455/; classtype:trojan-activity;sid:84502555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639456/; classtype:trojan-activity;sid:84502556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639445/; classtype:trojan-activity;sid:84502545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639446/; classtype:trojan-activity;sid:84502546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639447/; classtype:trojan-activity;sid:84502547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11032020091921/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639448/; classtype:trojan-activity;sid:84502548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03092019103102/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639444/; classtype:trojan-activity;sid:84502544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/11112020084111/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639442/; classtype:trojan-activity;sid:84502542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639443/; classtype:trojan-activity;sid:84502543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23122019073604/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639439/; classtype:trojan-activity;sid:84502539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639440/; classtype:trojan-activity;sid:84502540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14102020092022/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639441/; classtype:trojan-activity;sid:84502541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639437/; classtype:trojan-activity;sid:84502537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14102020102401/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639438/; classtype:trojan-activity;sid:84502538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14082019090706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639433/; classtype:trojan-activity;sid:84502533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20102020075126/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639434/; classtype:trojan-activity;sid:84502534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639435/; classtype:trojan-activity;sid:84502535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639431)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/4_0_30319/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639431/; classtype:trojan-activity;sid:84502531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639432/; classtype:trojan-activity;sid:84502532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639428/; classtype:trojan-activity;sid:84502528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020080237/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639429/; classtype:trojan-activity;sid:84502529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06092019111336/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639430/; classtype:trojan-activity;sid:84502530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639423/; classtype:trojan-activity;sid:84502523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10072020093358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639424/; classtype:trojan-activity;sid:84502524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17072020085911/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639425/; classtype:trojan-activity;sid:84502525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30062020102002/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639426/; classtype:trojan-activity;sid:84502526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639427/; classtype:trojan-activity;sid:84502527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09102019112058/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639421/; classtype:trojan-activity;sid:84502521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639422/; classtype:trojan-activity;sid:84502522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23022020072403/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639418/; classtype:trojan-activity;sid:84502518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14022020072009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639419/; classtype:trojan-activity;sid:84502519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020130325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639420/; classtype:trojan-activity;sid:84502520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639416/; classtype:trojan-activity;sid:84502516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16022020064123/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639417/; classtype:trojan-activity;sid:84502517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639415/; classtype:trojan-activity;sid:84502515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13072020085518/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639412/; classtype:trojan-activity;sid:84502512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20112020083816/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639413/; classtype:trojan-activity;sid:84502513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11022020111009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639414/; classtype:trojan-activity;sid:84502514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639411/; classtype:trojan-activity;sid:84502511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20122019073158/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639409/; classtype:trojan-activity;sid:84502509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639410/; classtype:trojan-activity;sid:84502510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19082020090548/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639402/; classtype:trojan-activity;sid:84502502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639403/; classtype:trojan-activity;sid:84502503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020134851/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639404/; classtype:trojan-activity;sid:84502504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639405)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10082020090720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639405/; classtype:trojan-activity;sid:84502505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639406/; classtype:trojan-activity;sid:84502506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639407/; classtype:trojan-activity;sid:84502507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04082019113653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639408/; classtype:trojan-activity;sid:84502508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639399/; classtype:trojan-activity;sid:84502499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06102020082316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639401/; classtype:trojan-activity;sid:84502501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639394/; classtype:trojan-activity;sid:84502494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639395/; classtype:trojan-activity;sid:84502495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/25082020083625/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639397/; classtype:trojan-activity;sid:84502497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05112020082645/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639391/; classtype:trojan-activity;sid:84502491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08072020083929/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639392/; classtype:trojan-activity;sid:84502492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08102020081012/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639393/; classtype:trojan-activity;sid:84502493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639389/; classtype:trojan-activity;sid:84502489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09102020084804/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639390/; classtype:trojan-activity;sid:84502490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020080702/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639387/; classtype:trojan-activity;sid:84502487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639385/; classtype:trojan-activity;sid:84502485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28012020074027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639382/; classtype:trojan-activity;sid:84502482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07102020094534/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639383/; classtype:trojan-activity;sid:84502483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24082020084629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639384/; classtype:trojan-activity;sid:84502484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10012020103245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639379/; classtype:trojan-activity;sid:84502479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21102019084027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639380/; classtype:trojan-activity;sid:84502480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112019084708/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639381/; classtype:trojan-activity;sid:84502481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639376/; classtype:trojan-activity;sid:84502476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639377/; classtype:trojan-activity;sid:84502477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639375/; classtype:trojan-activity;sid:84502475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17022020102208/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639373/; classtype:trojan-activity;sid:84502473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26082019085422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639374/; classtype:trojan-activity;sid:84502474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28112019111235/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639370/; classtype:trojan-activity;sid:84502470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07072020090050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639371/; classtype:trojan-activity;sid:84502471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639372)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639372/; classtype:trojan-activity;sid:84502472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/12112020084708/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639364/; classtype:trojan-activity;sid:84502464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639365/; classtype:trojan-activity;sid:84502465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020123608/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639366/; classtype:trojan-activity;sid:84502466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020104616/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639367/; classtype:trojan-activity;sid:84502467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10032020110725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639368/; classtype:trojan-activity;sid:84502468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639369/; classtype:trojan-activity;sid:84502469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020080122/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639363/; classtype:trojan-activity;sid:84502463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10022020110654/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639361/; classtype:trojan-activity;sid:84502461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13112019094121/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639362/; classtype:trojan-activity;sid:84502462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639355/; classtype:trojan-activity;sid:84502455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/31082020082335/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639356/; classtype:trojan-activity;sid:84502456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01092019100736/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639357/; classtype:trojan-activity;sid:84502457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24092020090107/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639358/; classtype:trojan-activity;sid:84502458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-01-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639359/; classtype:trojan-activity;sid:84502459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639360/; classtype:trojan-activity;sid:84502460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020085336/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639354/; classtype:trojan-activity;sid:84502454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639353/; classtype:trojan-activity;sid:84502453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639352/; classtype:trojan-activity;sid:84502452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639348/; classtype:trojan-activity;sid:84502448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639349/; classtype:trojan-activity;sid:84502449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25022020103040/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639351/; classtype:trojan-activity;sid:84502451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12112019111758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639346/; classtype:trojan-activity;sid:84502446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639347/; classtype:trojan-activity;sid:84502447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639345/; classtype:trojan-activity;sid:84502445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020085018/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639344/; classtype:trojan-activity;sid:84502444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639343/; classtype:trojan-activity;sid:84502443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04032020080357/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639341/; classtype:trojan-activity;sid:84502441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639342/; classtype:trojan-activity;sid:84502442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639311)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15_5vja6ls72gnqbjqkrme1i7bmit0fe4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639311/; classtype:trojan-activity;sid:84502411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639250)"; flow:established,from_client; content:"GET"; http_method; content:"/zrrf0ise1epm2m0.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639250/; classtype:trojan-activity;sid:84502350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639248)"; flow:established,from_client; content:"GET"; http_method; content:"/pcfxfbjllyual81.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639248/; classtype:trojan-activity;sid:84502348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639107)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639107/; classtype:trojan-activity;sid:84502207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639097)"; flow:established,from_client; content:"GET"; http_method; content:"/qudette/2wcwjxtg2340akf/releases/download/notmainrepo/setup.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639097/; classtype:trojan-activity;sid:84502197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639035/; classtype:trojan-activity;sid:84502135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639005/; classtype:trojan-activity;sid:84502105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3638945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3638945/; classtype:trojan-activity;sid:84502045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637224)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.100021.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637224/; classtype:trojan-activity;sid:84500324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637225)"; flow:established,from_client; content:"GET"; http_method; content:"/9a72e98cf86c4ecd97164522bc70bd2e_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637225/; classtype:trojan-activity;sid:84500325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637223)"; flow:established,from_client; content:"GET"; http_method; content:"/un1/unvurestorehardx.dat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.94.31.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637223/; classtype:trojan-activity;sid:84500323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637222)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/vcruntime140.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"51.178.30.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637222/; classtype:trojan-activity;sid:84500322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637210)"; flow:established,from_client; content:"GET"; http_method; content:"/images/bot.jpg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"atasapka.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637210/; classtype:trojan-activity;sid:84500310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23082024105108/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637189/; classtype:trojan-activity;sid:84500289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19092024115007/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637186/; classtype:trojan-activity;sid:84500286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024081607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637187/; classtype:trojan-activity;sid:84500287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27082024072850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637184/; classtype:trojan-activity;sid:84500284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12082024064105/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637183/; classtype:trojan-activity;sid:84500283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16082024070308/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637182/; classtype:trojan-activity;sid:84500282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13092024072525/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637181/; classtype:trojan-activity;sid:84500281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024115252/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637180/; classtype:trojan-activity;sid:84500280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21072024112418/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637179/; classtype:trojan-activity;sid:84500279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16082024104510/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637178/; classtype:trojan-activity;sid:84500278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637177/; classtype:trojan-activity;sid:84500277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024104005/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637176/; classtype:trojan-activity;sid:84500276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8343/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637175/; classtype:trojan-activity;sid:84500275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024173844/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637174/; classtype:trojan-activity;sid:84500274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024180426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637173/; classtype:trojan-activity;sid:84500273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024101008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637172/; classtype:trojan-activity;sid:84500272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637171/; classtype:trojan-activity;sid:84500271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024074431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637170/; classtype:trojan-activity;sid:84500270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024171022/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637168/; classtype:trojan-activity;sid:84500268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11072024080039/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637169/; classtype:trojan-activity;sid:84500269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12092024113946/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637167/; classtype:trojan-activity;sid:84500267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637166/; classtype:trojan-activity;sid:84500266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024104931/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637165/; classtype:trojan-activity;sid:84500265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12072024075828/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637164/; classtype:trojan-activity;sid:84500264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11092024115504/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637163/; classtype:trojan-activity;sid:84500263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637160/; classtype:trojan-activity;sid:84500260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024114132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637161/; classtype:trojan-activity;sid:84500261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25062024073012/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637159/; classtype:trojan-activity;sid:84500259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024110431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637158/; classtype:trojan-activity;sid:84500258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024091401/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637157/; classtype:trojan-activity;sid:84500257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024124718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637153/; classtype:trojan-activity;sid:84500253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024185433/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637154/; classtype:trojan-activity;sid:84500254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09072024110245/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637155/; classtype:trojan-activity;sid:84500255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637156)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/application%20files/hsmes_1_0_0_2/report/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637156/; classtype:trojan-activity;sid:84500256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09092024072321/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637149/; classtype:trojan-activity;sid:84500249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024180909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637150/; classtype:trojan-activity;sid:84500250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24092024073908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637151/; classtype:trojan-activity;sid:84500251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19062024071831/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637147/; classtype:trojan-activity;sid:84500247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21092024114951/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637148/; classtype:trojan-activity;sid:84500248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30062024113348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637145/; classtype:trojan-activity;sid:84500245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024113047/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637146/; classtype:trojan-activity;sid:84500246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04092024120154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637144/; classtype:trojan-activity;sid:84500244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01082024110241/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637143/; classtype:trojan-activity;sid:84500243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14072024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637141/; classtype:trojan-activity;sid:84500241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024185045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637142/; classtype:trojan-activity;sid:84500242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06092024072348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637139/; classtype:trojan-activity;sid:84500239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024070625/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637140/; classtype:trojan-activity;sid:84500240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18072024112759/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637137/; classtype:trojan-activity;sid:84500237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024155154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637136/; classtype:trojan-activity;sid:84500236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024113426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637135/; classtype:trojan-activity;sid:84500235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024113602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637133/; classtype:trojan-activity;sid:84500233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024163408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637134/; classtype:trojan-activity;sid:84500234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024110351/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637130/; classtype:trojan-activity;sid:84500230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024181446/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637131/; classtype:trojan-activity;sid:84500231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024115142/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637129/; classtype:trojan-activity;sid:84500229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09092024091444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637128/; classtype:trojan-activity;sid:84500228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23082024071038/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637127/; classtype:trojan-activity;sid:84500227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181518/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637122/; classtype:trojan-activity;sid:84500222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024120940/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637123/; classtype:trojan-activity;sid:84500223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112235/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637124/; classtype:trojan-activity;sid:84500224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17092024073614/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637125/; classtype:trojan-activity;sid:84500225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637126)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/application%20files/hsmes_1_0_0_2/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637126/; classtype:trojan-activity;sid:84500226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024122457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637120/; classtype:trojan-activity;sid:84500220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024112532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637117/; classtype:trojan-activity;sid:84500217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24062024072602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637118/; classtype:trojan-activity;sid:84500218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12092024070406/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637119/; classtype:trojan-activity;sid:84500219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024143513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637115/; classtype:trojan-activity;sid:84500215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024081755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637116/; classtype:trojan-activity;sid:84500216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024120234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637114/; classtype:trojan-activity;sid:84500214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024123916/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637113/; classtype:trojan-activity;sid:84500213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29082024122318/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637110/; classtype:trojan-activity;sid:84500210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/15072024080426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637111/; classtype:trojan-activity;sid:84500211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22092024115602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637112/; classtype:trojan-activity;sid:84500212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024125302/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637109/; classtype:trojan-activity;sid:84500209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114842/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637107/; classtype:trojan-activity;sid:84500207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16092024115114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637108/; classtype:trojan-activity;sid:84500208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/31072024070936/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637105/; classtype:trojan-activity;sid:84500205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17092024104334/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637106/; classtype:trojan-activity;sid:84500206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024072447/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637104/; classtype:trojan-activity;sid:84500204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024065930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637103/; classtype:trojan-activity;sid:84500203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024133101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637101/; classtype:trojan-activity;sid:84500201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024182036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637100/; classtype:trojan-activity;sid:84500200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19072024071620/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637098/; classtype:trojan-activity;sid:84500198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8029/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637096/; classtype:trojan-activity;sid:84500196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25092024150814/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637097/; classtype:trojan-activity;sid:84500197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024102505/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637092/; classtype:trojan-activity;sid:84500192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024131015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637093/; classtype:trojan-activity;sid:84500193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25062024105808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637090/; classtype:trojan-activity;sid:84500190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04092024072725/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637091/; classtype:trojan-activity;sid:84500191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20062024112748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637089/; classtype:trojan-activity;sid:84500189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024103622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637087/; classtype:trojan-activity;sid:84500187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16082024121016/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637088/; classtype:trojan-activity;sid:84500188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24092024103551/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637085/; classtype:trojan-activity;sid:84500185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024080017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637086/; classtype:trojan-activity;sid:84500186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024081535/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637082/; classtype:trojan-activity;sid:84500182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26072024111342/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637083/; classtype:trojan-activity;sid:84500183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125904/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637084/; classtype:trojan-activity;sid:84500184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637081)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/tek/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637081/; classtype:trojan-activity;sid:84500181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11092024075310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637080/; classtype:trojan-activity;sid:84500180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24072024121144/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637076/; classtype:trojan-activity;sid:84500176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637077)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/badmail/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637077/; classtype:trojan-activity;sid:84500177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06082024080109/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637078/; classtype:trojan-activity;sid:84500178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12072024072413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637079/; classtype:trojan-activity;sid:84500179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024071151/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637073/; classtype:trojan-activity;sid:84500173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024073559/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637074/; classtype:trojan-activity;sid:84500174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/18072024083258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637070/; classtype:trojan-activity;sid:84500170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024084736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637069/; classtype:trojan-activity;sid:84500169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024072046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637067/; classtype:trojan-activity;sid:84500167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08072024110224/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637068/; classtype:trojan-activity;sid:84500168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02092024075924/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637065/; classtype:trojan-activity;sid:84500165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30082024115734/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637064/; classtype:trojan-activity;sid:84500164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024075958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637062/; classtype:trojan-activity;sid:84500162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024173545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637063/; classtype:trojan-activity;sid:84500163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/06092024074954/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637060/; classtype:trojan-activity;sid:84500160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024112958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637056/; classtype:trojan-activity;sid:84500156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024180827/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637057/; classtype:trojan-activity;sid:84500157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05092024073851/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637058/; classtype:trojan-activity;sid:84500158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024175914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637055/; classtype:trojan-activity;sid:84500155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024181015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637054/; classtype:trojan-activity;sid:84500154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09082024151247/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637053/; classtype:trojan-activity;sid:84500153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024135901/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637052/; classtype:trojan-activity;sid:84500152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04072024073930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637050/; classtype:trojan-activity;sid:84500150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024111013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637051/; classtype:trojan-activity;sid:84500151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28092024110908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637047/; classtype:trojan-activity;sid:84500147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024124213/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637048/; classtype:trojan-activity;sid:84500148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024074659/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637049/; classtype:trojan-activity;sid:84500149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024071203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637046/; classtype:trojan-activity;sid:84500146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024163133/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637044/; classtype:trojan-activity;sid:84500144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25092024084516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637045/; classtype:trojan-activity;sid:84500145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024134811/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637042/; classtype:trojan-activity;sid:84500142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637037/; classtype:trojan-activity;sid:84500137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26062024074615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637038/; classtype:trojan-activity;sid:84500138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17092024073317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637041/; classtype:trojan-activity;sid:84500141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637035)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/crystal%20reports%20for%20.net%20framework%204.0/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637035/; classtype:trojan-activity;sid:84500135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024124018/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637036/; classtype:trojan-activity;sid:84500136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27092024120719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637034/; classtype:trojan-activity;sid:84500134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024115106/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637032/; classtype:trojan-activity;sid:84500132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02092024121943/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637030/; classtype:trojan-activity;sid:84500130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024173040/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637029/; classtype:trojan-activity;sid:84500129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17072024080628/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637026/; classtype:trojan-activity;sid:84500126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024144908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637027/; classtype:trojan-activity;sid:84500127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024112531/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637028/; classtype:trojan-activity;sid:84500128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024110733/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637025/; classtype:trojan-activity;sid:84500125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024161738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637024/; classtype:trojan-activity;sid:84500124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25062024074726/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637021/; classtype:trojan-activity;sid:84500121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02102024124124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637022/; classtype:trojan-activity;sid:84500122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024124212/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637023/; classtype:trojan-activity;sid:84500123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024170139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637020/; classtype:trojan-activity;sid:84500120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024090633/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637015/; classtype:trojan-activity;sid:84500115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024111719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637017/; classtype:trojan-activity;sid:84500117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13062024073315/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637019/; classtype:trojan-activity;sid:84500119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26092024073319/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637011/; classtype:trojan-activity;sid:84500111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/03072024075801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637012/; classtype:trojan-activity;sid:84500112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13092024065731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637013/; classtype:trojan-activity;sid:84500113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024155414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637014/; classtype:trojan-activity;sid:84500114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024131718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637007/; classtype:trojan-activity;sid:84500107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27062024115812/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637009/; classtype:trojan-activity;sid:84500109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024113310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637010/; classtype:trojan-activity;sid:84500110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024175225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637005/; classtype:trojan-activity;sid:84500105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024112226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637002/; classtype:trojan-activity;sid:84500102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/14062024181140/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637003/; classtype:trojan-activity;sid:84500103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024163914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637004/; classtype:trojan-activity;sid:84500104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12082024111034/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636999/; classtype:trojan-activity;sid:84500099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19062024111300/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637000/; classtype:trojan-activity;sid:84500100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02092024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637001/; classtype:trojan-activity;sid:84500101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024120757/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636997/; classtype:trojan-activity;sid:84500097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/07082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636996/; classtype:trojan-activity;sid:84500096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636993)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/drop/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636993/; classtype:trojan-activity;sid:84500093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024172104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636994/; classtype:trojan-activity;sid:84500094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024072015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636995/; classtype:trojan-activity;sid:84500095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024174028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636992/; classtype:trojan-activity;sid:84500092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10072024072615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636991/; classtype:trojan-activity;sid:84500091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03102024140347/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636990/; classtype:trojan-activity;sid:84500090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/29072024094428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636987/; classtype:trojan-activity;sid:84500087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114220/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636988/; classtype:trojan-activity;sid:84500088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19072024081323/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636986/; classtype:trojan-activity;sid:84500086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08082024072411/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636985/; classtype:trojan-activity;sid:84500085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636983)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/dotnetfx40/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636983/; classtype:trojan-activity;sid:84500083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636984)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/application%20files/hsmes_1_0_0_1/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636984/; classtype:trojan-activity;sid:84500084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024072722/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636982/; classtype:trojan-activity;sid:84500082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024071101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636979/; classtype:trojan-activity;sid:84500079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18092024104929/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636980/; classtype:trojan-activity;sid:84500080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8051/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636975/; classtype:trojan-activity;sid:84500075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024144032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636976/; classtype:trojan-activity;sid:84500076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26082024121258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636977/; classtype:trojan-activity;sid:84500077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024111920/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636967/; classtype:trojan-activity;sid:84500067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024121015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636968/; classtype:trojan-activity;sid:84500068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024175843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636969/; classtype:trojan-activity;sid:84500069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18062024121810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636970/; classtype:trojan-activity;sid:84500070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024130606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636971/; classtype:trojan-activity;sid:84500071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024115815/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636972/; classtype:trojan-activity;sid:84500072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024164829/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636973/; classtype:trojan-activity;sid:84500073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024071944/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636965/; classtype:trojan-activity;sid:84500065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024103900/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636966/; classtype:trojan-activity;sid:84500066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024130857/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636964/; classtype:trojan-activity;sid:84500064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06092024071949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636963/; classtype:trojan-activity;sid:84500063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024111134/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636957/; classtype:trojan-activity;sid:84500057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024174415/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636958/; classtype:trojan-activity;sid:84500058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02082024073257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636959/; classtype:trojan-activity;sid:84500059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024120537/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636960/; classtype:trojan-activity;sid:84500060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01072024102122/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636961/; classtype:trojan-activity;sid:84500061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024112004/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636962/; classtype:trojan-activity;sid:84500062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09072024071533/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636956/; classtype:trojan-activity;sid:84500056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024070804/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636955/; classtype:trojan-activity;sid:84500055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115442/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636954/; classtype:trojan-activity;sid:84500054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17072024080732/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636948/; classtype:trojan-activity;sid:84500048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19082024080051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636949/; classtype:trojan-activity;sid:84500049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024111159/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636950/; classtype:trojan-activity;sid:84500050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/07082024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636947/; classtype:trojan-activity;sid:84500047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024175546/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636946/; classtype:trojan-activity;sid:84500046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024103203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636945/; classtype:trojan-activity;sid:84500045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024165207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636942/; classtype:trojan-activity;sid:84500042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024093514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636943/; classtype:trojan-activity;sid:84500043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06092024114755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636944/; classtype:trojan-activity;sid:84500044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024123259/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636940/; classtype:trojan-activity;sid:84500040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23092024073238/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636941/; classtype:trojan-activity;sid:84500041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636937/; classtype:trojan-activity;sid:84500037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024104316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636936/; classtype:trojan-activity;sid:84500036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115848/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636935/; classtype:trojan-activity;sid:84500035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024071414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636934/; classtype:trojan-activity;sid:84500034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16092024105926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636933/; classtype:trojan-activity;sid:84500033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024174605/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636932/; classtype:trojan-activity;sid:84500032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024174233/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636931/; classtype:trojan-activity;sid:84500031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024081312/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636927/; classtype:trojan-activity;sid:84500027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02102024072353/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636928/; classtype:trojan-activity;sid:84500028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8325/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636930/; classtype:trojan-activity;sid:84500030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636925/; classtype:trojan-activity;sid:84500025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19062024070824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636926/; classtype:trojan-activity;sid:84500026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/22082024121329/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636920/; classtype:trojan-activity;sid:84500020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024155216/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636921/; classtype:trojan-activity;sid:84500021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24092024120511/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636922/; classtype:trojan-activity;sid:84500022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024180613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636923/; classtype:trojan-activity;sid:84500023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024165922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636919/; classtype:trojan-activity;sid:84500019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024114239/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636918/; classtype:trojan-activity;sid:84500018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024112036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636917/; classtype:trojan-activity;sid:84500017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8318/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636916/; classtype:trojan-activity;sid:84500016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024110606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636913/; classtype:trojan-activity;sid:84500013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024112609/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636914/; classtype:trojan-activity;sid:84500014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024122439/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636909/; classtype:trojan-activity;sid:84500009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/14062024123830/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636906/; classtype:trojan-activity;sid:84500006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024180043/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636908/; classtype:trojan-activity;sid:84500008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115112/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636905/; classtype:trojan-activity;sid:84500005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024090731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636904/; classtype:trojan-activity;sid:84500004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636903)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/application%20files/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636903/; classtype:trojan-activity;sid:84500003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23092024113222/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636902/; classtype:trojan-activity;sid:84500002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024134516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636899/; classtype:trojan-activity;sid:84499999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8334/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636897/; classtype:trojan-activity;sid:84499997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636894/; classtype:trojan-activity;sid:84499994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024151745/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636895/; classtype:trojan-activity;sid:84499995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024170717/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636892/; classtype:trojan-activity;sid:84499992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/08072024075903/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636883/; classtype:trojan-activity;sid:84499983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8325/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636884/; classtype:trojan-activity;sid:84499984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024114520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636885/; classtype:trojan-activity;sid:84499985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024153227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636886/; classtype:trojan-activity;sid:84499986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14082024075957/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636887/; classtype:trojan-activity;sid:84499987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26082024070716/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636888/; classtype:trojan-activity;sid:84499988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024072959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636890/; classtype:trojan-activity;sid:84499990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/13062024155232/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636882/; classtype:trojan-activity;sid:84499982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024111126/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636881/; classtype:trojan-activity;sid:84499981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04072024125301/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636880/; classtype:trojan-activity;sid:84499980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636876/; classtype:trojan-activity;sid:84499976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04092024091820/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636877/; classtype:trojan-activity;sid:84499977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024125032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636878/; classtype:trojan-activity;sid:84499978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30072024114118/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636872/; classtype:trojan-activity;sid:84499972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024083850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636873/; classtype:trojan-activity;sid:84499973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17062024072104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636874/; classtype:trojan-activity;sid:84499974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024125710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636875/; classtype:trojan-activity;sid:84499975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024103601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636871/; classtype:trojan-activity;sid:84499971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12082024120632/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636869/; classtype:trojan-activity;sid:84499969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636863/; classtype:trojan-activity;sid:84499963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024071932/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636864/; classtype:trojan-activity;sid:84499964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024143228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636865/; classtype:trojan-activity;sid:84499965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27092024124432/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636866/; classtype:trojan-activity;sid:84499966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636867/; classtype:trojan-activity;sid:84499967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13062024070655/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636868/; classtype:trojan-activity;sid:84499968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024072833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636862/; classtype:trojan-activity;sid:84499962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25092024120601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636859/; classtype:trojan-activity;sid:84499959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115123/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636860/; classtype:trojan-activity;sid:84499960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05072024071033/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636855/; classtype:trojan-activity;sid:84499955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04102024094250/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636856/; classtype:trojan-activity;sid:84499956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01082024101244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636857/; classtype:trojan-activity;sid:84499957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024091538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636850/; classtype:trojan-activity;sid:84499950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05082024114357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636851/; classtype:trojan-activity;sid:84499951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10092024070313/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636852/; classtype:trojan-activity;sid:84499952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23092024123854/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636853/; classtype:trojan-activity;sid:84499953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024112941/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636854/; classtype:trojan-activity;sid:84499954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/08072024113918/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636849/; classtype:trojan-activity;sid:84499949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8326/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636847/; classtype:trojan-activity;sid:84499947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11072024110808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636843/; classtype:trojan-activity;sid:84499943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8326/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636846/; classtype:trojan-activity;sid:84499946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024151521/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636839/; classtype:trojan-activity;sid:84499939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636842/; classtype:trojan-activity;sid:84499942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08072024070547/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636836/; classtype:trojan-activity;sid:84499936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26092024103307/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636837/; classtype:trojan-activity;sid:84499937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024134639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636835/; classtype:trojan-activity;sid:84499935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024120914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636833/; classtype:trojan-activity;sid:84499933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024104834/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636834/; classtype:trojan-activity;sid:84499934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01072024095738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636826/; classtype:trojan-activity;sid:84499926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10072024073020/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636827/; classtype:trojan-activity;sid:84499927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13082024065051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636828/; classtype:trojan-activity;sid:84499928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024074730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636829/; classtype:trojan-activity;sid:84499929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05092024071139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636830/; classtype:trojan-activity;sid:84499930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024143423/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636831/; classtype:trojan-activity;sid:84499931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01072024073548/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636832/; classtype:trojan-activity;sid:84499932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16092024075132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636825/; classtype:trojan-activity;sid:84499925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28062024112249/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636824/; classtype:trojan-activity;sid:84499924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18072024080738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636823/; classtype:trojan-activity;sid:84499923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06102024112545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636816/; classtype:trojan-activity;sid:84499916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181057/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636817/; classtype:trojan-activity;sid:84499917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02072024073145/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636818/; classtype:trojan-activity;sid:84499918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/21062024070935/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636819/; classtype:trojan-activity;sid:84499919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06082024120113/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636820/; classtype:trojan-activity;sid:84499920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27062024081736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636821/; classtype:trojan-activity;sid:84499921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29082024071803/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636822/; classtype:trojan-activity;sid:84499922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024113513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636815/; classtype:trojan-activity;sid:84499915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25072024071606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636814/; classtype:trojan-activity;sid:84499914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12062024085922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636812/; classtype:trojan-activity;sid:84499912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024152101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636813/; classtype:trojan-activity;sid:84499913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08072024113231/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636811/; classtype:trojan-activity;sid:84499911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636806/; classtype:trojan-activity;sid:84499906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636807/; classtype:trojan-activity;sid:84499907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/20082024121600/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636809/; classtype:trojan-activity;sid:84499909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26092024115544/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636810/; classtype:trojan-activity;sid:84499910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/28082024070417/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636803/; classtype:trojan-activity;sid:84499903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024143113/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636804/; classtype:trojan-activity;sid:84499904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13092024071052/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636800/; classtype:trojan-activity;sid:84499900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10062024180136/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636801/; classtype:trojan-activity;sid:84499901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175356/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636802/; classtype:trojan-activity;sid:84499902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27082024070328/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636799/; classtype:trojan-activity;sid:84499899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8050/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636798/; classtype:trojan-activity;sid:84499898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18062024071837/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636795/; classtype:trojan-activity;sid:84499895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18072024120409/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636796/; classtype:trojan-activity;sid:84499896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30082024111343/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636797/; classtype:trojan-activity;sid:84499897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/21082024112544/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636794/; classtype:trojan-activity;sid:84499894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19072024111357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636791/; classtype:trojan-activity;sid:84499891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024175200/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636784/; classtype:trojan-activity;sid:84499884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30072024115935/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636785/; classtype:trojan-activity;sid:84499885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024114819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636786/; classtype:trojan-activity;sid:84499886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024070959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636788/; classtype:trojan-activity;sid:84499888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05092024120909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636789/; classtype:trojan-activity;sid:84499889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05072024112530/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636790/; classtype:trojan-activity;sid:84499890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024115132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636783/; classtype:trojan-activity;sid:84499883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024114316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636782/; classtype:trojan-activity;sid:84499882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024113136/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636781/; classtype:trojan-activity;sid:84499881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04072024170824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636779/; classtype:trojan-activity;sid:84499879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024135746/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636780/; classtype:trojan-activity;sid:84499880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115515/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636777/; classtype:trojan-activity;sid:84499877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024115926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636778/; classtype:trojan-activity;sid:84499878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024082013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636775/; classtype:trojan-activity;sid:84499875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10072024110114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636776/; classtype:trojan-activity;sid:84499876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024071919/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636773/; classtype:trojan-activity;sid:84499873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19082024070444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636771/; classtype:trojan-activity;sid:84499871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024104419/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636772/; classtype:trojan-activity;sid:84499872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024070754/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636770/; classtype:trojan-activity;sid:84499870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024074514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636769/; classtype:trojan-activity;sid:84499869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23072024073428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636768/; classtype:trojan-activity;sid:84499868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024110029/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636767/; classtype:trojan-activity;sid:84499867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/30072024075615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636766/; classtype:trojan-activity;sid:84499866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024173603/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636764/; classtype:trojan-activity;sid:84499864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27092024072930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636763/; classtype:trojan-activity;sid:84499863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14092024070825/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636761/; classtype:trojan-activity;sid:84499861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024105405/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636762/; classtype:trojan-activity;sid:84499862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/31072024120304/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636760/; classtype:trojan-activity;sid:84499860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024171045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636759/; classtype:trojan-activity;sid:84499859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024083204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636757/; classtype:trojan-activity;sid:84499857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024175202/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636758/; classtype:trojan-activity;sid:84499858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/6011/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636756/; classtype:trojan-activity;sid:84499856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636755)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636755/; classtype:trojan-activity;sid:84499855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09082024071028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636754/; classtype:trojan-activity;sid:84499854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636753)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/bkp/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636753/; classtype:trojan-activity;sid:84499853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11062024074638/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636752/; classtype:trojan-activity;sid:84499852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8318/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636751/; classtype:trojan-activity;sid:84499851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024071328/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636750/; classtype:trojan-activity;sid:84499850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17082024111540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636749/; classtype:trojan-activity;sid:84499849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25072024111710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636748/; classtype:trojan-activity;sid:84499848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636746/; classtype:trojan-activity;sid:84499846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024072316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636745/; classtype:trojan-activity;sid:84499845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/03092024065611/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636743/; classtype:trojan-activity;sid:84499843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14062024182506/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636741/; classtype:trojan-activity;sid:84499841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/28062024162227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636740/; classtype:trojan-activity;sid:84499840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25082024112344/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636739/; classtype:trojan-activity;sid:84499839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05102024112225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636736/; classtype:trojan-activity;sid:84499836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024123948/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636735/; classtype:trojan-activity;sid:84499835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636733/; classtype:trojan-activity;sid:84499833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/21082024065715/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636734/; classtype:trojan-activity;sid:84499834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163507/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636728/; classtype:trojan-activity;sid:84499828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024111850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636729/; classtype:trojan-activity;sid:84499829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636730/; classtype:trojan-activity;sid:84499830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636731)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/pickup/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636731/; classtype:trojan-activity;sid:84499831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09072024072801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636732/; classtype:trojan-activity;sid:84499832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30082024070843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636727/; classtype:trojan-activity;sid:84499827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15072024111306/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636723/; classtype:trojan-activity;sid:84499823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24072024072622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636724/; classtype:trojan-activity;sid:84499824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23082024120742/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636726/; classtype:trojan-activity;sid:84499826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024121001/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636721/; classtype:trojan-activity;sid:84499821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024162753/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636722/; classtype:trojan-activity;sid:84499822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024130538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636719/; classtype:trojan-activity;sid:84499819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01102024075913/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636720/; classtype:trojan-activity;sid:84499820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31072024110649/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636717/; classtype:trojan-activity;sid:84499817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24092024074236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636718/; classtype:trojan-activity;sid:84499818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26092024073810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636715/; classtype:trojan-activity;sid:84499815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024073721/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636716/; classtype:trojan-activity;sid:84499816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/03102024114713/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636714/; classtype:trojan-activity;sid:84499814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27062024134606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636708/; classtype:trojan-activity;sid:84499808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25092024074358/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636709/; classtype:trojan-activity;sid:84499809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636710/; classtype:trojan-activity;sid:84499810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12092024065636/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636711/; classtype:trojan-activity;sid:84499811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024113359/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636712/; classtype:trojan-activity;sid:84499812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27062024074304/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636705/; classtype:trojan-activity;sid:84499805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20092024114457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636706/; classtype:trojan-activity;sid:84499806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636707)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/idi/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636707/; classtype:trojan-activity;sid:84499807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05072024105131/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636703/; classtype:trojan-activity;sid:84499803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12062024122748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636698/; classtype:trojan-activity;sid:84499798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636699/; classtype:trojan-activity;sid:84499799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024180206/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636693/; classtype:trojan-activity;sid:84499793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024172514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636694/; classtype:trojan-activity;sid:84499794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024070343/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636695/; classtype:trojan-activity;sid:84499795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/01082024070127/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636697/; classtype:trojan-activity;sid:84499797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/30092024073115/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636685/; classtype:trojan-activity;sid:84499785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04102024114428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636686/; classtype:trojan-activity;sid:84499786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024162506/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636687/; classtype:trojan-activity;sid:84499787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024112121/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636688/; classtype:trojan-activity;sid:84499788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13062024123930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636689/; classtype:trojan-activity;sid:84499789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024114833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636690/; classtype:trojan-activity;sid:84499790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22072024071046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636691/; classtype:trojan-activity;sid:84499791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636692/; classtype:trojan-activity;sid:84499792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12072024073215/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636683/; classtype:trojan-activity;sid:84499783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636684/; classtype:trojan-activity;sid:84499784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09092024080429/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636681/; classtype:trojan-activity;sid:84499781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8342/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636682/; classtype:trojan-activity;sid:84499782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16092024071437/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636678/; classtype:trojan-activity;sid:84499778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11092024070152/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636679/; classtype:trojan-activity;sid:84499779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19072024082257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636676/; classtype:trojan-activity;sid:84499776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024173539/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636666/; classtype:trojan-activity;sid:84499766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024074014/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636667/; classtype:trojan-activity;sid:84499767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636668)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/queue/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636668/; classtype:trojan-activity;sid:84499768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636669/; classtype:trojan-activity;sid:84499769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024094613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636671/; classtype:trojan-activity;sid:84499771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19082024113816/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636672/; classtype:trojan-activity;sid:84499772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02082024121949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636674/; classtype:trojan-activity;sid:84499774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024185923/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636675/; classtype:trojan-activity;sid:84499775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130440/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636662/; classtype:trojan-activity;sid:84499762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/05072024082450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636663/; classtype:trojan-activity;sid:84499763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024181236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636664/; classtype:trojan-activity;sid:84499764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024150907/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636665/; classtype:trojan-activity;sid:84499765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22082024114017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636656/; classtype:trojan-activity;sid:84499756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8059/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636658/; classtype:trojan-activity;sid:84499758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024154958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636659/; classtype:trojan-activity;sid:84499759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024075130/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636660/; classtype:trojan-activity;sid:84499760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024070807/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636654/; classtype:trojan-activity;sid:84499754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636653)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/application%20files/hsmes_1_0_0_1/report/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636653/; classtype:trojan-activity;sid:84499753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636589)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.80.79.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636589/; classtype:trojan-activity;sid:84499689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636583)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.71.141.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636583/; classtype:trojan-activity;sid:84499683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636496/; classtype:trojan-activity;sid:84499596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636475)"; flow:established,from_client; content:"GET"; http_method; content:"/231/imn__ie__09340040400400t0t040040040404040.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"104.168.0.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636475/; classtype:trojan-activity;sid:84499575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.26.210.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636408/; classtype:trojan-activity;sid:84499508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.26.210.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636356/; classtype:trojan-activity;sid:84499456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636195)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/m2-100125/main/ud.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636195/; classtype:trojan-activity;sid:84499295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636186)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/94fae7_2c7a859032924ae0aa0e819669ae9f3f.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"94fae730-597f-4442-813c-86263972a8f0.usrfiles.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636186/; classtype:trojan-activity;sid:84499286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636187)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/9325-m1/main/u-p.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636187/; classtype:trojan-activity;sid:84499287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636184)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/9325-m1/raw/main/u-p.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636184/; classtype:trojan-activity;sid:84499284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636161)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/main/pd-92725.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636161/; classtype:trojan-activity;sid:84499261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636159)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/raw/main/pd-92725.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636159/; classtype:trojan-activity;sid:84499259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636155)"; flow:established,from_client; content:"GET"; http_method; content:"/mh1-m1/pd/main/mh1-pd-92725.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636155/; classtype:trojan-activity;sid:84499255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636156)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/main/u-p.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636156/; classtype:trojan-activity;sid:84499256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636151)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-mrw/f096dbcbef9efb4ac45d4b7171898fbc1a4d5d38/ud.png"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636151/; classtype:trojan-activity;sid:84499251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636152)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/u-mrw-1/feeddc44327a3d7f5328ebad35ebe132d0e18f92/ud.png"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636152/; classtype:trojan-activity;sid:84499252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636153)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/a4916b0dfc5588abf04daa866fddc42054a11368/ud.png"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636153/; classtype:trojan-activity;sid:84499253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636147)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/66bcf33bad15036f44df9c2ca7808a5de38435a5/u-p.png"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636147/; classtype:trojan-activity;sid:84499247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636149)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636149/; classtype:trojan-activity;sid:84499249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636141)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/1/296b891ef5d15bc30620bcccb0660d36d3d0a0f9/ud.png"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636141/; classtype:trojan-activity;sid:84499241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635944/; classtype:trojan-activity;sid:84499044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635869)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fpesky%20(5).txt|3f|alt=media|7c|26|7c|token=7e30d39e-c339-4bf9-82f6-84ca73f9407b"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635869/; classtype:trojan-activity;sid:84498969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635868)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fdllsky%20(1).txt|3f|alt=media|7c|26|7c|token=534a43d1-25fa-4b07-9351-33997cb48df4"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635868/; classtype:trojan-activity;sid:84498968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635863)"; flow:established,from_client; content:"GET"; http_method; content:"/022b63ba1671438baf93c3478a38c1f3_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635863/; classtype:trojan-activity;sid:84498963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635861)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.46.55.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635861/; classtype:trojan-activity;sid:84498961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635853)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.111.146.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635853/; classtype:trojan-activity;sid:84498953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635763)"; flow:established,from_client; content:"GET"; http_method; content:"/3nxw7k1naozhquf.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635763/; classtype:trojan-activity;sid:84498863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635568/; classtype:trojan-activity;sid:84498668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635467)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635467/; classtype:trojan-activity;sid:84498567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635397)"; flow:established,from_client; content:"GET"; http_method; content:"/newdef/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635397/; classtype:trojan-activity;sid:84498497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.121.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635222/; classtype:trojan-activity;sid:84498322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635162)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsshell"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635162/; classtype:trojan-activity;sid:84498262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635163)"; flow:established,from_client; content:"GET"; http_method; content:"/mpslshell"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635163/; classtype:trojan-activity;sid:84498263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.132.64.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635127/; classtype:trojan-activity;sid:84498227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635032)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635032/; classtype:trojan-activity;sid:84498132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.126.240.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634846/; classtype:trojan-activity;sid:84497946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634693)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634693/; classtype:trojan-activity;sid:84497793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634681)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.241.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634681/; classtype:trojan-activity;sid:84497781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634369/; classtype:trojan-activity;sid:84497469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634292)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/raw/refs/heads/main/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634292/; classtype:trojan-activity;sid:84497392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634172)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634172/; classtype:trojan-activity;sid:84497272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634099)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634099/; classtype:trojan-activity;sid:84497199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634067)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.164.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634067/; classtype:trojan-activity;sid:84497167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634044)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.132.64.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634044/; classtype:trojan-activity;sid:84497144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.55.196.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634053/; classtype:trojan-activity;sid:84497153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634040/; classtype:trojan-activity;sid:84497140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633839)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/stardust.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633839/; classtype:trojan-activity;sid:84496939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633818)"; flow:established,from_client; content:"GET"; http_method; content:"/7225f9883fc64073995f51b690b52405_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633818/; classtype:trojan-activity;sid:84496918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633817)"; flow:established,from_client; content:"GET"; http_method; content:"/dadaasads_new.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633817/; classtype:trojan-activity;sid:84496917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633814)"; flow:established,from_client; content:"GET"; http_method; content:"/e79da345977745cda131abcb29a7c9c7_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633814/; classtype:trojan-activity;sid:84496914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633813)"; flow:established,from_client; content:"GET"; http_method; content:"/fc2e7a9930c9496c9df103b2bff5e372_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633813/; classtype:trojan-activity;sid:84496913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633807)"; flow:established,from_client; content:"GET"; http_method; content:"/60e36e6b2727419892cfbb9f5b559a36_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633807/; classtype:trojan-activity;sid:84496907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633808)"; flow:established,from_client; content:"GET"; http_method; content:"/801b0b4d118a4c0a8c4523e7805f5227_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633808/; classtype:trojan-activity;sid:84496908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633809)"; flow:established,from_client; content:"GET"; http_method; content:"/nahui.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633809/; classtype:trojan-activity;sid:84496909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633810)"; flow:established,from_client; content:"GET"; http_method; content:"/2ddf2ed413fc4398a385d2358175d594_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633810/; classtype:trojan-activity;sid:84496910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633811)"; flow:established,from_client; content:"GET"; http_method; content:"/5adc506dc0ca4f15a5b295d8a6e5b8ba_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633811/; classtype:trojan-activity;sid:84496911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633812)"; flow:established,from_client; content:"GET"; http_method; content:"/7afe95200e5c4eb5ba891393388dc7f6_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633812/; classtype:trojan-activity;sid:84496912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633720)"; flow:established,from_client; content:"GET"; http_method; content:"/pryut9ggg7vybdlt_encoded.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633720/; classtype:trojan-activity;sid:84496820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633718)"; flow:established,from_client; content:"GET"; http_method; content:"/client_encoded.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633718/; classtype:trojan-activity;sid:84496818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633712)"; flow:established,from_client; content:"GET"; http_method; content:"/001/items.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"110.40.199.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633712/; classtype:trojan-activity;sid:84496812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633559)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633559/; classtype:trojan-activity;sid:84496659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633560)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633560/; classtype:trojan-activity;sid:84496660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633561)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633561/; classtype:trojan-activity;sid:84496661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633558)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633558/; classtype:trojan-activity;sid:84496658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633551)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633551/; classtype:trojan-activity;sid:84496651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633552)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633552/; classtype:trojan-activity;sid:84496652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633555)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633555/; classtype:trojan-activity;sid:84496655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633556)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633556/; classtype:trojan-activity;sid:84496656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633404)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633404/; classtype:trojan-activity;sid:84496504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633181)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"109.205.213.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633181/; classtype:trojan-activity;sid:84496281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.180.65.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633173/; classtype:trojan-activity;sid:84496273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.112.126.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633174/; classtype:trojan-activity;sid:84496274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633158)"; flow:established,from_client; content:"GET"; http_method; content:"/powercat.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.72.214.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633158/; classtype:trojan-activity;sid:84496258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633151)"; flow:established,from_client; content:"GET"; http_method; content:"/tuzo690lxztymz8w_encoded.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633151/; classtype:trojan-activity;sid:84496251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633150)"; flow:established,from_client; content:"GET"; http_method; content:"/system.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633150/; classtype:trojan-activity;sid:84496250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633149)"; flow:established,from_client; content:"GET"; http_method; content:"/2_encoded.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633149/; classtype:trojan-activity;sid:84496249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633148)"; flow:established,from_client; content:"GET"; http_method; content:"/system.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633148/; classtype:trojan-activity;sid:84496248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633144)"; flow:established,from_client; content:"GET"; http_method; content:"/irs_audit_requirements.bat"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633144/; classtype:trojan-activity;sid:84496244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633145)"; flow:established,from_client; content:"GET"; http_method; content:"/system.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633145/; classtype:trojan-activity;sid:84496245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633146)"; flow:established,from_client; content:"GET"; http_method; content:"/opymoqhl2s5q9dru_encoded.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633146/; classtype:trojan-activity;sid:84496246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633034)"; flow:established,from_client; content:"GET"; http_method; content:"/ac4601204d87420b972a82e811cfc373_bound_build.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633034/; classtype:trojan-activity;sid:84496134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633033)"; flow:established,from_client; content:"GET"; http_method; content:"/6b7ad8800ae6412dae598c36721bbf7e_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633033/; classtype:trojan-activity;sid:84496133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633032)"; flow:established,from_client; content:"GET"; http_method; content:"/bip.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633032/; classtype:trojan-activity;sid:84496132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633031)"; flow:established,from_client; content:"GET"; http_method; content:"/02fc1b2d05b84ca5bf2fdfdd848dbe80_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633031/; classtype:trojan-activity;sid:84496131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633023)"; flow:established,from_client; content:"GET"; http_method; content:"/sadd.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633023/; classtype:trojan-activity;sid:84496123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633024)"; flow:established,from_client; content:"GET"; http_method; content:"/b14d81cea548432f94a3b88811ab9493_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633024/; classtype:trojan-activity;sid:84496124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633025)"; flow:established,from_client; content:"GET"; http_method; content:"/dcc1897f1f3d4db59c631f87330304ce_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633025/; classtype:trojan-activity;sid:84496125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633027)"; flow:established,from_client; content:"GET"; http_method; content:"/63c7147f4e954226ae1dfdbb35eea44d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633027/; classtype:trojan-activity;sid:84496127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633028)"; flow:established,from_client; content:"GET"; http_method; content:"/f442f2229aa44a31959716dc100dd99d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633028/; classtype:trojan-activity;sid:84496128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633029)"; flow:established,from_client; content:"GET"; http_method; content:"/21dd7038a1a34c159308849c1dea9071_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633029/; classtype:trojan-activity;sid:84496129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633030)"; flow:established,from_client; content:"GET"; http_method; content:"/config.json"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.204.214.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633030/; classtype:trojan-activity;sid:84496130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632935)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrofachin/badboycheats-fivem-ragemp-gtav-hack-cheat-legit-mod-menu/raw/refs/heads/main/nosographic/badboycheats-fivem-ragemp-gtav-hack-cheat-legit-mod-menu.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632935/; classtype:trojan-activity;sid:84496035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632934)"; flow:established,from_client; content:"GET"; http_method; content:"/evonpredictor/evon-excuter/releases/download/v1.0.1/evonexcuter.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632934/; classtype:trojan-activity;sid:84496034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632926)"; flow:established,from_client; content:"GET"; http_method; content:"/lusstepx/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632926/; classtype:trojan-activity;sid:84496026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632903)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/bocavenue.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"versaclean.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632903/; classtype:trojan-activity;sid:84496003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632883)"; flow:established,from_client; content:"GET"; http_method; content:"/minki166/vente-spoofer-and-cheats-base/raw/refs/heads/main/anubing/vente-spoofer-and-cheats-base.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632883/; classtype:trojan-activity;sid:84495983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632845)"; flow:established,from_client; content:"GET"; http_method; content:"/am_def/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632845/; classtype:trojan-activity;sid:84495945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632821/; classtype:trojan-activity;sid:84495921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632802/; classtype:trojan-activity;sid:84495902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632441)"; flow:established,from_client; content:"GET"; http_method; content:"/abis.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632441/; classtype:trojan-activity;sid:84495541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632299)"; flow:established,from_client; content:"GET"; http_method; content:"/ske1et2/telegrams-best-scrapper/raw/refs/heads/main/slouchy/telegrams-best-scrapper.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632299/; classtype:trojan-activity;sid:84495399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632295)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6357156118/v9aq0oo.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632295/; classtype:trojan-activity;sid:84495395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/qs3d6fk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632233/; classtype:trojan-activity;sid:84495333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.185.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632095/; classtype:trojan-activity;sid:84495195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.185.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632081/; classtype:trojan-activity;sid:84495181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632017)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/muncerian.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"213.165.60.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3632017/; classtype:trojan-activity;sid:84495117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631856)"; flow:established,from_client; content:"GET"; http_method; content:"/d88nzn5yhehmocs.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631856/; classtype:trojan-activity;sid:84494956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631855)"; flow:established,from_client; content:"GET"; http_method; content:"/xpqeeqububaya8g.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631855/; classtype:trojan-activity;sid:84494955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631854)"; flow:established,from_client; content:"GET"; http_method; content:"/cakq8mkaahzyegl.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631854/; classtype:trojan-activity;sid:84494954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631849)"; flow:established,from_client; content:"GET"; http_method; content:"/ieykxpnuh9r9m17.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631849/; classtype:trojan-activity;sid:84494949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631832/; classtype:trojan-activity;sid:84494932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631825)"; flow:established,from_client; content:"GET"; http_method; content:"/renewable.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"86.54.24.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631825/; classtype:trojan-activity;sid:84494925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631737)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"93.152.230.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631737/; classtype:trojan-activity;sid:84494837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631699)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/crystal/wp.vbs"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"arhitectpitesti.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631699/; classtype:trojan-activity;sid:84494799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631646)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/n0t5lax.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631646/; classtype:trojan-activity;sid:84494746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631642)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/manifestbillionswealths.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"katyache.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631642/; classtype:trojan-activity;sid:84494742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631593)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/installer.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631593/; classtype:trojan-activity;sid:84494693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631583)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/tlp.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631583/; classtype:trojan-activity;sid:84494683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631574)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1488.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631574/; classtype:trojan-activity;sid:84494674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631575)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1210.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631575/; classtype:trojan-activity;sid:84494675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631555)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631555/; classtype:trojan-activity;sid:84494655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631554)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/bsg.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631554/; classtype:trojan-activity;sid:84494654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631545)"; flow:established,from_client; content:"GET"; http_method; content:"/down/run.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.94.31.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631545/; classtype:trojan-activity;sid:84494645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631358)"; flow:established,from_client; content:"GET"; http_method; content:"/mot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.208.158.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631358/; classtype:trojan-activity;sid:84494458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631233)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.95.148.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631233/; classtype:trojan-activity;sid:84494333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631018)"; flow:established,from_client; content:"GET"; http_method; content:"/89f8085471984c84baafa725056af4b5_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631018/; classtype:trojan-activity;sid:84494118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631019)"; flow:established,from_client; content:"GET"; http_method; content:"/ac69535812ba45b5a1e6e058852d125f_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631019/; classtype:trojan-activity;sid:84494119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631012)"; flow:established,from_client; content:"GET"; http_method; content:"/bfd43a6f3a1a4b748ef2d52e64a9d734_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631012/; classtype:trojan-activity;sid:84494112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631013)"; flow:established,from_client; content:"GET"; http_method; content:"/1553fbb2b1f945438f2744a16750122c_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631013/; classtype:trojan-activity;sid:84494113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630986)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/05/sd4.ps1"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630986/; classtype:trojan-activity;sid:84494086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630988)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/05/sd2.ps1"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630988/; classtype:trojan-activity;sid:84494088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630984)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/05/strayedkl.ps1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630984/; classtype:trojan-activity;sid:84494084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630985)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/05/idiotropicek4.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"wellbeingdr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630985/; classtype:trojan-activity;sid:84494085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630975)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview++.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1.15.230.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630975/; classtype:trojan-activity;sid:84494075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630972)"; flow:established,from_client; content:"GET"; http_method; content:"/vidar/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630972/; classtype:trojan-activity;sid:84494072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630793)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8292810163/hjfvgvb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630793/; classtype:trojan-activity;sid:84493893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630791)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8070726592/a9x2how.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630791/; classtype:trojan-activity;sid:84493891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630790)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7461826239/kffvoaa.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630790/; classtype:trojan-activity;sid:84493890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630546)"; flow:established,from_client; content:"GET"; http_method; content:"/shaerrlys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630546/; classtype:trojan-activity;sid:84493646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630505)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"170.106.110.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630505/; classtype:trojan-activity;sid:84493605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.6.141.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630487/; classtype:trojan-activity;sid:84493587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630427)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630427/; classtype:trojan-activity;sid:84493527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630421)"; flow:established,from_client; content:"GET"; http_method; content:"/vidar/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.154.35.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630421/; classtype:trojan-activity;sid:84493521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630420)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.154.35.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630420/; classtype:trojan-activity;sid:84493520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.200.87.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630393/; classtype:trojan-activity;sid:84493493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630368)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.204.214.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630368/; classtype:trojan-activity;sid:84493468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630366)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.204.214.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630366/; classtype:trojan-activity;sid:84493466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630333)"; flow:established,from_client; content:"GET"; http_method; content:"/1.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.124.179.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630333/; classtype:trojan-activity;sid:84493433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630334)"; flow:established,from_client; content:"GET"; http_method; content:"/2.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.124.179.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630334/; classtype:trojan-activity;sid:84493434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630311)"; flow:established,from_client; content:"GET"; http_method; content:"/gamebeta.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"119.29.162.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630311/; classtype:trojan-activity;sid:84493411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630309)"; flow:established,from_client; content:"GET"; http_method; content:"/dbghelp.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"119.29.162.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630309/; classtype:trojan-activity;sid:84493409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630307)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/buding501/dbghelp.dll"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.40.13.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630307/; classtype:trojan-activity;sid:84493407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630263)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/139assicc.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.205.253.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630263/; classtype:trojan-activity;sid:84493363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630236)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630236/; classtype:trojan-activity;sid:84493336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630232)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630232/; classtype:trojan-activity;sid:84493332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630233)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630233/; classtype:trojan-activity;sid:84493333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630234)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630234/; classtype:trojan-activity;sid:84493334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630230)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630230/; classtype:trojan-activity;sid:84493330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630231)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630231/; classtype:trojan-activity;sid:84493331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630229)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630229/; classtype:trojan-activity;sid:84493329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630227)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630227/; classtype:trojan-activity;sid:84493327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630228)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630228/; classtype:trojan-activity;sid:84493328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630223)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630223/; classtype:trojan-activity;sid:84493323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630224)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630224/; classtype:trojan-activity;sid:84493324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630226)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630226/; classtype:trojan-activity;sid:84493326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630222)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630222/; classtype:trojan-activity;sid:84493322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629997)"; flow:established,from_client; content:"GET"; http_method; content:"/ff"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629997/; classtype:trojan-activity;sid:84493097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629863)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629863/; classtype:trojan-activity;sid:84492963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629842)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629842/; classtype:trojan-activity;sid:84492942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629843)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629843/; classtype:trojan-activity;sid:84492943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629844)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629844/; classtype:trojan-activity;sid:84492944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629846)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629846/; classtype:trojan-activity;sid:84492946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629847)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629847/; classtype:trojan-activity;sid:84492947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629848)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629848/; classtype:trojan-activity;sid:84492948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629850)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629850/; classtype:trojan-activity;sid:84492950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629851)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629851/; classtype:trojan-activity;sid:84492951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629852)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629852/; classtype:trojan-activity;sid:84492952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629853)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629853/; classtype:trojan-activity;sid:84492953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629857)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629857/; classtype:trojan-activity;sid:84492957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629858)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629858/; classtype:trojan-activity;sid:84492958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629859)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629859/; classtype:trojan-activity;sid:84492959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629860)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629860/; classtype:trojan-activity;sid:84492960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629861)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629861/; classtype:trojan-activity;sid:84492961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629862)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629862/; classtype:trojan-activity;sid:84492962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629837)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629837/; classtype:trojan-activity;sid:84492937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629839)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629839/; classtype:trojan-activity;sid:84492939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629841)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629841/; classtype:trojan-activity;sid:84492941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629833)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629833/; classtype:trojan-activity;sid:84492933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629834)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629834/; classtype:trojan-activity;sid:84492934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629832)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629832/; classtype:trojan-activity;sid:84492932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629831)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629831/; classtype:trojan-activity;sid:84492931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629829)"; flow:established,from_client; content:"GET"; http_method; content:"/rtz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629829/; classtype:trojan-activity;sid:84492929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629830)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629830/; classtype:trojan-activity;sid:84492930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629695)"; flow:established,from_client; content:"GET"; http_method; content:"/vidar/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629695/; classtype:trojan-activity;sid:84492795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629698)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/epc3vmt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629698/; classtype:trojan-activity;sid:84492798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629281/; classtype:trojan-activity;sid:84492381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629197)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629197/; classtype:trojan-activity;sid:84492297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629170)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629170/; classtype:trojan-activity;sid:84492270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629169)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629169/; classtype:trojan-activity;sid:84492269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629163/; classtype:trojan-activity;sid:84492263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629164)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629164/; classtype:trojan-activity;sid:84492264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629166)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629166/; classtype:trojan-activity;sid:84492266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629168/; classtype:trojan-activity;sid:84492268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629160/; classtype:trojan-activity;sid:84492260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629116/; classtype:trojan-activity;sid:84492216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628626)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/test.jpg|3f|12711313"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628626/; classtype:trojan-activity;sid:84491726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628622)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/wjxpugv.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628622/; classtype:trojan-activity;sid:84491722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628619)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.48.50.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628619/; classtype:trojan-activity;sid:84491719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.117.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628584/; classtype:trojan-activity;sid:84491684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628235)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hello/random.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628235/; classtype:trojan-activity;sid:84491335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7639673951/lwwiinc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628233/; classtype:trojan-activity;sid:84491333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628104)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.149.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628104/; classtype:trojan-activity;sid:84491204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627972)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627972/; classtype:trojan-activity;sid:84491072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.154.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627935/; classtype:trojan-activity;sid:84491035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.121.198.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627934/; classtype:trojan-activity;sid:84491034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627876)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627876/; classtype:trojan-activity;sid:84490976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627865)"; flow:established,from_client; content:"GET"; http_method; content:"/artifact.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"113.45.225.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627865/; classtype:trojan-activity;sid:84490965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627848)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627848/; classtype:trojan-activity;sid:84490948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627849)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627849/; classtype:trojan-activity;sid:84490949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627850)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627850/; classtype:trojan-activity;sid:84490950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627851)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627851/; classtype:trojan-activity;sid:84490951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627852)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627852/; classtype:trojan-activity;sid:84490952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627854)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627854/; classtype:trojan-activity;sid:84490954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627855)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627855/; classtype:trojan-activity;sid:84490955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627856)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627856/; classtype:trojan-activity;sid:84490956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627844/; classtype:trojan-activity;sid:84490944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627845)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627845/; classtype:trojan-activity;sid:84490945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627846)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627846/; classtype:trojan-activity;sid:84490946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627847)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627847/; classtype:trojan-activity;sid:84490947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627797)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627797/; classtype:trojan-activity;sid:84490897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627790)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627790/; classtype:trojan-activity;sid:84490890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627791)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627791/; classtype:trojan-activity;sid:84490891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627794)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627794/; classtype:trojan-activity;sid:84490894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627796)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627796/; classtype:trojan-activity;sid:84490896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627773)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627773/; classtype:trojan-activity;sid:84490873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627766)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627766/; classtype:trojan-activity;sid:84490866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627697)"; flow:established,from_client; content:"GET"; http_method; content:"/rad/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627697/; classtype:trojan-activity;sid:84490797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627674)"; flow:established,from_client; content:"GET"; http_method; content:"/krsu1apiygkyet9.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627674/; classtype:trojan-activity;sid:84490774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627675)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/solick.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627675/; classtype:trojan-activity;sid:84490775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627676)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/solick.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627676/; classtype:trojan-activity;sid:84490776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627678)"; flow:established,from_client; content:"GET"; http_method; content:"/nlxhm2qlwg0rmot.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627678/; classtype:trojan-activity;sid:84490778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627673)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"158.94.209.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627673/; classtype:trojan-activity;sid:84490773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627483)"; flow:established,from_client; content:"GET"; http_method; content:"/c.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627483/; classtype:trojan-activity;sid:84490583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627481)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hello/stub.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627481/; classtype:trojan-activity;sid:84490581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627223)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.47.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627223/; classtype:trojan-activity;sid:84490323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627217)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.145.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627217/; classtype:trojan-activity;sid:84490317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.203.86.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627206/; classtype:trojan-activity;sid:84490306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.6.9.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627200/; classtype:trojan-activity;sid:84490300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627167)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%98%9f%e7%a9%ba%e9%ad%94%e5%9f%9f.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"120.24.60.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627167/; classtype:trojan-activity;sid:84490267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627116)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627116/; classtype:trojan-activity;sid:84490216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626915)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626915/; classtype:trojan-activity;sid:84490015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626917)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.137.70.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626917/; classtype:trojan-activity;sid:84490017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626924)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.137.70.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626924/; classtype:trojan-activity;sid:84490024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626925)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626925/; classtype:trojan-activity;sid:84490025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626926)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.137.70.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626926/; classtype:trojan-activity;sid:84490026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626928)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626928/; classtype:trojan-activity;sid:84490028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626883)"; flow:established,from_client; content:"GET"; http_method; content:"/jammx4im1btscsq.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626883/; classtype:trojan-activity;sid:84489983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626814)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626814/; classtype:trojan-activity;sid:84489914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626810)"; flow:established,from_client; content:"GET"; http_method; content:"/rhadamanthys.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626810/; classtype:trojan-activity;sid:84489910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626805)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626805/; classtype:trojan-activity;sid:84489905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626699)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sostexampp.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626699/; classtype:trojan-activity;sid:84489799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626691)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"remdefrem.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626691/; classtype:trojan-activity;sid:84489791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626505)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626505/; classtype:trojan-activity;sid:84489605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626324)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.146.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626324/; classtype:trojan-activity;sid:84489424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626314)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.13.137.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626314/; classtype:trojan-activity;sid:84489414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.247.56.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626295/; classtype:trojan-activity;sid:84489395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.106.98.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626308/; classtype:trojan-activity;sid:84489408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626275)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.62.255.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626275/; classtype:trojan-activity;sid:84489375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626101)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626101/; classtype:trojan-activity;sid:84489201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626100)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626100/; classtype:trojan-activity;sid:84489200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626097)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626097/; classtype:trojan-activity;sid:84489197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626098)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626098/; classtype:trojan-activity;sid:84489198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626039)"; flow:established,from_client; content:"GET"; http_method; content:"/vq7qnspptll2njm.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626039/; classtype:trojan-activity;sid:84489139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626036)"; flow:established,from_client; content:"GET"; http_method; content:"/carrierpacket/fullcarrierpacket.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"loadstopdocs.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626036/; classtype:trojan-activity;sid:84489136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625911)"; flow:established,from_client; content:"GET"; http_method; content:"/493d0dfa7e0a46fe89bdfab48f9ce98f_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3625911/; classtype:trojan-activity;sid:84489011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625809)"; flow:established,from_client; content:"GET"; http_method; content:"/miport.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625809/; classtype:trojan-activity;sid:84488909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp53.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.61.149.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625750/; classtype:trojan-activity;sid:84488850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625751)"; flow:established,from_client; content:"GET"; http_method; content:"/vs8080.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.61.149.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625751/; classtype:trojan-activity;sid:84488851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625749)"; flow:established,from_client; content:"GET"; http_method; content:"/8.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.61.149.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625749/; classtype:trojan-activity;sid:84488849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625748)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.61.149.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625748/; classtype:trojan-activity;sid:84488848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625744)"; flow:established,from_client; content:"GET"; http_method; content:"/game.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.42.139.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625744/; classtype:trojan-activity;sid:84488844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625655)"; flow:established,from_client; content:"GET"; http_method; content:"/w/video.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zidomasones.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625655/; classtype:trojan-activity;sid:84488755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625654)"; flow:established,from_client; content:"GET"; http_method; content:"/w/photo.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zidomasones.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625654/; classtype:trojan-activity;sid:84488754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625653)"; flow:established,from_client; content:"GET"; http_method; content:"/w/av.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zidomasones.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625653/; classtype:trojan-activity;sid:84488753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625651)"; flow:established,from_client; content:"GET"; http_method; content:"/w/photo.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zidomasones.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625651/; classtype:trojan-activity;sid:84488751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625650)"; flow:established,from_client; content:"GET"; http_method; content:"/w/av.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zidomasones.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625650/; classtype:trojan-activity;sid:84488750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625649)"; flow:established,from_client; content:"GET"; http_method; content:"/w/video.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zidomasones.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625649/; classtype:trojan-activity;sid:84488749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625633/; classtype:trojan-activity;sid:84488733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625631)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.x86_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625631/; classtype:trojan-activity;sid:84488731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625629)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_linux_x64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"39.100.71.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625629/; classtype:trojan-activity;sid:84488729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625630)"; flow:established,from_client; content:"GET"; http_method; content:"/1sc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"39.100.71.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625630/; classtype:trojan-activity;sid:84488730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625627)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.x86_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625627/; classtype:trojan-activity;sid:84488727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625604)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.armv4_32"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625604/; classtype:trojan-activity;sid:84488704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625605)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.ppc_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625605/; classtype:trojan-activity;sid:84488705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625608)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm5_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625608/; classtype:trojan-activity;sid:84488708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625609)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm5_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625609/; classtype:trojan-activity;sid:84488709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625610)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625610/; classtype:trojan-activity;sid:84488710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625611)"; flow:established,from_client; content:"GET"; http_method; content:"/mynode.mips_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625611/; classtype:trojan-activity;sid:84488711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625613)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm5_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625613/; classtype:trojan-activity;sid:84488713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625615)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mips_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625615/; classtype:trojan-activity;sid:84488715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625616)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm6_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625616/; classtype:trojan-activity;sid:84488716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625617)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mpsl_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625617/; classtype:trojan-activity;sid:84488717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625618)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625618/; classtype:trojan-activity;sid:84488718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625619)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625619/; classtype:trojan-activity;sid:84488719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625621)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625621/; classtype:trojan-activity;sid:84488721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625622)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm7_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625622/; classtype:trojan-activity;sid:84488722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625623)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mpsl_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625623/; classtype:trojan-activity;sid:84488723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625602)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm7_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pensive-brown.91-92-240-220.plesk.page"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625602/; classtype:trojan-activity;sid:84488702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625599)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625599/; classtype:trojan-activity;sid:84488699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625600)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.ppc_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625600/; classtype:trojan-activity;sid:84488700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625601)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mpsl_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"inspiring-jepsen.91-92-240-220.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625601/; classtype:trojan-activity;sid:84488701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625597)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm7_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"suspicious-northcutt.91-92-240-220.plesk.page"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625597/; classtype:trojan-activity;sid:84488697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625596)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm6_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625596/; classtype:trojan-activity;sid:84488696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625587)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625587/; classtype:trojan-activity;sid:84488687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625588)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.ppc_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625588/; classtype:trojan-activity;sid:84488688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625591)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mpsl_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625591/; classtype:trojan-activity;sid:84488691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625592)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.x86_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625592/; classtype:trojan-activity;sid:84488692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625593)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm5_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625593/; classtype:trojan-activity;sid:84488693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625594)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.mips_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625594/; classtype:trojan-activity;sid:84488694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625595)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.arm7_32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625595/; classtype:trojan-activity;sid:84488695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625586)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mynode.armv4_32"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.92.240.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625586/; classtype:trojan-activity;sid:84488686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625570/; classtype:trojan-activity;sid:84488670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625503)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.86.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625503/; classtype:trojan-activity;sid:84488603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625375)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/yfura3l.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625375/; classtype:trojan-activity;sid:84488475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625275)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrofachin/badboycheats-fivem-ragemp-gtav-hack-cheat-legit-mod-menu/main/nosographic/badboycheats-fivem-ragemp-gtav-hack-cheat-legit-mod-menu.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3625275/; classtype:trojan-activity;sid:84488375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625187)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8233900432/xauft3g.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3625187/; classtype:trojan-activity;sid:84488287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625027)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uf6kjqbjuad4ye5gfeapfazdchlhezms"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3625027/; classtype:trojan-activity;sid:84488127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624994)"; flow:established,from_client; content:"GET"; http_method; content:"/gbim8juazfgeaph.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624994/; classtype:trojan-activity;sid:84488094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624992)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=monday.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bafybeiauitp4pzmay6325ntndspcuprjskz76h4vzrwvptedwt3rwdvjq4.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624992/; classtype:trojan-activity;sid:84488092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624971)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zjttdcwckqvb_b1iyqr_qifpolf7fyox"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624971/; classtype:trojan-activity;sid:84488071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624967)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624967/; classtype:trojan-activity;sid:84488067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624941)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"110.42.139.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624941/; classtype:trojan-activity;sid:84488041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624923)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624923/; classtype:trojan-activity;sid:84488023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624924)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624924/; classtype:trojan-activity;sid:84488024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624926)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624926/; classtype:trojan-activity;sid:84488026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624927)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624927/; classtype:trojan-activity;sid:84488027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624928)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624928/; classtype:trojan-activity;sid:84488028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624929)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624929/; classtype:trojan-activity;sid:84488029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624931)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624931/; classtype:trojan-activity;sid:84488031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624935)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624935/; classtype:trojan-activity;sid:84488035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624845)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624845/; classtype:trojan-activity;sid:84487945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624846/; classtype:trojan-activity;sid:84487946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624720)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624720/; classtype:trojan-activity;sid:84487820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624484)"; flow:established,from_client; content:"GET"; http_method; content:"/d2a3db0fe2ac476e8ca876f8c23ba92f_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624484/; classtype:trojan-activity;sid:84487584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624482)"; flow:established,from_client; content:"GET"; http_method; content:"/f18d391b478540a2a03ff0663c0f10e8_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624482/; classtype:trojan-activity;sid:84487582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624479)"; flow:established,from_client; content:"GET"; http_method; content:"/06d07b4da8cd4662af7ec26eb98bea7e_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624479/; classtype:trojan-activity;sid:84487579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624480)"; flow:established,from_client; content:"GET"; http_method; content:"/291594921b82442f8c10853291a896ac_bound_build.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624480/; classtype:trojan-activity;sid:84487580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624439)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/gmqcoiflq.pdf"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"stacysublett.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624439/; classtype:trojan-activity;sid:84487539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624438)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vegnxqxevr.mp4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"changemyseat.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624438/; classtype:trojan-activity;sid:84487538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624291)"; flow:established,from_client; content:"GET"; http_method; content:"/uppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624291/; classtype:trojan-activity;sid:84487391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624271)"; flow:established,from_client; content:"GET"; http_method; content:"/test/amnew.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624271/; classtype:trojan-activity;sid:84487371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3624027/; classtype:trojan-activity;sid:84487127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623786)"; flow:established,from_client; content:"GET"; http_method; content:"/mise.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"210.16.163.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623786/; classtype:trojan-activity;sid:84486886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623775)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.167.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623775/; classtype:trojan-activity;sid:84486875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623760)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"69.165.68.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623760/; classtype:trojan-activity;sid:84486860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623763)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.156.147.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623763/; classtype:trojan-activity;sid:84486863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.147.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623744/; classtype:trojan-activity;sid:84486844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.23.205.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623754/; classtype:trojan-activity;sid:84486854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623701)"; flow:established,from_client; content:"GET"; http_method; content:"/fc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623701/; classtype:trojan-activity;sid:84486801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623700)"; flow:established,from_client; content:"GET"; http_method; content:"/poc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623700/; classtype:trojan-activity;sid:84486800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623698)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623698/; classtype:trojan-activity;sid:84486798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623697)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623697/; classtype:trojan-activity;sid:84486797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623695)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623695/; classtype:trojan-activity;sid:84486795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623686)"; flow:established,from_client; content:"GET"; http_method; content:"/lmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623686/; classtype:trojan-activity;sid:84486786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623687)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623687/; classtype:trojan-activity;sid:84486787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623688)"; flow:established,from_client; content:"GET"; http_method; content:"/umpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623688/; classtype:trojan-activity;sid:84486788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623690)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623690/; classtype:trojan-activity;sid:84486790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623692)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623692/; classtype:trojan-activity;sid:84486792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623693)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623693/; classtype:trojan-activity;sid:84486793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623683)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623683/; classtype:trojan-activity;sid:84486783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623680)"; flow:established,from_client; content:"GET"; http_method; content:"/nmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623680/; classtype:trojan-activity;sid:84486780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623681)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623681/; classtype:trojan-activity;sid:84486781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623411)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/nodustrunm.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623411/; classtype:trojan-activity;sid:84486511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623405)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/snowhiteout.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623405/; classtype:trojan-activity;sid:84486505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623406)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/wisemenchat.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623406/; classtype:trojan-activity;sid:84486506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623407)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/jingle.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623407/; classtype:trojan-activity;sid:84486507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623408)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623408/; classtype:trojan-activity;sid:84486508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623409)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/ajewarrior.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623409/; classtype:trojan-activity;sid:84486509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623410)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/yaegerrob4325.msi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623410/; classtype:trojan-activity;sid:84486510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623401)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/sadfewego.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623401/; classtype:trojan-activity;sid:84486501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623397)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/whitepower.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623397/; classtype:trojan-activity;sid:84486497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623398)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/intruder3000.msi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623398/; classtype:trojan-activity;sid:84486498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623399)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/future.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623399/; classtype:trojan-activity;sid:84486499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623395)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/bunkerjoe.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623395/; classtype:trojan-activity;sid:84486495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623396)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/tron67.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623396/; classtype:trojan-activity;sid:84486496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623390)"; flow:established,from_client; content:"GET"; http_method; content:"/123.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"210.16.163.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623390/; classtype:trojan-activity;sid:84486490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623392)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/powergod.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623392/; classtype:trojan-activity;sid:84486492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623387)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/nightking.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623387/; classtype:trojan-activity;sid:84486487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623388)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/cartman.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623388/; classtype:trojan-activity;sid:84486488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623386)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/hardly.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623386/; classtype:trojan-activity;sid:84486486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623136)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.189.5.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623136/; classtype:trojan-activity;sid:84486236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623131)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"118.25.68.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623131/; classtype:trojan-activity;sid:84486231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623130)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"124.221.29.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623130/; classtype:trojan-activity;sid:84486230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623126)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/refs/heads/main/launcher.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623126/; classtype:trojan-activity;sid:84486226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623123)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623123/; classtype:trojan-activity;sid:84486223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623122)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/refs/heads/main/software.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623122/; classtype:trojan-activity;sid:84486222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623121)"; flow:established,from_client; content:"GET"; http_method; content:"/ilpigna03/site/refs/heads/main/launcher.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623121/; classtype:trojan-activity;sid:84486221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623120)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623120/; classtype:trojan-activity;sid:84486220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623011)"; flow:established,from_client; content:"GET"; http_method; content:"/9.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623011/; classtype:trojan-activity;sid:84486111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622643)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343p"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622643/; classtype:trojan-activity;sid:84485743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622638)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622638/; classtype:trojan-activity;sid:84485738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622623)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622623/; classtype:trojan-activity;sid:84485723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622624)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622624/; classtype:trojan-activity;sid:84485724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622541)"; flow:established,from_client; content:"GET"; http_method; content:"/125.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622541/; classtype:trojan-activity;sid:84485641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622545)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622545/; classtype:trojan-activity;sid:84485645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622548)"; flow:established,from_client; content:"GET"; http_method; content:"/er/326.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622548/; classtype:trojan-activity;sid:84485648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622549)"; flow:established,from_client; content:"GET"; http_method; content:"/er/46.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622549/; classtype:trojan-activity;sid:84485649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622539)"; flow:established,from_client; content:"GET"; http_method; content:"/er/1212.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622539/; classtype:trojan-activity;sid:84485639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622423)"; flow:established,from_client; content:"GET"; http_method; content:"/megago.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622423/; classtype:trojan-activity;sid:84485523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622268)"; flow:established,from_client; content:"GET"; http_method; content:"/mass"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622268/; classtype:trojan-activity;sid:84485368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622234)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622234/; classtype:trojan-activity;sid:84485334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622172/; classtype:trojan-activity;sid:84485272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621937)"; flow:established,from_client; content:"GET"; http_method; content:"/7b50107d852f42df8b20aef2f2854add_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621937/; classtype:trojan-activity;sid:84485037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621936)"; flow:established,from_client; content:"GET"; http_method; content:"/d131ceb3b559401490aca6464a4986ef_bound_build.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621936/; classtype:trojan-activity;sid:84485036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621935)"; flow:established,from_client; content:"GET"; http_method; content:"/90129a48641c4917b0bb758f24ee45ba_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621935/; classtype:trojan-activity;sid:84485035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621920)"; flow:established,from_client; content:"GET"; http_method; content:"/dd4517d760bb43ffaf57b426808fc91d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621920/; classtype:trojan-activity;sid:84485020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621921)"; flow:established,from_client; content:"GET"; http_method; content:"/dda45bc6697f47ef9866999b08f1bc37_miner.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621921/; classtype:trojan-activity;sid:84485021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621783)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/breakingforth.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"katyache.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621783/; classtype:trojan-activity;sid:84484883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621757)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xisuc6psmmj5jzq7jgoffba7avfhzga_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621757/; classtype:trojan-activity;sid:84484857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621753)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1okqdyr_kghanl7h_i1mwmlmzfesw_gx0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621753/; classtype:trojan-activity;sid:84484853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621461)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.18.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621461/; classtype:trojan-activity;sid:84484561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621466)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"221.132.29.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621466/; classtype:trojan-activity;sid:84484566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621087)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/numaneo.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621087/; classtype:trojan-activity;sid:84484187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621086)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/test.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621086/; classtype:trojan-activity;sid:84484186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620835)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.133.102.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620835/; classtype:trojan-activity;sid:84483935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620592)"; flow:established,from_client; content:"GET"; http_method; content:"/q213fd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620592/; classtype:trojan-activity;sid:84483692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620593)"; flow:established,from_client; content:"GET"; http_method; content:"/x1234.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620593/; classtype:trojan-activity;sid:84483693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620554)"; flow:established,from_client; content:"GET"; http_method; content:"/l843.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620554/; classtype:trojan-activity;sid:84483654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620552)"; flow:established,from_client; content:"GET"; http_method; content:"/n8388.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620552/; classtype:trojan-activity;sid:84483652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"p1611192-mobac01.tokyo.ocn.ne.jp"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620261/; classtype:trojan-activity;sid:84483361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620145)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.235.177.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620145/; classtype:trojan-activity;sid:84483245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620132/; classtype:trojan-activity;sid:84483232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619990)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619990/; classtype:trojan-activity;sid:84483090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619986)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619986/; classtype:trojan-activity;sid:84483086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619984)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619984/; classtype:trojan-activity;sid:84483084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619985)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619985/; classtype:trojan-activity;sid:84483085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619895)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5296057416/njtiemv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619895/; classtype:trojan-activity;sid:84482995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619887)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619887/; classtype:trojan-activity;sid:84482987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619272)"; flow:established,from_client; content:"GET"; http_method; content:"/testmine/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619272/; classtype:trojan-activity;sid:84482372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619114)"; flow:established,from_client; content:"GET"; http_method; content:"/app_win/random.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619114/; classtype:trojan-activity;sid:84482214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619109)"; flow:established,from_client; content:"GET"; http_method; content:"/newdef/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_07; reference:url, urlhaus.abuse.ch/url/3619109/; classtype:trojan-activity;sid:84482209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.173.21.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618520/; classtype:trojan-activity;sid:84481620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618510)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618510/; classtype:trojan-activity;sid:84481610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618252)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.urbotnetisass"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618252/; classtype:trojan-activity;sid:84481352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618253)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.urbotnetisass"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618253/; classtype:trojan-activity;sid:84481353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618254)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618254/; classtype:trojan-activity;sid:84481354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618255)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.urbotnetisass"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618255/; classtype:trojan-activity;sid:84481355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618256)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.urbotnetisass"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618256/; classtype:trojan-activity;sid:84481356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618257)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618257/; classtype:trojan-activity;sid:84481357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618219)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618219/; classtype:trojan-activity;sid:84481319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618220)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618220/; classtype:trojan-activity;sid:84481320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618221)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618221/; classtype:trojan-activity;sid:84481321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618222)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.urbotnetisass"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618222/; classtype:trojan-activity;sid:84481322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618122)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/rent7wg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618122/; classtype:trojan-activity;sid:84481222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.201.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617975/; classtype:trojan-activity;sid:84481075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617915)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.37.69.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617915/; classtype:trojan-activity;sid:84481015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617806)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617806/; classtype:trojan-activity;sid:84480906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617799)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617799/; classtype:trojan-activity;sid:84480899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617790)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617790/; classtype:trojan-activity;sid:84480890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617792)"; flow:established,from_client; content:"GET"; http_method; content:"/files/740061926/ojjvpn1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617792/; classtype:trojan-activity;sid:84480892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617625)"; flow:established,from_client; content:"GET"; http_method; content:"/ccce41b9-e358-4972-b52d-dd1cdbe5f636.msi"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"193.24.123.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617625/; classtype:trojan-activity;sid:84480725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617613)"; flow:established,from_client; content:"GET"; http_method; content:"/terms.pdf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617613/; classtype:trojan-activity;sid:84480713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617566/; classtype:trojan-activity;sid:84480666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617560)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617560/; classtype:trojan-activity;sid:84480660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617545/; classtype:trojan-activity;sid:84480645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617527/; classtype:trojan-activity;sid:84480627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617437)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.40.176.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617437/; classtype:trojan-activity;sid:84480537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617439)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.45.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617439/; classtype:trojan-activity;sid:84480539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617442)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.15.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617442/; classtype:trojan-activity;sid:84480542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617444)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.169.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617444/; classtype:trojan-activity;sid:84480544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.112.49.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617433/; classtype:trojan-activity;sid:84480533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.100.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617428/; classtype:trojan-activity;sid:84480528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.119.134.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617422/; classtype:trojan-activity;sid:84480522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617223/; classtype:trojan-activity;sid:84480323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617201)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617201/; classtype:trojan-activity;sid:84480301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617196)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617196/; classtype:trojan-activity;sid:84480296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617193)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617193/; classtype:trojan-activity;sid:84480293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617189)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617189/; classtype:trojan-activity;sid:84480289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617190)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617190/; classtype:trojan-activity;sid:84480290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616174)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616174/; classtype:trojan-activity;sid:84479274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616153)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616153/; classtype:trojan-activity;sid:84479253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616062)"; flow:established,from_client; content:"GET"; http_method; content:"/24/items/realomadrido2025/tragira.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ia801003.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616062/; classtype:trojan-activity;sid:84479162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616000)"; flow:established,from_client; content:"GET"; http_method; content:"/35buding/139assicc.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"58.87.92.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616000/; classtype:trojan-activity;sid:84479100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615992)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.248.118.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615992/; classtype:trojan-activity;sid:84479092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615991)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.40.13.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615991/; classtype:trojan-activity;sid:84479091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615933)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615933/; classtype:trojan-activity;sid:84479033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615926)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615926/; classtype:trojan-activity;sid:84479026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.48.62.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615711/; classtype:trojan-activity;sid:84478811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.30.194.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615712/; classtype:trojan-activity;sid:84478812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.97.162.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615703/; classtype:trojan-activity;sid:84478803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.126.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615696/; classtype:trojan-activity;sid:84478796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615611)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xdbcvdei"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615611/; classtype:trojan-activity;sid:84478711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.113.82.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615550/; classtype:trojan-activity;sid:84478650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615455)"; flow:established,from_client; content:"GET"; http_method; content:"/v19239.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615455/; classtype:trojan-activity;sid:84478555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615435)"; flow:established,from_client; content:"GET"; http_method; content:"/v3434.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615435/; classtype:trojan-activity;sid:84478535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615306)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.109.44.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615306/; classtype:trojan-activity;sid:84478406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615095/; classtype:trojan-activity;sid:84478195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615073)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615073/; classtype:trojan-activity;sid:84478173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615074)"; flow:established,from_client; content:"GET"; http_method; content:"/8.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615074/; classtype:trojan-activity;sid:84478174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615072)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615072/; classtype:trojan-activity;sid:84478172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615068)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615068/; classtype:trojan-activity;sid:84478168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614931/; classtype:trojan-activity;sid:84478031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.213.81.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614869/; classtype:trojan-activity;sid:84477969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.2.5.54"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614866/; classtype:trojan-activity;sid:84477966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614697)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614697/; classtype:trojan-activity;sid:84477797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614696)"; flow:established,from_client; content:"GET"; http_method; content:"/windows.x64.silent.cpu.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614696/; classtype:trojan-activity;sid:84477796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614685)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc1/plugins/cred64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614685/; classtype:trojan-activity;sid:84477785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614683)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc1/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614683/; classtype:trojan-activity;sid:84477783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614684)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc1/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614684/; classtype:trojan-activity;sid:84477784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614682)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc1/plugins/clip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614682/; classtype:trojan-activity;sid:84477782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614637/; classtype:trojan-activity;sid:84477737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614386)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.186.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614386/; classtype:trojan-activity;sid:84477486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614385)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.136.139.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614385/; classtype:trojan-activity;sid:84477485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.112.166.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614346/; classtype:trojan-activity;sid:84477446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.110.149.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614345/; classtype:trojan-activity;sid:84477445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614280)"; flow:established,from_client; content:"GET"; http_method; content:"/d/mzjfndu3ndewnzjf/dvgihou177.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"od.lk"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614280/; classtype:trojan-activity;sid:84477380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614199)"; flow:established,from_client; content:"GET"; http_method; content:"/827-mh1-3t/827/main/t1.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614199/; classtype:trojan-activity;sid:84477299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614081)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614081/; classtype:trojan-activity;sid:84477181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614078)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614078/; classtype:trojan-activity;sid:84477178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614057)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614057/; classtype:trojan-activity;sid:84477157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614054)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614054/; classtype:trojan-activity;sid:84477154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.78.11.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613733/; classtype:trojan-activity;sid:84476833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613696)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.71.159.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613696/; classtype:trojan-activity;sid:84476796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.231.61.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613664/; classtype:trojan-activity;sid:84476764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pinaview.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pinaview.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613629/; classtype:trojan-activity;sid:84476729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613494)"; flow:established,from_client; content:"GET"; http_method; content:"/peterson643eu/projecttop/refs/heads/main/zjqppajn.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613494/; classtype:trojan-activity;sid:84476594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.102.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612605/; classtype:trojan-activity;sid:84475705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.197.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612595/; classtype:trojan-activity;sid:84475695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612531)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.231.61.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612531/; classtype:trojan-activity;sid:84475631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.43.76.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612304/; classtype:trojan-activity;sid:84475404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612276)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.224.193.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612276/; classtype:trojan-activity;sid:84475376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/usbmmidd_v2.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.amyuni.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611504/; classtype:trojan-activity;sid:84474604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.255.198.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611456/; classtype:trojan-activity;sid:84474556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611290)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview++.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"119.91.238.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611290/; classtype:trojan-activity;sid:84474390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611287)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview++.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611287/; classtype:trojan-activity;sid:84474387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611119)"; flow:established,from_client; content:"GET"; http_method; content:"/testmine/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611119/; classtype:trojan-activity;sid:84474219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.251.236.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610704/; classtype:trojan-activity;sid:84473804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610695)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.7.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610695/; classtype:trojan-activity;sid:84473795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610613)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tengfeidn.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610613/; classtype:trojan-activity;sid:84473713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610612)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pcupd.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610612/; classtype:trojan-activity;sid:84473712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610608)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/optimized_msi.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"katyache.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610608/; classtype:trojan-activity;sid:84473708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610604)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/jd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610604/; classtype:trojan-activity;sid:84473704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610602)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/qcoin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610602/; classtype:trojan-activity;sid:84473702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610601)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.55.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610601/; classtype:trojan-activity;sid:84473701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610401)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/mely.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"areyouready.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610401/; classtype:trojan-activity;sid:84473501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610381)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/raw/refs/heads/master/loic.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610381/; classtype:trojan-activity;sid:84473481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610380)"; flow:established,from_client; content:"GET"; http_method; content:"/raizydaizy/steamcmd/raw/refs/heads/main/steamcmd.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610380/; classtype:trojan-activity;sid:84473480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610143)"; flow:established,from_client; content:"GET"; http_method; content:"/dr.html"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.33.235.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610143/; classtype:trojan-activity;sid:84473243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610135)"; flow:established,from_client; content:"GET"; http_method; content:"/sealsuite_update"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.174.133.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610135/; classtype:trojan-activity;sid:84473235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610133)"; flow:established,from_client; content:"GET"; http_method; content:"/%e7%ae%80%e5%8e%86-%e9%83%91%e5%ae%8f%e6%b6%9b-%e6%b8%85%e5%8d%8e%e5%a4%a7%e5%ad%a6.dotm"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"60.204.169.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610133/; classtype:trojan-activity;sid:84473233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610039)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610039/; classtype:trojan-activity;sid:84473139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610038)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610038/; classtype:trojan-activity;sid:84473138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610037)"; flow:established,from_client; content:"GET"; http_method; content:"/script2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610037/; classtype:trojan-activity;sid:84473137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609762)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609762/; classtype:trojan-activity;sid:84472862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609761)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609761/; classtype:trojan-activity;sid:84472861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609760)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609760/; classtype:trojan-activity;sid:84472860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609758)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609758/; classtype:trojan-activity;sid:84472858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609757)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609757/; classtype:trojan-activity;sid:84472857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609752)"; flow:established,from_client; content:"GET"; http_method; content:"/csky"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609752/; classtype:trojan-activity;sid:84472852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609753)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609753/; classtype:trojan-activity;sid:84472853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609754)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609754/; classtype:trojan-activity;sid:84472854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609755)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609755/; classtype:trojan-activity;sid:84472855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609756)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609756/; classtype:trojan-activity;sid:84472856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609750)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609750/; classtype:trojan-activity;sid:84472850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609751)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609751/; classtype:trojan-activity;sid:84472851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609749)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609749/; classtype:trojan-activity;sid:84472849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609748)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609748/; classtype:trojan-activity;sid:84472848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609394)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%81%92%e5%a4%a9%e7%91%9e%e8%ae%af3.4.2.52.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"118.244.192.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609394/; classtype:trojan-activity;sid:84472494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609388)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/cef/client-webengine.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"51.178.30.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609388/; classtype:trojan-activity;sid:84472488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609204)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.134.189.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609204/; classtype:trojan-activity;sid:84472304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609203)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.tar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.134.189.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609203/; classtype:trojan-activity;sid:84472303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.197.231.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609150/; classtype:trojan-activity;sid:84472250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609041)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609041/; classtype:trojan-activity;sid:84472141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609040)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609040/; classtype:trojan-activity;sid:84472140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609039)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/vnc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609039/; classtype:trojan-activity;sid:84472139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608802)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608802/; classtype:trojan-activity;sid:84471902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608773)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608773/; classtype:trojan-activity;sid:84471873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/22072024080730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608522/; classtype:trojan-activity;sid:84471622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024123023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608521/; classtype:trojan-activity;sid:84471621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09072024080408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608519/; classtype:trojan-activity;sid:84471619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024072520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608518/; classtype:trojan-activity;sid:84471618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608517/; classtype:trojan-activity;sid:84471617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10092024072747/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608511/; classtype:trojan-activity;sid:84471611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23092024080311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608513/; classtype:trojan-activity;sid:84471613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608505)"; flow:established,from_client; content:"GET"; http_method; content:"/steelames/windowsinstaller4_5/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608505/; classtype:trojan-activity;sid:84471605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02082024071413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608506/; classtype:trojan-activity;sid:84471606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024103542/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608503/; classtype:trojan-activity;sid:84471603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608501)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/av.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608501/; classtype:trojan-activity;sid:84471601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13082024070204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608487/; classtype:trojan-activity;sid:84471587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14062024075221/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608488/; classtype:trojan-activity;sid:84471588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608489)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/photo.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608489/; classtype:trojan-activity;sid:84471589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608490)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/video.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608490/; classtype:trojan-activity;sid:84471590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12082024075637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608491/; classtype:trojan-activity;sid:84471591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/16082024071234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608492/; classtype:trojan-activity;sid:84471592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13072024070443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608493/; classtype:trojan-activity;sid:84471593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608494)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/photo.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608494/; classtype:trojan-activity;sid:84471594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608495)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/av.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608495/; classtype:trojan-activity;sid:84471595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18062024074945/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608496/; classtype:trojan-activity;sid:84471596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608497/; classtype:trojan-activity;sid:84471597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12092024121832/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608482/; classtype:trojan-activity;sid:84471582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608478)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/video.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608478/; classtype:trojan-activity;sid:84471578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/28082024112055/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608471/; classtype:trojan-activity;sid:84471571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024140819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608474/; classtype:trojan-activity;sid:84471574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25072024071607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608470/; classtype:trojan-activity;sid:84471570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17082024070657/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608466/; classtype:trojan-activity;sid:84471566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024122345/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608467/; classtype:trojan-activity;sid:84471567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.82.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608082/; classtype:trojan-activity;sid:84471182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608047)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608047/; classtype:trojan-activity;sid:84471147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608041)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608041/; classtype:trojan-activity;sid:84471141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608043)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608043/; classtype:trojan-activity;sid:84471143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608039)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608039/; classtype:trojan-activity;sid:84471139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608037)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608037/; classtype:trojan-activity;sid:84471137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608001)"; flow:established,from_client; content:"GET"; http_method; content:"/~topmedsolutionco/wp-includes/images/media/resultats-damadeus-benefit-2025.scr"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"topmedsolution.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608001/; classtype:trojan-activity;sid:84471101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607967)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607967/; classtype:trojan-activity;sid:84471067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607961)"; flow:established,from_client; content:"GET"; http_method; content:"/ntchuy/hack/refs/heads/main/client.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607961/; classtype:trojan-activity;sid:84471061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607963)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.81.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607963/; classtype:trojan-activity;sid:84471063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607915)"; flow:established,from_client; content:"GET"; http_method; content:"/linpeas.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"34.70.102.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607915/; classtype:trojan-activity;sid:84471015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607394)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607394/; classtype:trojan-activity;sid:84470494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.158.206.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607344/; classtype:trojan-activity;sid:84470444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606904)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"visualwikicloud.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606904/; classtype:trojan-activity;sid:84470004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.169.228.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606817/; classtype:trojan-activity;sid:84469917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606808)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.113.193.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606808/; classtype:trojan-activity;sid:84469908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606770)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustmedebyg.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606770/; classtype:trojan-activity;sid:84469870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606767)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustme.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606767/; classtype:trojan-activity;sid:84469867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606766)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/debugconfig.bat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606766/; classtype:trojan-activity;sid:84469866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606681)"; flow:established,from_client; content:"GET"; http_method; content:"/d/kin54042"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.93.89.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606681/; classtype:trojan-activity;sid:84469781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606680)"; flow:established,from_client; content:"GET"; http_method; content:"/atu.lim"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"electri.billregulator.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606680/; classtype:trojan-activity;sid:84469780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606577)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/9e3363f017c60726bf610a2a472040144t."; http_uri; depth:41; isdataat:!1,relative; nocase; content:"file.uhsea.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606577/; classtype:trojan-activity;sid:84469677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605990)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.208.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605990/; classtype:trojan-activity;sid:84469090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605992)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.102.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605992/; classtype:trojan-activity;sid:84469092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605993)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.187.25.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605993/; classtype:trojan-activity;sid:84469093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605981)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.69.98.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605981/; classtype:trojan-activity;sid:84469081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605934)"; flow:established,from_client; content:"GET"; http_method; content:"/milkrun/work_approval_pdf3.clientsetup.msi"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"scanwellhaulage.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605934/; classtype:trojan-activity;sid:84469034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605814)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605814/; classtype:trojan-activity;sid:84468914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605813)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605813/; classtype:trojan-activity;sid:84468913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605812)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605812/; classtype:trojan-activity;sid:84468912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605804)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605804/; classtype:trojan-activity;sid:84468904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605807)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605807/; classtype:trojan-activity;sid:84468907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605788)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/clip.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605788/; classtype:trojan-activity;sid:84468888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605787)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605787/; classtype:trojan-activity;sid:84468887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605786)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/clip64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605786/; classtype:trojan-activity;sid:84468886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605783)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/cred64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605783/; classtype:trojan-activity;sid:84468883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605776)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/vnc.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605776/; classtype:trojan-activity;sid:84468876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.154.116.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605366/; classtype:trojan-activity;sid:84468466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604879)"; flow:established,from_client; content:"GET"; http_method; content:"/keepon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.145.51.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604879/; classtype:trojan-activity;sid:84467979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604878)"; flow:established,from_client; content:"GET"; http_method; content:"/iceland.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uploadtree.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604878/; classtype:trojan-activity;sid:84467978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.20.17.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604744/; classtype:trojan-activity;sid:84467844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604271)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/adobeupdate.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604271/; classtype:trojan-activity;sid:84467371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604270)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/l8825.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604270/; classtype:trojan-activity;sid:84467370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604264)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.184.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604264/; classtype:trojan-activity;sid:84467364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604243)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.196.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604243/; classtype:trojan-activity;sid:84467343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604091)"; flow:established,from_client; content:"GET"; http_method; content:"/64/64th%20service%20v20.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"64-agd.pages.dev"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604091/; classtype:trojan-activity;sid:84467191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603902)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603902/; classtype:trojan-activity;sid:84467002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603894)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3603894/; classtype:trojan-activity;sid:84466994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603047)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.arm7"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603047/; classtype:trojan-activity;sid:84466147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603042)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.m68k"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603042/; classtype:trojan-activity;sid:84466142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603043)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.spc"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603043/; classtype:trojan-activity;sid:84466143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603040)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.x86"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603040/; classtype:trojan-activity;sid:84466140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3603041)"; flow:established,from_client; content:"GET"; http_method; content:"/testaccouynt/wrqerq121r/raw/refs/heads/main/var/www/html/hiddenbin/boatnet.sh4"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3603041/; classtype:trojan-activity;sid:84466141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602487)"; flow:established,from_client; content:"GET"; http_method; content:"/scanubs9420625fpdf.7z"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"access.skaparade.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602487/; classtype:trojan-activity;sid:84465587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601445)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601445/; classtype:trojan-activity;sid:84464545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"192.159.99.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601212/; classtype:trojan-activity;sid:84464312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600911)"; flow:established,from_client; content:"GET"; http_method; content:"/av.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blaiz.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600911/; classtype:trojan-activity;sid:84464011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.217.16.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600845/; classtype:trojan-activity;sid:84463945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.197.252.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600842/; classtype:trojan-activity;sid:84463942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600786)"; flow:established,from_client; content:"GET"; http_method; content:"/js/timer.jquery.js"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"googletagamnager.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600786/; classtype:trojan-activity;sid:84463886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.91.3.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600259/; classtype:trojan-activity;sid:84463359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600163)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600163/; classtype:trojan-activity;sid:84463263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600162)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600162/; classtype:trojan-activity;sid:84463262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600127)"; flow:established,from_client; content:"GET"; http_method; content:"/s/ssa-236-5263-89.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"jayexecutive.co.ke"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600127/; classtype:trojan-activity;sid:84463227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599838)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.54.239.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599838/; classtype:trojan-activity;sid:84462938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.147.91.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599816/; classtype:trojan-activity;sid:84462916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599810)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.122.193.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599810/; classtype:trojan-activity;sid:84462910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599450)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.29.45.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599450/; classtype:trojan-activity;sid:84462550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599149)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599149/; classtype:trojan-activity;sid:84462249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.54.221.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599106/; classtype:trojan-activity;sid:84462206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599093)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.235.87.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599093/; classtype:trojan-activity;sid:84462193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597699)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/shellcode.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597699/; classtype:trojan-activity;sid:84460799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597698)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/cptch.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597698/; classtype:trojan-activity;sid:84460798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597689)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/stlc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597689/; classtype:trojan-activity;sid:84460789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597675)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.43.179.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597675/; classtype:trojan-activity;sid:84460775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597664)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.118.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597664/; classtype:trojan-activity;sid:84460764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597645/; classtype:trojan-activity;sid:84460745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597379)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.72.183.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597379/; classtype:trojan-activity;sid:84460479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597183)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597183/; classtype:trojan-activity;sid:84460283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597181)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597181/; classtype:trojan-activity;sid:84460281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597168)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597168/; classtype:trojan-activity;sid:84460268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597162)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/photo.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597162/; classtype:trojan-activity;sid:84460262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597164)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597164/; classtype:trojan-activity;sid:84460264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597150)"; flow:established,from_client; content:"GET"; http_method; content:"/zmyjungmin/img001.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597150/; classtype:trojan-activity;sid:84460250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596573/; classtype:trojan-activity;sid:84459673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596562/; classtype:trojan-activity;sid:84459662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596563)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596563/; classtype:trojan-activity;sid:84459663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596564/; classtype:trojan-activity;sid:84459664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.255.232.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596545/; classtype:trojan-activity;sid:84459645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596143)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.118.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_04; reference:url, urlhaus.abuse.ch/url/3596143/; classtype:trojan-activity;sid:84459243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595852)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.231.23.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595852/; classtype:trojan-activity;sid:84458952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.47.103.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595824/; classtype:trojan-activity;sid:84458924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595240)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.122.30.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595240/; classtype:trojan-activity;sid:84458340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.31.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595225/; classtype:trojan-activity;sid:84458325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595203)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.78.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595203/; classtype:trojan-activity;sid:84458303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594942)"; flow:established,from_client; content:"GET"; http_method; content:"/r00tnik8/zianr35524869492586/raw/refs/heads/main/plugin3.plg"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594942/; classtype:trojan-activity;sid:84458042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594359)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/auths0//booking13763.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"fnvimoyvwkbxbmczlqus.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594359/; classtype:trojan-activity;sid:84457459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593771/; classtype:trojan-activity;sid:84456871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593674)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593674/; classtype:trojan-activity;sid:84456774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593673)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593673/; classtype:trojan-activity;sid:84456773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593487)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593487/; classtype:trojan-activity;sid:84456587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593486)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593486/; classtype:trojan-activity;sid:84456586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593287)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.165.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_30; reference:url, urlhaus.abuse.ch/url/3593287/; classtype:trojan-activity;sid:84456387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593274)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.62.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_30; reference:url, urlhaus.abuse.ch/url/3593274/; classtype:trojan-activity;sid:84456374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.205.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592749/; classtype:trojan-activity;sid:84455849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592552/; classtype:trojan-activity;sid:84455652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592078/; classtype:trojan-activity;sid:84455178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592038)"; flow:established,from_client; content:"GET"; http_method; content:"/image/cache/data/aksesuarlar/patch-yama-arma/skid-row-500x500.jpg"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"xshop.com.tr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592038/; classtype:trojan-activity;sid:84455138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.113.145.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591632/; classtype:trojan-activity;sid:84454732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591244)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.95.247.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591244/; classtype:trojan-activity;sid:84454344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.60.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590875/; classtype:trojan-activity;sid:84453975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590852)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590852/; classtype:trojan-activity;sid:84453952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590749)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/d3dx11_45/refs/heads/main/d3dx11_45.dll"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590749/; classtype:trojan-activity;sid:84453849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590748)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/rssdgxgr/refs/heads/main/garo%20x.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590748/; classtype:trojan-activity;sid:84453848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590746)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/edggqdsg/refs/heads/main/garo%20v1.dll"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590746/; classtype:trojan-activity;sid:84453846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590552)"; flow:established,from_client; content:"GET"; http_method; content:"/hafiz12cyber/request/raw/refs/heads/main/launcher.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590552/; classtype:trojan-activity;sid:84453652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590550)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590550/; classtype:trojan-activity;sid:84453650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590549)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/raw/refs/heads/main/software.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590549/; classtype:trojan-activity;sid:84453649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590548)"; flow:established,from_client; content:"GET"; http_method; content:"/notcat999/sys/raw/refs/heads/main/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590548/; classtype:trojan-activity;sid:84453648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590547)"; flow:established,from_client; content:"GET"; http_method; content:"/gethalal-007/request/raw/refs/heads/main/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590547/; classtype:trojan-activity;sid:84453647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590546)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590546/; classtype:trojan-activity;sid:84453646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590323)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590323/; classtype:trojan-activity;sid:84453423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590322)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_26; reference:url, urlhaus.abuse.ch/url/3590322/; classtype:trojan-activity;sid:84453422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590111)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590111/; classtype:trojan-activity;sid:84453211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590104)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590104/; classtype:trojan-activity;sid:84453204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590102)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590102/; classtype:trojan-activity;sid:84453202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.25.190.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589338/; classtype:trojan-activity;sid:84452438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589307)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589307/; classtype:trojan-activity;sid:84452407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589032)"; flow:established,from_client; content:"GET"; http_method; content:"/infect.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.141.87.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3589032/; classtype:trojan-activity;sid:84452132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588880)"; flow:established,from_client; content:"GET"; http_method; content:"/f4112442-c6fd-4d1f-99b7-ec0005ba3e4f/mqhwlv.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3588880/; classtype:trojan-activity;sid:84451980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588884)"; flow:established,from_client; content:"GET"; http_method; content:"/c4aa6390-ef31-4b3e-a191-67c1a5d20d7b/j5s1uy.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3588884/; classtype:trojan-activity;sid:84451984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588193)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mbe0w"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588193/; classtype:trojan-activity;sid:84451293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588194)"; flow:established,from_client; content:"GET"; http_method; content:"/x/adb"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588194/; classtype:trojan-activity;sid:84451294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588195)"; flow:established,from_client; content:"GET"; http_method; content:"/x/asus"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588195/; classtype:trojan-activity;sid:84451295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588196)"; flow:established,from_client; content:"GET"; http_method; content:"/x/e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588196/; classtype:trojan-activity;sid:84451296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588198)"; flow:established,from_client; content:"GET"; http_method; content:"/x/b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588198/; classtype:trojan-activity;sid:84451298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588199)"; flow:established,from_client; content:"GET"; http_method; content:"/x/faraday"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588199/; classtype:trojan-activity;sid:84451299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588202)"; flow:established,from_client; content:"GET"; http_method; content:"/x/newsletter"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588202/; classtype:trojan-activity;sid:84451302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588191)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a4le1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_23; reference:url, urlhaus.abuse.ch/url/3588191/; classtype:trojan-activity;sid:84451291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588189)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le1w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588189/; classtype:trojan-activity;sid:84451289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588187)"; flow:established,from_client; content:"GET"; http_method; content:"/j/ppc1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588187/; classtype:trojan-activity;sid:84451287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.235.178.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588066/; classtype:trojan-activity;sid:84451166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587961)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.239.253.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587961/; classtype:trojan-activity;sid:84451061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587862)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587862/; classtype:trojan-activity;sid:84450962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587864)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587864/; classtype:trojan-activity;sid:84450964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587858)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587858/; classtype:trojan-activity;sid:84450958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587780)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587780/; classtype:trojan-activity;sid:84450880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587585)"; flow:established,from_client; content:"GET"; http_method; content:"/sid2983/-1aa-valoranta/releases/download/d0wn10ad/valcheat.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587585/; classtype:trojan-activity;sid:84450685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587551)"; flow:established,from_client; content:"GET"; http_method; content:"//2025/07/19/15/683192372.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www2.0zz0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587551/; classtype:trojan-activity;sid:84450651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586631)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.97"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586631/; classtype:trojan-activity;sid:84449731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.114.95.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586153/; classtype:trojan-activity;sid:84449253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.4.141.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586160/; classtype:trojan-activity;sid:84449260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.83.186.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586167/; classtype:trojan-activity;sid:84449267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.37.71.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586151/; classtype:trojan-activity;sid:84449251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586138)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586138/; classtype:trojan-activity;sid:84449238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586143)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586143/; classtype:trojan-activity;sid:84449243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585947)"; flow:established,from_client; content:"GET"; http_method; content:"/kjcy9kgh/02vcj.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_07_19; reference:url, urlhaus.abuse.ch/url/3585947/; classtype:trojan-activity;sid:84449047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585184)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.25.85.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585184/; classtype:trojan-activity;sid:84448284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.7.131.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585162/; classtype:trojan-activity;sid:84448262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585148)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.122.246.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585148/; classtype:trojan-activity;sid:84448248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585135)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.75.67.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585135/; classtype:trojan-activity;sid:84448235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585053)"; flow:established,from_client; content:"GET"; http_method; content:"/catalog/model/cummersmg.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585053/; classtype:trojan-activity;sid:84448153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.242.149.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584732/; classtype:trojan-activity;sid:84447832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.101.123.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584733/; classtype:trojan-activity;sid:84447833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.191"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584719/; classtype:trojan-activity;sid:84447819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584277)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584277/; classtype:trojan-activity;sid:84447377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584174)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php|3f|filepath=/var/www/html/outport/proc|7c|26|7c|filename=proc."; http_uri; depth:76; isdataat:!1,relative; nocase; content:"ndirection.kr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584174/; classtype:trojan-activity;sid:84447274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583571)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_15; reference:url, urlhaus.abuse.ch/url/3583571/; classtype:trojan-activity;sid:84446671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583040)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/42429a19c72b875b93608f8cb0cab933/raw/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583040/; classtype:trojan-activity;sid:84446140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583039)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583039/; classtype:trojan-activity;sid:84446139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583028)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583028/; classtype:trojan-activity;sid:84446128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583029)"; flow:established,from_client; content:"GET"; http_method; content:"/snoopy.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583029/; classtype:trojan-activity;sid:84446129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583030)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583030/; classtype:trojan-activity;sid:84446130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583031)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583031/; classtype:trojan-activity;sid:84446131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583033)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583033/; classtype:trojan-activity;sid:84446133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583037)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583037/; classtype:trojan-activity;sid:84446137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.172"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582620/; classtype:trojan-activity;sid:84445720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582136)"; flow:established,from_client; content:"GET"; http_method; content:"/j/xle1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582136/; classtype:trojan-activity;sid:84445236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582132)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mle1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582132/; classtype:trojan-activity;sid:84445232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582134)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582134/; classtype:trojan-activity;sid:84445234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582127)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a7le1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582127/; classtype:trojan-activity;sid:84445227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582128)"; flow:established,from_client; content:"GET"; http_method; content:"/j/aale1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582128/; classtype:trojan-activity;sid:84445228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582069)"; flow:established,from_client; content:"GET"; http_method; content:"/red.mp4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.frontier.net.pk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582069/; classtype:trojan-activity;sid:84445169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582066)"; flow:established,from_client; content:"GET"; http_method; content:"/green.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.frontier.net.pk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582066/; classtype:trojan-activity;sid:84445166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582035)"; flow:established,from_client; content:"GET"; http_method; content:"/darkcyan-fa1d3_install.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"dansorium.gr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582035/; classtype:trojan-activity;sid:84445135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581711)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.63.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581711/; classtype:trojan-activity;sid:84444811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581440)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.5.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581440/; classtype:trojan-activity;sid:84444540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581423)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mbe0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581423/; classtype:trojan-activity;sid:84444523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581425)"; flow:established,from_client; content:"GET"; http_method; content:"/j/aale0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581425/; classtype:trojan-activity;sid:84444525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581421)"; flow:established,from_client; content:"GET"; http_method; content:"/j/mle0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581421/; classtype:trojan-activity;sid:84444521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581422)"; flow:established,from_client; content:"GET"; http_method; content:"/j/a5le0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.62.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581422/; classtype:trojan-activity;sid:84444522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581014)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.201.82.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581014/; classtype:trojan-activity;sid:84444114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580943)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/scink.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580943/; classtype:trojan-activity;sid:84444043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580925)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.25.148"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580925/; classtype:trojan-activity;sid:84444025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580920)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.112.210.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580920/; classtype:trojan-activity;sid:84444020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580912)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.25.148"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580912/; classtype:trojan-activity;sid:84444012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580902/; classtype:trojan-activity;sid:84444002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580896/; classtype:trojan-activity;sid:84443996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.235.22.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580874/; classtype:trojan-activity;sid:84443974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.53.106.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580875/; classtype:trojan-activity;sid:84443975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.240.70.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580881/; classtype:trojan-activity;sid:84443981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.153.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580884/; classtype:trojan-activity;sid:84443984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580861/; classtype:trojan-activity;sid:84443961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"city.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580430/; classtype:trojan-activity;sid:84443530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"crew.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580421/; classtype:trojan-activity;sid:84443521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"city.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580415/; classtype:trojan-activity;sid:84443515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"dive.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580416/; classtype:trojan-activity;sid:84443516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"home.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580407/; classtype:trojan-activity;sid:84443507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"home.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580408/; classtype:trojan-activity;sid:84443508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"dive.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580401/; classtype:trojan-activity;sid:84443501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"buzz.organzoperate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3580402/; classtype:trojan-activity;sid:84443502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578386)"; flow:established,from_client; content:"GET"; http_method; content:"/invisiblebunny/records/main/bunny-mini/mini.shell.php"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578386/; classtype:trojan-activity;sid:84441486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578385)"; flow:established,from_client; content:"GET"; http_method; content:"/ly4k/pwnkit/main/pwnkit"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578385/; classtype:trojan-activity;sid:84441485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.229.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577188/; classtype:trojan-activity;sid:84440288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577021)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577021/; classtype:trojan-activity;sid:84440121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577019)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577019/; classtype:trojan-activity;sid:84440119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577020)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577020/; classtype:trojan-activity;sid:84440120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577008)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577008/; classtype:trojan-activity;sid:84440108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577009)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577009/; classtype:trojan-activity;sid:84440109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576996)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576996/; classtype:trojan-activity;sid:84440096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576991)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576991/; classtype:trojan-activity;sid:84440091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576992)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576992/; classtype:trojan-activity;sid:84440092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576993)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576993/; classtype:trojan-activity;sid:84440093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576994)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576994/; classtype:trojan-activity;sid:84440094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576995)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576995/; classtype:trojan-activity;sid:84440095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576988)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576988/; classtype:trojan-activity;sid:84440088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576989)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576989/; classtype:trojan-activity;sid:84440089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576987)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576987/; classtype:trojan-activity;sid:84440087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576981)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576981/; classtype:trojan-activity;sid:84440081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576983)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576983/; classtype:trojan-activity;sid:84440083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576985)"; flow:established,from_client; content:"GET"; http_method; content:"/1/info.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576985/; classtype:trojan-activity;sid:84440085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576986)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576986/; classtype:trojan-activity;sid:84440086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576914)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%aa%97%e6%88%91%e3%81%ae.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576914/; classtype:trojan-activity;sid:84440014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576913)"; flow:established,from_client; content:"GET"; http_method; content:"/dopamine.ipa"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576913/; classtype:trojan-activity;sid:84440013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576912)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%9b%aa%e8%8a%b1%e8%bf%9c%e7%a8%8b%e7%89%88.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576912/; classtype:trojan-activity;sid:84440012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576909)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b0%8f%e9%9b%a8%e7%82%b9%e6%96%b01.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576909/; classtype:trojan-activity;sid:84440009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%9b%aa%e8%8a%b1%e8%bf%9c%e7%a8%8b%e7%89%88%e6%96%b0.apk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576908/; classtype:trojan-activity;sid:84440008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576885)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576885/; classtype:trojan-activity;sid:84439985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576851)"; flow:established,from_client; content:"GET"; http_method; content:"/conf.ini"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576851/; classtype:trojan-activity;sid:84439951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576852)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"1.15.230.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576852/; classtype:trojan-activity;sid:84439952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576848)"; flow:established,from_client; content:"GET"; http_method; content:"/testdll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576848/; classtype:trojan-activity;sid:84439948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576846)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.238.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576846/; classtype:trojan-activity;sid:84439946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576826)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.230.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576826/; classtype:trojan-activity;sid:84439926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576805)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.140.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576805/; classtype:trojan-activity;sid:84439905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576804)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-linux-elf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576804/; classtype:trojan-activity;sid:84439904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576768)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.140.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576768/; classtype:trojan-activity;sid:84439868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576756)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576756/; classtype:trojan-activity;sid:84439856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576743)"; flow:established,from_client; content:"GET"; http_method; content:"/999.html"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576743/; classtype:trojan-activity;sid:84439843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576728)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576728/; classtype:trojan-activity;sid:84439828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576707)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.140.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576707/; classtype:trojan-activity;sid:84439807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576670)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576670/; classtype:trojan-activity;sid:84439770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576676)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576676/; classtype:trojan-activity;sid:84439776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576540)"; flow:established,from_client; content:"GET"; http_method; content:"/agetty"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576540/; classtype:trojan-activity;sid:84439640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576541)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576541/; classtype:trojan-activity;sid:84439641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576542)"; flow:established,from_client; content:"GET"; http_method; content:"/logsbins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576542/; classtype:trojan-activity;sid:84439642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576544)"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576544/; classtype:trojan-activity;sid:84439644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576545)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576545/; classtype:trojan-activity;sid:84439645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576546)"; flow:established,from_client; content:"GET"; http_method; content:"/system"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576546/; classtype:trojan-activity;sid:84439646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576533)"; flow:established,from_client; content:"GET"; http_method; content:"/klogd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576533/; classtype:trojan-activity;sid:84439633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576535)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576535/; classtype:trojan-activity;sid:84439635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576536)"; flow:established,from_client; content:"GET"; http_method; content:"/rsyslogd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576536/; classtype:trojan-activity;sid:84439636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576537)"; flow:established,from_client; content:"GET"; http_method; content:"/logs2.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576537/; classtype:trojan-activity;sid:84439637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576538)"; flow:established,from_client; content:"GET"; http_method; content:"/getty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576538/; classtype:trojan-activity;sid:84439638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576539)"; flow:established,from_client; content:"GET"; http_method; content:"/katrina"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576539/; classtype:trojan-activity;sid:84439639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576532)"; flow:established,from_client; content:"GET"; http_method; content:"/s"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576532/; classtype:trojan-activity;sid:84439632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576527)"; flow:established,from_client; content:"GET"; http_method; content:"/dbus-daemon"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"78.142.229.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576527/; classtype:trojan-activity;sid:84439627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576412)"; flow:established,from_client; content:"GET"; http_method; content:"/blue.mp4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"investtrad.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576412/; classtype:trojan-activity;sid:84439512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576384)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576384/; classtype:trojan-activity;sid:84439484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.37.252.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576367/; classtype:trojan-activity;sid:84439467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576359)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576359/; classtype:trojan-activity;sid:84439459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"197.89.38.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576353/; classtype:trojan-activity;sid:84439453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575978)"; flow:established,from_client; content:"GET"; http_method; content:"/allbnc.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575978/; classtype:trojan-activity;sid:84439078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575979)"; flow:established,from_client; content:"GET"; http_method; content:"/auto.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575979/; classtype:trojan-activity;sid:84439079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575971)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575971/; classtype:trojan-activity;sid:84439071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575961)"; flow:established,from_client; content:"GET"; http_method; content:"/asp.gif"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575961/; classtype:trojan-activity;sid:84439061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575958)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575958/; classtype:trojan-activity;sid:84439058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575928)"; flow:established,from_client; content:"GET"; http_method; content:"/ekaspx.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575928/; classtype:trojan-activity;sid:84439028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575923)"; flow:established,from_client; content:"GET"; http_method; content:"/mshell.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575923/; classtype:trojan-activity;sid:84439023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575924)"; flow:established,from_client; content:"GET"; http_method; content:"/shfrpc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575924/; classtype:trojan-activity;sid:84439024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575907)"; flow:established,from_client; content:"GET"; http_method; content:"/svchos.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575907/; classtype:trojan-activity;sid:84439007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575900)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575900/; classtype:trojan-activity;sid:84439000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575892)"; flow:established,from_client; content:"GET"; http_method; content:"/cata2.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575892/; classtype:trojan-activity;sid:84438992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575891)"; flow:established,from_client; content:"GET"; http_method; content:"/ek.jspx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575891/; classtype:trojan-activity;sid:84438991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575885)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.29.147.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575885/; classtype:trojan-activity;sid:84438985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575870)"; flow:established,from_client; content:"GET"; http_method; content:"/ek.jsp"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575870/; classtype:trojan-activity;sid:84438970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575355)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/main/shaman.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575355/; classtype:trojan-activity;sid:84438455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575354)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/raw/main/update0.bat"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575354/; classtype:trojan-activity;sid:84438454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.80.246.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3575022/; classtype:trojan-activity;sid:84438122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.253.237.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3575012/; classtype:trojan-activity;sid:84438112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3574027)"; flow:established,from_client; content:"GET"; http_method; content:"/7030.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ecs-124-70-158-53.compute.hwclouds-dns.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3574027/; classtype:trojan-activity;sid:84437127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573965/; classtype:trojan-activity;sid:84437065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.57.109.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573347/; classtype:trojan-activity;sid:84436447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573133)"; flow:established,from_client; content:"GET"; http_method; content:"/dourvsity187.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iiiconstruction.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573133/; classtype:trojan-activity;sid:84436233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573084)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_134.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lomejordesalamanca.es"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573084/; classtype:trojan-activity;sid:84436184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572729)"; flow:established,from_client; content:"GET"; http_method; content:"/3/2.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hotellacastellana.com.uy"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572729/; classtype:trojan-activity;sid:84435829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572728)"; flow:established,from_client; content:"GET"; http_method; content:"/3/1.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hotellacastellana.com.uy"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572728/; classtype:trojan-activity;sid:84435828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572341)"; flow:established,from_client; content:"GET"; http_method; content:"/ghostgera/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"intelligentopennetworkingawards.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572341/; classtype:trojan-activity;sid:84435441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.229.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571844/; classtype:trojan-activity;sid:84434944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571786/; classtype:trojan-activity;sid:84434886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571790/; classtype:trojan-activity;sid:84434890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571573)"; flow:established,from_client; content:"GET"; http_method; content:"/0rknrw2j/jru8j.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571573/; classtype:trojan-activity;sid:84434673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571424)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f.dof"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"checkinetverifk.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571424/; classtype:trojan-activity;sid:84434524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571382)"; flow:established,from_client; content:"GET"; http_method; content:"/fyvu.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571382/; classtype:trojan-activity;sid:84434482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571385)"; flow:established,from_client; content:"GET"; http_method; content:"/fyvu.zip|3f|le=19"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571385/; classtype:trojan-activity;sid:84434485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571386)"; flow:established,from_client; content:"GET"; http_method; content:"/smkl.zip|3f|le=48/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571386/; classtype:trojan-activity;sid:84434486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571387)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571387/; classtype:trojan-activity;sid:84434487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571381)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571381/; classtype:trojan-activity;sid:84434481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571379)"; flow:established,from_client; content:"GET"; http_method; content:"/tuvu.zip|3f|le=12"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571379/; classtype:trojan-activity;sid:84434479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571376)"; flow:established,from_client; content:"GET"; http_method; content:"/smkl.zip|3f|le=48"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571376/; classtype:trojan-activity;sid:84434476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571377)"; flow:established,from_client; content:"GET"; http_method; content:"/tuvu.zip|3f|le=12"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571377/; classtype:trojan-activity;sid:84434477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571372)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip|3f|le=17"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571372/; classtype:trojan-activity;sid:84434472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571370)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip|3f|le=65"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571370/; classtype:trojan-activity;sid:84434470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571371)"; flow:established,from_client; content:"GET"; http_method; content:"/hatz.zip|3f|le=9"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"michellegraci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571371/; classtype:trojan-activity;sid:84434471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570196)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.93.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570196/; classtype:trojan-activity;sid:84433296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.73.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570170/; classtype:trojan-activity;sid:84433270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570158)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570158/; classtype:trojan-activity;sid:84433258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569817)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569817/; classtype:trojan-activity;sid:84432917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569657)"; flow:established,from_client; content:"GET"; http_method; content:"/juancamilo1914/youtube-mp3-converter/releases/download/buprestidan/youtube.mp3.converter.v1.0.0.-.buprestidan.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_23; reference:url, urlhaus.abuse.ch/url/3569657/; classtype:trojan-activity;sid:84432757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569549)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.103.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_23; reference:url, urlhaus.abuse.ch/url/3569549/; classtype:trojan-activity;sid:84432649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569208)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.222.31.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569208/; classtype:trojan-activity;sid:84432308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569182)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.94.92.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569182/; classtype:trojan-activity;sid:84432282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568977)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568977/; classtype:trojan-activity;sid:84432077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568976)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568976/; classtype:trojan-activity;sid:84432076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.130.248.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_20; reference:url, urlhaus.abuse.ch/url/3568814/; classtype:trojan-activity;sid:84431914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568238)"; flow:established,from_client; content:"GET"; http_method; content:"/new_image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568238/; classtype:trojan-activity;sid:84431338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568230)"; flow:established,from_client; content:"GET"; http_method; content:"/js/new_image.jpg"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568230/; classtype:trojan-activity;sid:84431330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568176)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/gv-cu/main/ud.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568176/; classtype:trojan-activity;sid:84431276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568162)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/gv-cu/raw/main/ud.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568162/; classtype:trojan-activity;sid:84431262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568006)"; flow:established,from_client; content:"GET"; http_method; content:"/xl.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mundocarnes.cl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3568006/; classtype:trojan-activity;sid:84431106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567771)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567771/; classtype:trojan-activity;sid:84430871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567713/; classtype:trojan-activity;sid:84430813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567113)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567113/; classtype:trojan-activity;sid:84430213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567037)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567037/; classtype:trojan-activity;sid:84430137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566706)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566706/; classtype:trojan-activity;sid:84429806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566351)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566351/; classtype:trojan-activity;sid:84429451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566263)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566263/; classtype:trojan-activity;sid:84429363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566015/; classtype:trojan-activity;sid:84429115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565839/; classtype:trojan-activity;sid:84428939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565407)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/itempicture/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565407/; classtype:trojan-activity;sid:84428507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565408)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565408/; classtype:trojan-activity;sid:84428508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565402)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/video.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565402/; classtype:trojan-activity;sid:84428502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565403)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565403/; classtype:trojan-activity;sid:84428503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565404)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565404/; classtype:trojan-activity;sid:84428504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565405)"; flow:established,from_client; content:"GET"; http_method; content:"/program/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565405/; classtype:trojan-activity;sid:84428505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565399)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565399/; classtype:trojan-activity;sid:84428499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565400)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565400/; classtype:trojan-activity;sid:84428500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565393)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565393/; classtype:trojan-activity;sid:84428493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565394)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/photo.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565394/; classtype:trojan-activity;sid:84428494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565395)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565395/; classtype:trojan-activity;sid:84428495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565390)"; flow:established,from_client; content:"GET"; http_method; content:"/program/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565390/; classtype:trojan-activity;sid:84428490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565364)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565364/; classtype:trojan-activity;sid:84428464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565344)"; flow:established,from_client; content:"GET"; http_method; content:"/program/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565344/; classtype:trojan-activity;sid:84428444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565352)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565352/; classtype:trojan-activity;sid:84428452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565355)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565355/; classtype:trojan-activity;sid:84428455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565357)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/video.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565357/; classtype:trojan-activity;sid:84428457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565331)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565331/; classtype:trojan-activity;sid:84428431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565333)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565333/; classtype:trojan-activity;sid:84428433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565337)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565337/; classtype:trojan-activity;sid:84428437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565338)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/av.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565338/; classtype:trojan-activity;sid:84428438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565339)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565339/; classtype:trojan-activity;sid:84428439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565340)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565340/; classtype:trojan-activity;sid:84428440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565341)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565341/; classtype:trojan-activity;sid:84428441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565329)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565329/; classtype:trojan-activity;sid:84428429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565319)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/av.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565319/; classtype:trojan-activity;sid:84428419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565311)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565311/; classtype:trojan-activity;sid:84428411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565312)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565312/; classtype:trojan-activity;sid:84428412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565313)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565313/; classtype:trojan-activity;sid:84428413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565314)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565314/; classtype:trojan-activity;sid:84428414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565315)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565315/; classtype:trojan-activity;sid:84428415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565316)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/av.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565316/; classtype:trojan-activity;sid:84428416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565317)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565317/; classtype:trojan-activity;sid:84428417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565288)"; flow:established,from_client; content:"GET"; http_method; content:"/agent2b_web_6.05.030/instalador%20corevision/disk1/setup.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565288/; classtype:trojan-activity;sid:84428388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565286)"; flow:established,from_client; content:"GET"; http_method; content:"/database/setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565286/; classtype:trojan-activity;sid:84428386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565283)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565283/; classtype:trojan-activity;sid:84428383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565285)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565285/; classtype:trojan-activity;sid:84428385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565282)"; flow:established,from_client; content:"GET"; http_method; content:"/agent2b_web_6.05.030/instalador%20completo/disk1/setup.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565282/; classtype:trojan-activity;sid:84428382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565281)"; flow:established,from_client; content:"GET"; http_method; content:"/client/setup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565281/; classtype:trojan-activity;sid:84428381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565262)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565262/; classtype:trojan-activity;sid:84428362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565260)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/badmail/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565260/; classtype:trojan-activity;sid:84428360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565259/; classtype:trojan-activity;sid:84428359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565258)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565258/; classtype:trojan-activity;sid:84428358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565257/; classtype:trojan-activity;sid:84428357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565256)"; flow:established,from_client; content:"GET"; http_method; content:"/bkp/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565256/; classtype:trojan-activity;sid:84428356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565255)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/queue/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565255/; classtype:trojan-activity;sid:84428355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565253)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/drop/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565253/; classtype:trojan-activity;sid:84428353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565252)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565252/; classtype:trojan-activity;sid:84428352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565249)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/pickup/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565249/; classtype:trojan-activity;sid:84428349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565244)"; flow:established,from_client; content:"GET"; http_method; content:"/h4lud3ae/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565244/; classtype:trojan-activity;sid:84428344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565245)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565245/; classtype:trojan-activity;sid:84428345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565246/; classtype:trojan-activity;sid:84428346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565243)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/pdf/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565243/; classtype:trojan-activity;sid:84428343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565230/; classtype:trojan-activity;sid:84428330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565236)"; flow:established,from_client; content:"GET"; http_method; content:"/idi/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565236/; classtype:trojan-activity;sid:84428336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565239/; classtype:trojan-activity;sid:84428339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565240)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/idi/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565240/; classtype:trojan-activity;sid:84428340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565241)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565241/; classtype:trojan-activity;sid:84428341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565091)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/cksy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565091/; classtype:trojan-activity;sid:84428191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565090)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565090/; classtype:trojan-activity;sid:84428190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565089)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565089/; classtype:trojan-activity;sid:84428189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565088)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565088/; classtype:trojan-activity;sid:84428188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565087)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/entity/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565087/; classtype:trojan-activity;sid:84428187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565085)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565085/; classtype:trojan-activity;sid:84428185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565086)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565086/; classtype:trojan-activity;sid:84428186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565084)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565084/; classtype:trojan-activity;sid:84428184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565083)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565083/; classtype:trojan-activity;sid:84428183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565082)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/constrant/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565082/; classtype:trojan-activity;sid:84428182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565080)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565080/; classtype:trojan-activity;sid:84428180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565079)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565079/; classtype:trojan-activity;sid:84428179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565078)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/log/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565078/; classtype:trojan-activity;sid:84428178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565077)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565077/; classtype:trojan-activity;sid:84428177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565076)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565076/; classtype:trojan-activity;sid:84428176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565075)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/new/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565075/; classtype:trojan-activity;sid:84428175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565074)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565074/; classtype:trojan-activity;sid:84428174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565073)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/photoset/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565073/; classtype:trojan-activity;sid:84428173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565071)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/service/impl/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565071/; classtype:trojan-activity;sid:84428171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565070)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/action/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565070/; classtype:trojan-activity;sid:84428170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565069)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/vehiclereview/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565069/; classtype:trojan-activity;sid:84428169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565068)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565068/; classtype:trojan-activity;sid:84428168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565066)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565066/; classtype:trojan-activity;sid:84428166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565067)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565067/; classtype:trojan-activity;sid:84428167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565065)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/zbawss/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565065/; classtype:trojan-activity;sid:84428165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565064)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565064/; classtype:trojan-activity;sid:84428164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565062)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565062/; classtype:trojan-activity;sid:84428162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565063)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565063/; classtype:trojan-activity;sid:84428163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565061)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565061/; classtype:trojan-activity;sid:84428161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565060)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565060/; classtype:trojan-activity;sid:84428160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565059)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/templete/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565059/; classtype:trojan-activity;sid:84428159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565057)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/photo/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565057/; classtype:trojan-activity;sid:84428157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565058)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565058/; classtype:trojan-activity;sid:84428158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565056)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/entity/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565056/; classtype:trojan-activity;sid:84428156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565054)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565054/; classtype:trojan-activity;sid:84428154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565049)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/impl/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565049/; classtype:trojan-activity;sid:84428149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565050)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/localxml.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565050/; classtype:trojan-activity;sid:84428150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565051)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565051/; classtype:trojan-activity;sid:84428151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565048)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565048/; classtype:trojan-activity;sid:84428148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565044)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565044/; classtype:trojan-activity;sid:84428144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565043)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565043/; classtype:trojan-activity;sid:84428143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565040)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/servacpt/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565040/; classtype:trojan-activity;sid:84428140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565035)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565035/; classtype:trojan-activity;sid:84428135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565034)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565034/; classtype:trojan-activity;sid:84428134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565030)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/action/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565030/; classtype:trojan-activity;sid:84428130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565029)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565029/; classtype:trojan-activity;sid:84428129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565024)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565024/; classtype:trojan-activity;sid:84428124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565017)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/client/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565017/; classtype:trojan-activity;sid:84428117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565018)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565018/; classtype:trojan-activity;sid:84428118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565016)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565016/; classtype:trojan-activity;sid:84428116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565015)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565015/; classtype:trojan-activity;sid:84428115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565014)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/dao/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565014/; classtype:trojan-activity;sid:84428114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565008)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/interceptor/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565008/; classtype:trojan-activity;sid:84428108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565009)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/plugin/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565009/; classtype:trojan-activity;sid:84428109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565010)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565010/; classtype:trojan-activity;sid:84428110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565011)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565011/; classtype:trojan-activity;sid:84428111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565004)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565004/; classtype:trojan-activity;sid:84428104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565001)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565001/; classtype:trojan-activity;sid:84428101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564999)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564999/; classtype:trojan-activity;sid:84428099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564992)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564992/; classtype:trojan-activity;sid:84428092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564993)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564993/; classtype:trojan-activity;sid:84428093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564990)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564990/; classtype:trojan-activity;sid:84428090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564988)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564988/; classtype:trojan-activity;sid:84428088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564986)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/wss/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564986/; classtype:trojan-activity;sid:84428086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564985)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564985/; classtype:trojan-activity;sid:84428085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564984)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564984/; classtype:trojan-activity;sid:84428084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564980)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/exception/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564980/; classtype:trojan-activity;sid:84428080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564979)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564979/; classtype:trojan-activity;sid:84428079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564977)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564977/; classtype:trojan-activity;sid:84428077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564975)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564975/; classtype:trojan-activity;sid:84428075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564976)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564976/; classtype:trojan-activity;sid:84428076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564974)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/impl/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564974/; classtype:trojan-activity;sid:84428074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564972)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564972/; classtype:trojan-activity;sid:84428072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564971)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/localxml.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564971/; classtype:trojan-activity;sid:84428071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564969)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564969/; classtype:trojan-activity;sid:84428069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564968)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564968/; classtype:trojan-activity;sid:84428068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564966)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564966/; classtype:trojan-activity;sid:84428066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564965)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564965/; classtype:trojan-activity;sid:84428065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564964)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564964/; classtype:trojan-activity;sid:84428064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564960)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564960/; classtype:trojan-activity;sid:84428060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564961)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564961/; classtype:trojan-activity;sid:84428061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564958)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564958/; classtype:trojan-activity;sid:84428058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564957)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564957/; classtype:trojan-activity;sid:84428057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564956)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564956/; classtype:trojan-activity;sid:84428056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564953)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564953/; classtype:trojan-activity;sid:84428053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564948)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/impl/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564948/; classtype:trojan-activity;sid:84428048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564949)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564949/; classtype:trojan-activity;sid:84428049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564944)"; flow:established,from_client; content:"GET"; http_method; content:"/2345downloads/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564944/; classtype:trojan-activity;sid:84428044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564937)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/lib/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564937/; classtype:trojan-activity;sid:84428037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564938)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564938/; classtype:trojan-activity;sid:84428038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564939)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/impl/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564939/; classtype:trojan-activity;sid:84428039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564940)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/record/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564940/; classtype:trojan-activity;sid:84428040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564935)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564935/; classtype:trojan-activity;sid:84428035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564936)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564936/; classtype:trojan-activity;sid:84428036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564931)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564931/; classtype:trojan-activity;sid:84428031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564927)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/nvrsetting/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564927/; classtype:trojan-activity;sid:84428027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564925)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/_notes/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564925/; classtype:trojan-activity;sid:84428025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564926)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/system/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564926/; classtype:trojan-activity;sid:84428026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564924)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564924/; classtype:trojan-activity;sid:84428024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564920)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564920/; classtype:trojan-activity;sid:84428020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564908)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564908/; classtype:trojan-activity;sid:84428008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564909)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564909/; classtype:trojan-activity;sid:84428009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564906)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/lib/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564906/; classtype:trojan-activity;sid:84428006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564903)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564903/; classtype:trojan-activity;sid:84428003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564902)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/unusual/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564902/; classtype:trojan-activity;sid:84428002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564900)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564900/; classtype:trojan-activity;sid:84428000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564899)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/pub/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564899/; classtype:trojan-activity;sid:84427999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564898)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564898/; classtype:trojan-activity;sid:84427998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564895)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/cyzpdytemp/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564895/; classtype:trojan-activity;sid:84427995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564896)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/systemset/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564896/; classtype:trojan-activity;sid:84427996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564893)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564893/; classtype:trojan-activity;sid:84427993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564894)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564894/; classtype:trojan-activity;sid:84427994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564892)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/util/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564892/; classtype:trojan-activity;sid:84427992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564888)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564888/; classtype:trojan-activity;sid:84427988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564889)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/nvr/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564889/; classtype:trojan-activity;sid:84427989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564882)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564882/; classtype:trojan-activity;sid:84427982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564883)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/cksy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564883/; classtype:trojan-activity;sid:84427983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564881)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564881/; classtype:trojan-activity;sid:84427981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564878)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/tomcat8.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564878/; classtype:trojan-activity;sid:84427978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564876)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564876/; classtype:trojan-activity;sid:84427976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564874)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564874/; classtype:trojan-activity;sid:84427974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564871)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/dao/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564871/; classtype:trojan-activity;sid:84427971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564866)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564866/; classtype:trojan-activity;sid:84427966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564862)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564862/; classtype:trojan-activity;sid:84427962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564863)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564863/; classtype:trojan-activity;sid:84427963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564858)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/vehicleinformation/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564858/; classtype:trojan-activity;sid:84427958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564859)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/logs/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564859/; classtype:trojan-activity;sid:84427959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564852)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564852/; classtype:trojan-activity;sid:84427952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564850)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564850/; classtype:trojan-activity;sid:84427950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564849)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564849/; classtype:trojan-activity;sid:84427949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564847)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564847/; classtype:trojan-activity;sid:84427947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564845)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564845/; classtype:trojan-activity;sid:84427945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564844)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/szclient/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564844/; classtype:trojan-activity;sid:84427944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564838)"; flow:established,from_client; content:"GET"; http_method; content:"/futai/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564838/; classtype:trojan-activity;sid:84427938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564839)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564839/; classtype:trojan-activity;sid:84427939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564832)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564832/; classtype:trojan-activity;sid:84427932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564819)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564819/; classtype:trojan-activity;sid:84427919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564820)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564820/; classtype:trojan-activity;sid:84427920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564821)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dto/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564821/; classtype:trojan-activity;sid:84427921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564822)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564822/; classtype:trojan-activity;sid:84427922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564809)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/jurisdict/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564809/; classtype:trojan-activity;sid:84427909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564810)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564810/; classtype:trojan-activity;sid:84427910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564812)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/exception/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564812/; classtype:trojan-activity;sid:84427912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564807)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564807/; classtype:trojan-activity;sid:84427907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564808)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564808/; classtype:trojan-activity;sid:84427908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564804)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dao/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564804/; classtype:trojan-activity;sid:84427904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564801)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564801/; classtype:trojan-activity;sid:84427901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564800)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564800/; classtype:trojan-activity;sid:84427900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564799)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/pub/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564799/; classtype:trojan-activity;sid:84427899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564797)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564797/; classtype:trojan-activity;sid:84427897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564796)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564796/; classtype:trojan-activity;sid:84427896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564794)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564794/; classtype:trojan-activity;sid:84427894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564793)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564793/; classtype:trojan-activity;sid:84427893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564791)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564791/; classtype:trojan-activity;sid:84427891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564787)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564787/; classtype:trojan-activity;sid:84427887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564785)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/pub/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564785/; classtype:trojan-activity;sid:84427885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564783)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564783/; classtype:trojan-activity;sid:84427883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564781)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564781/; classtype:trojan-activity;sid:84427881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564782)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/js/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564782/; classtype:trojan-activity;sid:84427882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564780)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564780/; classtype:trojan-activity;sid:84427880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564778)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/web/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564778/; classtype:trojan-activity;sid:84427878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564777)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564777/; classtype:trojan-activity;sid:84427877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564776)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564776/; classtype:trojan-activity;sid:84427876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564769)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564769/; classtype:trojan-activity;sid:84427869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564770)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/meta-inf/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564770/; classtype:trojan-activity;sid:84427870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564771)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564771/; classtype:trojan-activity;sid:84427871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564766)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564766/; classtype:trojan-activity;sid:84427866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564761)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/nvr/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564761/; classtype:trojan-activity;sid:84427861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564760)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564760/; classtype:trojan-activity;sid:84427860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564755)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/meta-inf/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564755/; classtype:trojan-activity;sid:84427855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564756)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564756/; classtype:trojan-activity;sid:84427856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564757/; classtype:trojan-activity;sid:84427857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564753)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/mgr/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564753/; classtype:trojan-activity;sid:84427853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564752)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/action/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564752/; classtype:trojan-activity;sid:84427852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564749)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564749/; classtype:trojan-activity;sid:84427849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564748)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564748/; classtype:trojan-activity;sid:84427848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564747)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564747/; classtype:trojan-activity;sid:84427847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564746)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564746/; classtype:trojan-activity;sid:84427846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564743)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564743/; classtype:trojan-activity;sid:84427843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564739)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/impl/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564739/; classtype:trojan-activity;sid:84427839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564740)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564740/; classtype:trojan-activity;sid:84427840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564737)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564737/; classtype:trojan-activity;sid:84427837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564734)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/exception/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564734/; classtype:trojan-activity;sid:84427834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564735)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564735/; classtype:trojan-activity;sid:84427835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564736)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564736/; classtype:trojan-activity;sid:84427836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564731)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564731/; classtype:trojan-activity;sid:84427831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564726)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/download/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564726/; classtype:trojan-activity;sid:84427826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564724)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564724/; classtype:trojan-activity;sid:84427824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564725)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564725/; classtype:trojan-activity;sid:84427825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564720)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/controller/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564720/; classtype:trojan-activity;sid:84427820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564717)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564717/; classtype:trojan-activity;sid:84427817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564718)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564718/; classtype:trojan-activity;sid:84427818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564715)"; flow:established,from_client; content:"GET"; http_method; content:"/xinheyuan/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564715/; classtype:trojan-activity;sid:84427815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564713)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564713/; classtype:trojan-activity;sid:84427813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564711)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564711/; classtype:trojan-activity;sid:84427811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564706)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564706/; classtype:trojan-activity;sid:84427806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564703)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564703/; classtype:trojan-activity;sid:84427803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564704)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564704/; classtype:trojan-activity;sid:84427804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564700)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/mgr/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564700/; classtype:trojan-activity;sid:84427800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564697)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564697/; classtype:trojan-activity;sid:84427797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564693)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564693/; classtype:trojan-activity;sid:84427793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564694)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/icons/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564694/; classtype:trojan-activity;sid:84427794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564685)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564685/; classtype:trojan-activity;sid:84427785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564686)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564686/; classtype:trojan-activity;sid:84427786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564687)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564687/; classtype:trojan-activity;sid:84427787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564681)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564681/; classtype:trojan-activity;sid:84427781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564682)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564682/; classtype:trojan-activity;sid:84427782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564675)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/lib/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564675/; classtype:trojan-activity;sid:84427775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564674)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564674/; classtype:trojan-activity;sid:84427774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564673)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564673/; classtype:trojan-activity;sid:84427773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564671)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564671/; classtype:trojan-activity;sid:84427771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564669)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564669/; classtype:trojan-activity;sid:84427769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564670)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564670/; classtype:trojan-activity;sid:84427770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564666)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/utils/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564666/; classtype:trojan-activity;sid:84427766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564667)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564667/; classtype:trojan-activity;sid:84427767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564665)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564665/; classtype:trojan-activity;sid:84427765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564659)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564659/; classtype:trojan-activity;sid:84427759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564660)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/spotckeck/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564660/; classtype:trojan-activity;sid:84427760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564653)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564653/; classtype:trojan-activity;sid:84427753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564654)"; flow:established,from_client; content:"GET"; http_method; content:"/hengsheng/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564654/; classtype:trojan-activity;sid:84427754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564655)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564655/; classtype:trojan-activity;sid:84427755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564648)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/impl/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564648/; classtype:trojan-activity;sid:84427748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564644)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564644/; classtype:trojan-activity;sid:84427744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564640)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564640/; classtype:trojan-activity;sid:84427740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564641)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/dao/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564641/; classtype:trojan-activity;sid:84427741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564636)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dto/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564636/; classtype:trojan-activity;sid:84427736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564638)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564638/; classtype:trojan-activity;sid:84427738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564634)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564634/; classtype:trojan-activity;sid:84427734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564635)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564635/; classtype:trojan-activity;sid:84427735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564630)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/entity/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564630/; classtype:trojan-activity;sid:84427730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564629)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564629/; classtype:trojan-activity;sid:84427729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564620)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564620/; classtype:trojan-activity;sid:84427720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564621)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564621/; classtype:trojan-activity;sid:84427721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564616)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/web/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564616/; classtype:trojan-activity;sid:84427716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564611)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/web/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564611/; classtype:trojan-activity;sid:84427711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564599)"; flow:established,from_client; content:"GET"; http_method; content:"/guirui/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564599/; classtype:trojan-activity;sid:84427699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564601)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564601/; classtype:trojan-activity;sid:84427701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564602)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/action/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564602/; classtype:trojan-activity;sid:84427702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564603)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564603/; classtype:trojan-activity;sid:84427703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564597)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dao/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564597/; classtype:trojan-activity;sid:84427697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564598)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564598/; classtype:trojan-activity;sid:84427698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564594)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564594/; classtype:trojan-activity;sid:84427694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564595)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564595/; classtype:trojan-activity;sid:84427695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564596)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564596/; classtype:trojan-activity;sid:84427696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564593)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/annotation/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564593/; classtype:trojan-activity;sid:84427693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564592)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/impl/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564592/; classtype:trojan-activity;sid:84427692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564589)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564589/; classtype:trojan-activity;sid:84427689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564590)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564590/; classtype:trojan-activity;sid:84427690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564583)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564583/; classtype:trojan-activity;sid:84427683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564584)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e6%96%87%e4%bb%b6%e5%a4%b9%20(2)/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564584/; classtype:trojan-activity;sid:84427684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564585)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564585/; classtype:trojan-activity;sid:84427685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564581)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564581/; classtype:trojan-activity;sid:84427681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564578)"; flow:established,from_client; content:"GET"; http_method; content:"/haohua/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564578/; classtype:trojan-activity;sid:84427678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564577)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564577/; classtype:trojan-activity;sid:84427677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564576)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/count/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564576/; classtype:trojan-activity;sid:84427676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564574)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564574/; classtype:trojan-activity;sid:84427674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564575)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564575/; classtype:trojan-activity;sid:84427675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564569)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564569/; classtype:trojan-activity;sid:84427669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564568)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/impl/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564568/; classtype:trojan-activity;sid:84427668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564566)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/system/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564566/; classtype:trojan-activity;sid:84427666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564563)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564563/; classtype:trojan-activity;sid:84427663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564561)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/controller/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564561/; classtype:trojan-activity;sid:84427661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564562)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564562/; classtype:trojan-activity;sid:84427662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564559)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/entity/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564559/; classtype:trojan-activity;sid:84427659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564554)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/lib/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564554/; classtype:trojan-activity;sid:84427654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564542)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564542/; classtype:trojan-activity;sid:84427642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564543)"; flow:established,from_client; content:"GET"; http_method; content:"/kaifa/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564543/; classtype:trojan-activity;sid:84427643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564544)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564544/; classtype:trojan-activity;sid:84427644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564545)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564545/; classtype:trojan-activity;sid:84427645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564539)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564539/; classtype:trojan-activity;sid:84427639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564540)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/viewws/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564540/; classtype:trojan-activity;sid:84427640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564541)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564541/; classtype:trojan-activity;sid:84427641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564538)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/web/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564538/; classtype:trojan-activity;sid:84427638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564534)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564534/; classtype:trojan-activity;sid:84427634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564535)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564535/; classtype:trojan-activity;sid:84427635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564536)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564536/; classtype:trojan-activity;sid:84427636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564537)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564537/; classtype:trojan-activity;sid:84427637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564527)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564527/; classtype:trojan-activity;sid:84427627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564528)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564528/; classtype:trojan-activity;sid:84427628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564529)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/web/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564529/; classtype:trojan-activity;sid:84427629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564526)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/poifiles/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564526/; classtype:trojan-activity;sid:84427626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564522)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/report/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564522/; classtype:trojan-activity;sid:84427622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564521)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dao/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564521/; classtype:trojan-activity;sid:84427621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564519)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564519/; classtype:trojan-activity;sid:84427619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564518)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/entity/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564518/; classtype:trojan-activity;sid:84427618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564515)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564515/; classtype:trojan-activity;sid:84427615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564514)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/action/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564514/; classtype:trojan-activity;sid:84427614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564509)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564509/; classtype:trojan-activity;sid:84427609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564500)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564500/; classtype:trojan-activity;sid:84427600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564498)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564498/; classtype:trojan-activity;sid:84427598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564499)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/dept/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564499/; classtype:trojan-activity;sid:84427599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563547/; classtype:trojan-activity;sid:84426647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563546)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563546/; classtype:trojan-activity;sid:84426646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563543)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/img001.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563543/; classtype:trojan-activity;sid:84426643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563544)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563544/; classtype:trojan-activity;sid:84426644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563545/; classtype:trojan-activity;sid:84426645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563540/; classtype:trojan-activity;sid:84426640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563541)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563541/; classtype:trojan-activity;sid:84426641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/css/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563542/; classtype:trojan-activity;sid:84426642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563535)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/img001.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563535/; classtype:trojan-activity;sid:84426635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563536)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/img001.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563536/; classtype:trojan-activity;sid:84426636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563539)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/img001.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563539/; classtype:trojan-activity;sid:84426639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/css/img001.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563533/; classtype:trojan-activity;sid:84426633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563454)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrok.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.201.174.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563454/; classtype:trojan-activity;sid:84426554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563449)"; flow:established,from_client; content:"GET"; http_method; content:"/evil.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.158.33.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563449/; classtype:trojan-activity;sid:84426549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563446)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.206.214.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563446/; classtype:trojan-activity;sid:84426546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563444)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563444/; classtype:trojan-activity;sid:84426544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563445)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.33.243.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563445/; classtype:trojan-activity;sid:84426545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563441)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563441/; classtype:trojan-activity;sid:84426541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563442)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563442/; classtype:trojan-activity;sid:84426542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563443)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.94.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563443/; classtype:trojan-activity;sid:84426543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563434)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.53.72.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563434/; classtype:trojan-activity;sid:84426534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563435)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563435/; classtype:trojan-activity;sid:84426535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563437)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.53.72.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563437/; classtype:trojan-activity;sid:84426537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563438)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.251.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563438/; classtype:trojan-activity;sid:84426538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563439)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.24.81.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563439/; classtype:trojan-activity;sid:84426539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563440)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.78.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563440/; classtype:trojan-activity;sid:84426540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563432)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563432/; classtype:trojan-activity;sid:84426532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563433)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.207.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563433/; classtype:trojan-activity;sid:84426533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563431)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.157.148.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563431/; classtype:trojan-activity;sid:84426531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563430)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.157.200.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563430/; classtype:trojan-activity;sid:84426530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563429)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.24.81.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563429/; classtype:trojan-activity;sid:84426529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563425)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563425/; classtype:trojan-activity;sid:84426525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563426)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"123.207.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563426/; classtype:trojan-activity;sid:84426526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563427)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.251.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563427/; classtype:trojan-activity;sid:84426527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563416)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.220.78.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563416/; classtype:trojan-activity;sid:84426516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563417)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"101.33.243.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563417/; classtype:trojan-activity;sid:84426517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563418)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563418/; classtype:trojan-activity;sid:84426518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563420)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"123.206.214.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563420/; classtype:trojan-activity;sid:84426520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563421)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.94.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563421/; classtype:trojan-activity;sid:84426521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563422)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"82.157.200.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563422/; classtype:trojan-activity;sid:84426522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563424)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563424/; classtype:trojan-activity;sid:84426524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563412)"; flow:established,from_client; content:"GET"; http_method; content:"/ios.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.229.234.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563412/; classtype:trojan-activity;sid:84426512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563413)"; flow:established,from_client; content:"GET"; http_method; content:"/android.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.142.186.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563413/; classtype:trojan-activity;sid:84426513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563405)"; flow:established,from_client; content:"GET"; http_method; content:"/ios.lnk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.229.234.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563405/; classtype:trojan-activity;sid:84426505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563394)"; flow:established,from_client; content:"GET"; http_method; content:"/android.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.142.186.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563394/; classtype:trojan-activity;sid:84426494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563388)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563388/; classtype:trojan-activity;sid:84426488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563389)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.178.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563389/; classtype:trojan-activity;sid:84426489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563387)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.189.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563387/; classtype:trojan-activity;sid:84426487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563385)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.88.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563385/; classtype:trojan-activity;sid:84426485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563386)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.242.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563386/; classtype:trojan-activity;sid:84426486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563384)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563384/; classtype:trojan-activity;sid:84426484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563383)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563383/; classtype:trojan-activity;sid:84426483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563380)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563380/; classtype:trojan-activity;sid:84426480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563381)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563381/; classtype:trojan-activity;sid:84426481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563379)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.185.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563379/; classtype:trojan-activity;sid:84426479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563376)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"129.211.27.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563376/; classtype:trojan-activity;sid:84426476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563378)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.220.93.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563378/; classtype:trojan-activity;sid:84426478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563374)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.194.199.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563374/; classtype:trojan-activity;sid:84426474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563372)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.138.242.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563372/; classtype:trojan-activity;sid:84426472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563373)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563373/; classtype:trojan-activity;sid:84426473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563369)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563369/; classtype:trojan-activity;sid:84426469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563370)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.226.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563370/; classtype:trojan-activity;sid:84426470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563371)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.52.165.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563371/; classtype:trojan-activity;sid:84426471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563361)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.178.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563361/; classtype:trojan-activity;sid:84426461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563362)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.139.88.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563362/; classtype:trojan-activity;sid:84426462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563363)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563363/; classtype:trojan-activity;sid:84426463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563364)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563364/; classtype:trojan-activity;sid:84426464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563358)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.29.5.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563358/; classtype:trojan-activity;sid:84426458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563360)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.183.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563360/; classtype:trojan-activity;sid:84426460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563357)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.211.27.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563357/; classtype:trojan-activity;sid:84426457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563354)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.199.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563354/; classtype:trojan-activity;sid:84426454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563351)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.93.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563351/; classtype:trojan-activity;sid:84426451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563349)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563349/; classtype:trojan-activity;sid:84426449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563345)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.165.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563345/; classtype:trojan-activity;sid:84426445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563343)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563343/; classtype:trojan-activity;sid:84426443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563340)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.232.134.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563340/; classtype:trojan-activity;sid:84426440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563342)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"129.204.226.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563342/; classtype:trojan-activity;sid:84426442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563338)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"211.159.155.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563338/; classtype:trojan-activity;sid:84426438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563336)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563336/; classtype:trojan-activity;sid:84426436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563334)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.185.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563334/; classtype:trojan-activity;sid:84426434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563329)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.199.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563329/; classtype:trojan-activity;sid:84426429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563320)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563320/; classtype:trojan-activity;sid:84426420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563321)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563321/; classtype:trojan-activity;sid:84426421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563322)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.159.155.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563322/; classtype:trojan-activity;sid:84426422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563323)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.52.183.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563323/; classtype:trojan-activity;sid:84426423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563326)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.112.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563326/; classtype:trojan-activity;sid:84426426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563315)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.189.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563315/; classtype:trojan-activity;sid:84426415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563316)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.232.134.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563316/; classtype:trojan-activity;sid:84426416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563253)"; flow:established,from_client; content:"GET"; http_method; content:"/gg.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.18.10.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563253/; classtype:trojan-activity;sid:84426353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563080)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/testlnk1.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563080/; classtype:trojan-activity;sid:84426180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562926)"; flow:established,from_client; content:"GET"; http_method; content:"/mar10/wsgidav/archive/refs/heads/master.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3562926/; classtype:trojan-activity;sid:84426026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562785)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562785/; classtype:trojan-activity;sid:84425885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562786)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562786/; classtype:trojan-activity;sid:84425886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562789)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562789/; classtype:trojan-activity;sid:84425889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562778)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/msglu32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562778/; classtype:trojan-activity;sid:84425878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562768)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/energizertrojan-malware.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562768/; classtype:trojan-activity;sid:84425868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562769)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/advnetcfg.ocx"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562769/; classtype:trojan-activity;sid:84425869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562770)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562770/; classtype:trojan-activity;sid:84425870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562771)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/mssecmgr.ocx"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562771/; classtype:trojan-activity;sid:84425871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562772)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562772/; classtype:trojan-activity;sid:84425872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562774)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/boot32drv.sys"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562774/; classtype:trojan-activity;sid:84425874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562775)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/energizertrojan-malware.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562775/; classtype:trojan-activity;sid:84425875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562766)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/nteps32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562766/; classtype:trojan-activity;sid:84425866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562767)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562767/; classtype:trojan-activity;sid:84425867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562765)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562765/; classtype:trojan-activity;sid:84425865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562763)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/ccalc32.sys"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562763/; classtype:trojan-activity;sid:84425863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562760)"; flow:established,from_client; content:"GET"; http_method; content:"/evil.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.61.242.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562760/; classtype:trojan-activity;sid:84425860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562759)"; flow:established,from_client; content:"GET"; http_method; content:"/evilflashlight.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"130.61.242.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562759/; classtype:trojan-activity;sid:84425859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562757)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_linux_amd64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.43.49.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562757/; classtype:trojan-activity;sid:84425857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562758)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2020-15972/tear-down.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"119.28.140.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562758/; classtype:trojan-activity;sid:84425858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562752)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.29.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562752/; classtype:trojan-activity;sid:84425852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562747)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.48.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562747/; classtype:trojan-activity;sid:84425847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562711)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.167.219.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562711/; classtype:trojan-activity;sid:84425811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562662)"; flow:established,from_client; content:"GET"; http_method; content:"/botx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.247.226.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562662/; classtype:trojan-activity;sid:84425762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562600)"; flow:established,from_client; content:"GET"; http_method; content:"/zusyaku/malware-collection-part-2/refs/heads/main/666/666.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562600/; classtype:trojan-activity;sid:84425700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562599)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562599/; classtype:trojan-activity;sid:84425699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562593)"; flow:established,from_client; content:"GET"; http_method; content:"/platinum.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.modernitgen.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562593/; classtype:trojan-activity;sid:84425693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562404)"; flow:established,from_client; content:"GET"; http_method; content:"/live.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562404/; classtype:trojan-activity;sid:84425504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562403)"; flow:established,from_client; content:"GET"; http_method; content:"/uat.lnk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562403/; classtype:trojan-activity;sid:84425503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562166)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.237.122.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3562166/; classtype:trojan-activity;sid:84425266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561991)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-x86_64_windows.7z"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561991/; classtype:trojan-activity;sid:84425091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561989)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561989/; classtype:trojan-activity;sid:84425089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561990)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.tar.gz"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561990/; classtype:trojan-activity;sid:84425090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561988)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-args-x86_64_linux.tar.gz"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561988/; classtype:trojan-activity;sid:84425088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561860)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1746669868_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.yz.tcdnos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561860/; classtype:trojan-activity;sid:84424960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561859)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747308966_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561859/; classtype:trojan-activity;sid:84424959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561858)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747209335_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561858/; classtype:trojan-activity;sid:84424958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561857)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747732120_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561857/; classtype:trojan-activity;sid:84424957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561856)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747640975_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561856/; classtype:trojan-activity;sid:84424956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561839)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/drss/drbw.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"124.223.105.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561839/; classtype:trojan-activity;sid:84424939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561730)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561730/; classtype:trojan-activity;sid:84424830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561731)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561731/; classtype:trojan-activity;sid:84424831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561727)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561727/; classtype:trojan-activity;sid:84424827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561729)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561729/; classtype:trojan-activity;sid:84424829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561267)"; flow:established,from_client; content:"GET"; http_method; content:"/b12c87cb-d08b-43f6-abbd-11e7f745c9c1/orderlist.js"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_12; reference:url, urlhaus.abuse.ch/url/3561267/; classtype:trojan-activity;sid:84424367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561086)"; flow:established,from_client; content:"GET"; http_method; content:"/zbsm.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561086/; classtype:trojan-activity;sid:84424186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561082)"; flow:established,from_client; content:"GET"; http_method; content:"/1.jsp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561082/; classtype:trojan-activity;sid:84424182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561083)"; flow:established,from_client; content:"GET"; http_method; content:"/poc.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561083/; classtype:trojan-activity;sid:84424183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.88.234.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560938/; classtype:trojan-activity;sid:84424038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560607)"; flow:established,from_client; content:"GET"; http_method; content:"/kij.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560607/; classtype:trojan-activity;sid:84423707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560550)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.tar.gz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560550/; classtype:trojan-activity;sid:84423650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560462)"; flow:established,from_client; content:"GET"; http_method; content:"/setup/terminal.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vip.3a9.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560462/; classtype:trojan-activity;sid:84423562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560463)"; flow:established,from_client; content:"GET"; http_method; content:"/website1/hue2/view.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xemhang.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560463/; classtype:trojan-activity;sid:84423563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560460)"; flow:established,from_client; content:"GET"; http_method; content:"/yc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560460/; classtype:trojan-activity;sid:84423560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560453)"; flow:established,from_client; content:"GET"; http_method; content:"/annym1/start/main/dnd.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560453/; classtype:trojan-activity;sid:84423553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560452)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/annabelle.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560452/; classtype:trojan-activity;sid:84423552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560449)"; flow:established,from_client; content:"GET"; http_method; content:"/rzm-crack-team/redline-crack/main/redline-crack-by-rzt.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560449/; classtype:trojan-activity;sid:84423549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560445)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/ydrag.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560445/; classtype:trojan-activity;sid:84423545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560439)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/master/loic.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560439/; classtype:trojan-activity;sid:84423539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560434)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/kematian_shellcode.ps1"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560434/; classtype:trojan-activity;sid:84423534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560418)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptowall.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560418/; classtype:trojan-activity;sid:84423518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560419)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560419/; classtype:trojan-activity;sid:84423519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560422)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptolocker.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560422/; classtype:trojan-activity;sid:84423522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560416)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/prolin.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560416/; classtype:trojan-activity;sid:84423516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560412)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.bat"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560412/; classtype:trojan-activity;sid:84423512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560414)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/funbatchcode-malicousandnonmalicous/master/worm.bat"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560414/; classtype:trojan-activity;sid:84423514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560409)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560409/; classtype:trojan-activity;sid:84423509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560410)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflip-op-predictor/main/bloxflip%20predictor.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560410/; classtype:trojan-activity;sid:84423510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560392)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/set-2%20firmware%204.01.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"cegelecinfo.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560392/; classtype:trojan-activity;sid:84423492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560386)"; flow:established,from_client; content:"GET"; http_method; content:"/_private/me3_setup.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"me3.ne.jp"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560386/; classtype:trojan-activity;sid:84423486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560385)"; flow:established,from_client; content:"GET"; http_method; content:"/pc/pdfconvert/pdfconverter_p2w154-zx-666.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"download.pdf00.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560385/; classtype:trojan-activity;sid:84423485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rod_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560380/; classtype:trojan-activity;sid:84423480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rmd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560381/; classtype:trojan-activity;sid:84423481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rxd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560383/; classtype:trojan-activity;sid:84423483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560378)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/bunglers/build.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.techgeeks.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560378/; classtype:trojan-activity;sid:84423478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560297)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560297/; classtype:trojan-activity;sid:84423397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560209)"; flow:established,from_client; content:"GET"; http_method; content:"/cybertoxin/remcos-professional-cracked-by-alcatraz3222/raw/master/remcos%20professional%20cracked%20by%20alcatraz3222.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560209/; classtype:trojan-activity;sid:84423309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560034)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560034/; classtype:trojan-activity;sid:84423134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560036)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560036/; classtype:trojan-activity;sid:84423136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560038)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560038/; classtype:trojan-activity;sid:84423138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560040)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560040/; classtype:trojan-activity;sid:84423140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560042)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560042/; classtype:trojan-activity;sid:84423142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560043)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560043/; classtype:trojan-activity;sid:84423143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559942)"; flow:established,from_client; content:"GET"; http_method; content:"/866.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub-1445de8c8aa84761aac5200e0036237d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3559942/; classtype:trojan-activity;sid:84423042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_08; reference:url, urlhaus.abuse.ch/url/3559327/; classtype:trojan-activity;sid:84422427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.18.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_08; reference:url, urlhaus.abuse.ch/url/3559309/; classtype:trojan-activity;sid:84422409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559217)"; flow:established,from_client; content:"GET"; http_method; content:"/public/update/bmw_v1.7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"acc.jiangsujiaxue.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559217/; classtype:trojan-activity;sid:84422317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559216)"; flow:established,from_client; content:"GET"; http_method; content:"/classticket.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"class1004.dothome.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559216/; classtype:trojan-activity;sid:84422316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559211)"; flow:established,from_client; content:"GET"; http_method; content:"/static/download/teleport-assist-windows.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"58.49.210.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559211/; classtype:trojan-activity;sid:84422311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559208)"; flow:established,from_client; content:"GET"; http_method; content:"/yx/dts/sqft/904576/yx_dts.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d.14yaa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559208/; classtype:trojan-activity;sid:84422308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559206)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd/services.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"43.229.135.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559206/; classtype:trojan-activity;sid:84422306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559123)"; flow:established,from_client; content:"GET"; http_method; content:"/nps.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559123/; classtype:trojan-activity;sid:84422223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559116)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.196.8.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559116/; classtype:trojan-activity;sid:84422216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559040)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/keystone.dll"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559040/; classtype:trojan-activity;sid:84422140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559037)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/sgn.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559037/; classtype:trojan-activity;sid:84422137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559033)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/bsodlogicbomb.ps1"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559033/; classtype:trojan-activity;sid:84422133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559034)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/powersyringe.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559034/; classtype:trojan-activity;sid:84422134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559022)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-reflectivepeinjection.ps1"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559022/; classtype:trojan-activity;sid:84422122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559025)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/pe2shc.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559025/; classtype:trojan-activity;sid:84422125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559019)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/encrypted.enc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559019/; classtype:trojan-activity;sid:84422119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559009)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/masquerade-peb.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559009/; classtype:trojan-activity;sid:84422109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559012)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/uacbstartup.ps1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559012/; classtype:trojan-activity;sid:84422112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559014)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-shellcode-fixed.ps1"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559014/; classtype:trojan-activity;sid:84422114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559015)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/onedoesnotsimplybypassentirewindefender.ps1"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559015/; classtype:trojan-activity;sid:84422115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559005)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/migrate.rb"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559005/; classtype:trojan-activity;sid:84422105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559006)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/base64.rb"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559006/; classtype:trojan-activity;sid:84422106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/bugsoft.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558975/; classtype:trojan-activity;sid:84422075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558976)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/brontok.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558976/; classtype:trojan-activity;sid:84422076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558977)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/zloader.xlsm"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558977/; classtype:trojan-activity;sid:84422077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558973)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/anap.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558973/; classtype:trojan-activity;sid:84422073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558974)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/axam.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558974/; classtype:trojan-activity;sid:84422074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558966)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/emotet.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558966/; classtype:trojan-activity;sid:84422066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558967)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/amus.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558967/; classtype:trojan-activity;sid:84422067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558659)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558659/; classtype:trojan-activity;sid:84421759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558646)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.251.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558646/; classtype:trojan-activity;sid:84421746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558501)"; flow:established,from_client; content:"GET"; http_method; content:"/g7_update.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558501/; classtype:trojan-activity;sid:84421601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558331)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558331/; classtype:trojan-activity;sid:84421431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558302)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/amsibypass/main/newamsibypass.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558302/; classtype:trojan-activity;sid:84421402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558300)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/link-exe-test/main/matthew.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558300/; classtype:trojan-activity;sid:84421400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558295)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558295/; classtype:trojan-activity;sid:84421395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558290)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/urbanvpn.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558290/; classtype:trojan-activity;sid:84421390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558291)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/svhost.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558291/; classtype:trojan-activity;sid:84421391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558292)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558292/; classtype:trojan-activity;sid:84421392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558289)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittieobf/main/invoke-nicelittlekittieobf.ps1"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558289/; classtype:trojan-activity;sid:84421389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558285)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/pvp.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558285/; classtype:trojan-activity;sid:84421385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558287)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/darwin.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558287/; classtype:trojan-activity;sid:84421387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558280)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-dropper/main/src/main.rs"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558280/; classtype:trojan-activity;sid:84421380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558271)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/bin/x64/release/phantom.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558271/; classtype:trojan-activity;sid:84421371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558266)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-shell/main/reverse.ps1"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558266/; classtype:trojan-activity;sid:84421366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558264)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/iso-file-testing/main/pleaserunme.iso"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558264/; classtype:trojan-activity;sid:84421364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558260)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac64.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558260/; classtype:trojan-activity;sid:84421360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558249)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac.dll"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558249/; classtype:trojan-activity;sid:84421349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558243)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittie/main/invoke-nicelittlekittie.ps1"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558243/; classtype:trojan-activity;sid:84421343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558235)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload_encrypted.bin"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558235/; classtype:trojan-activity;sid:84421335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558237)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/meter/main/meter5555.ps1"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558237/; classtype:trojan-activity;sid:84421337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558229)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/js-file-test/main/loader.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558229/; classtype:trojan-activity;sid:84421329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558230)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-revshell/main/src/main.rs"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558230/; classtype:trojan-activity;sid:84421330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/ll/hta/f.het"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.messias.org.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558205/; classtype:trojan-activity;sid:84421305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556803)"; flow:established,from_client; content:"GET"; http_method; content:"/qcojt/logs.ldk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"classroomseven.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556803/; classtype:trojan-activity;sid:84419903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556779)"; flow:established,from_client; content:"GET"; http_method; content:"/qcojt/logs.ldr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"classroomseven.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556779/; classtype:trojan-activity;sid:84419879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556612)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556612/; classtype:trojan-activity;sid:84419712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555900)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin2.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555900/; classtype:trojan-activity;sid:84419000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555899)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555899/; classtype:trojan-activity;sid:84418999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555898)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin4.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555898/; classtype:trojan-activity;sid:84418998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555897)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin1.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555897/; classtype:trojan-activity;sid:84418997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.127.119.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555478/; classtype:trojan-activity;sid:84418578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.192.40.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555475/; classtype:trojan-activity;sid:84418575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.30.208.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555470/; classtype:trojan-activity;sid:84418570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555397)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555397/; classtype:trojan-activity;sid:84418497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555395)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555395/; classtype:trojan-activity;sid:84418495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555396)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555396/; classtype:trojan-activity;sid:84418496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555394)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555394/; classtype:trojan-activity;sid:84418494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555393)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555393/; classtype:trojan-activity;sid:84418493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555392)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555392/; classtype:trojan-activity;sid:84418492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555391)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555391/; classtype:trojan-activity;sid:84418491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555389)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555389/; classtype:trojan-activity;sid:84418489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555388)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555388/; classtype:trojan-activity;sid:84418488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555371)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555371/; classtype:trojan-activity;sid:84418471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.202.153.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555132/; classtype:trojan-activity;sid:84418232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.199.86.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555017/; classtype:trojan-activity;sid:84418117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.90.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555005/; classtype:trojan-activity;sid:84418105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554430)"; flow:established,from_client; content:"GET"; http_method; content:"/rate.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554430/; classtype:trojan-activity;sid:84417530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554345)"; flow:established,from_client; content:"GET"; http_method; content:"/rats.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554345/; classtype:trojan-activity;sid:84417445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554334)"; flow:established,from_client; content:"GET"; http_method; content:"/oste.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554334/; classtype:trojan-activity;sid:84417434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.135.230.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553933/; classtype:trojan-activity;sid:84417033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553636)"; flow:established,from_client; content:"GET"; http_method; content:"/bufs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"maidforyou1985.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553636/; classtype:trojan-activity;sid:84416736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553629)"; flow:established,from_client; content:"GET"; http_method; content:"/mits.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553629/; classtype:trojan-activity;sid:84416729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553631)"; flow:established,from_client; content:"GET"; http_method; content:"/zsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553631/; classtype:trojan-activity;sid:84416731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553634)"; flow:established,from_client; content:"GET"; http_method; content:"/fste.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553634/; classtype:trojan-activity;sid:84416734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553619)"; flow:established,from_client; content:"GET"; http_method; content:"/fsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553619/; classtype:trojan-activity;sid:84416719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553609)"; flow:established,from_client; content:"GET"; http_method; content:"/rars.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553609/; classtype:trojan-activity;sid:84416709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553439)"; flow:established,from_client; content:"GET"; http_method; content:"/atendimento/bk.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"skynetx.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553439/; classtype:trojan-activity;sid:84416539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553385)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.210.122.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553385/; classtype:trojan-activity;sid:84416485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.125.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553170/; classtype:trojan-activity;sid:84416270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.79.175.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553167/; classtype:trojan-activity;sid:84416267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552816/; classtype:trojan-activity;sid:84415916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552756/; classtype:trojan-activity;sid:84415856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.83.211.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552741/; classtype:trojan-activity;sid:84415841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552725)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.76.252.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552725/; classtype:trojan-activity;sid:84415825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552617)"; flow:established,from_client; content:"GET"; http_method; content:"/bre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.74.204.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552617/; classtype:trojan-activity;sid:84415717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552086)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.176.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_25; reference:url, urlhaus.abuse.ch/url/3552086/; classtype:trojan-activity;sid:84415186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552042)"; flow:established,from_client; content:"GET"; http_method; content:"/waf/dracula-cmd/master/dist/colortool.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552042/; classtype:trojan-activity;sid:84415142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552043)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsysadmin/setteamsbg/main/set-teams-backgrounds.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552043/; classtype:trojan-activity;sid:84415143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552009)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/raw/refs/heads/main/silent%20miner.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552009/; classtype:trojan-activity;sid:84415109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552005)"; flow:established,from_client; content:"GET"; http_method; content:"/alanparadis/stalker2simplemodmerger/releases/download/vortex-v1.4.9/stalker2simplemodmergerforvortex.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552005/; classtype:trojan-activity;sid:84415105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551493)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.242.66.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551493/; classtype:trojan-activity;sid:84414593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551375/; classtype:trojan-activity;sid:84414475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551316)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14-0-204-188.static.pccw-hkt.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551316/; classtype:trojan-activity;sid:84414416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551305)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551305/; classtype:trojan-activity;sid:84414405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550926)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/update.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550926/; classtype:trojan-activity;sid:84414026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550735)"; flow:established,from_client; content:"GET"; http_method; content:"/macmid_sonoma_14_5.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.198.40.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550735/; classtype:trojan-activity;sid:84413835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550356)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.190.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550356/; classtype:trojan-activity;sid:84413456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550044)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.94.92.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550044/; classtype:trojan-activity;sid:84413144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550019)"; flow:established,from_client; content:"GET"; http_method; content:"/2023"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.92.48.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550019/; classtype:trojan-activity;sid:84413119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550006)"; flow:established,from_client; content:"GET"; http_method; content:"/3r%bc%bc%ca%f5.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.138.182.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550006/; classtype:trojan-activity;sid:84413106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549998)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.14.68.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549998/; classtype:trojan-activity;sid:84413098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549996)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"106.14.68.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549996/; classtype:trojan-activity;sid:84413096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549664)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.206.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549664/; classtype:trojan-activity;sid:84412764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.87.82.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549645/; classtype:trojan-activity;sid:84412745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549491)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.242.224.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549491/; classtype:trojan-activity;sid:84412591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.231.111.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3549155/; classtype:trojan-activity;sid:84412255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548988)"; flow:established,from_client; content:"GET"; http_method; content:"/fsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548988/; classtype:trojan-activity;sid:84412088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.23.70.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548684/; classtype:trojan-activity;sid:84411784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548647)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548647/; classtype:trojan-activity;sid:84411747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548513)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.56.207.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548513/; classtype:trojan-activity;sid:84411613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548058)"; flow:established,from_client; content:"GET"; http_method; content:"/admin-pc/stikpille.psp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"artacom.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548058/; classtype:trojan-activity;sid:84411158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548057)"; flow:established,from_client; content:"GET"; http_method; content:"/admin-pc/qsllcxnogwi52.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"artacom.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548057/; classtype:trojan-activity;sid:84411157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548015)"; flow:established,from_client; content:"GET"; http_method; content:"/acheck3.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548015/; classtype:trojan-activity;sid:84411115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548001)"; flow:established,from_client; content:"GET"; http_method; content:"/atata.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548001/; classtype:trojan-activity;sid:84411101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547880)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ed2w0zvvx53_mfifdszyslleurub40zo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547880/; classtype:trojan-activity;sid:84410980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.89.168.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547798/; classtype:trojan-activity;sid:84410898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547420)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3547420/; classtype:trojan-activity;sid:84410520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.91.77.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546977/; classtype:trojan-activity;sid:84410077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.236.147.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546969/; classtype:trojan-activity;sid:84410069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.2.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_18; reference:url, urlhaus.abuse.ch/url/3546411/; classtype:trojan-activity;sid:84409511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.95.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545469/; classtype:trojan-activity;sid:84408569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545216)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/zip.log"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545216/; classtype:trojan-activity;sid:84408316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545217)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/tax.pdf"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545217/; classtype:trojan-activity;sid:84408317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545213)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/txjyh.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545213/; classtype:trojan-activity;sid:84408313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544992)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nk/wunbbnvf102.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"planetariumobil.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544992/; classtype:trojan-activity;sid:84408092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544437/; classtype:trojan-activity;sid:84407537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"screen.connectprotocol.es"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3544014/; classtype:trojan-activity;sid:84407114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543827)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.234.97.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543827/; classtype:trojan-activity;sid:84406927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543805)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543805/; classtype:trojan-activity;sid:84406905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543801)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543801/; classtype:trojan-activity;sid:84406901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543432)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.32.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_14; reference:url, urlhaus.abuse.ch/url/3543432/; classtype:trojan-activity;sid:84406532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.50.222.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_14; reference:url, urlhaus.abuse.ch/url/3543392/; classtype:trojan-activity;sid:84406492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3542563)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wvxiyf_ryvgg_x3x7uceicqrndhb7lul"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_13; reference:url, urlhaus.abuse.ch/url/3542563/; classtype:trojan-activity;sid:84405663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.235.164.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541594/; classtype:trojan-activity;sid:84404694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541487)"; flow:established,from_client; content:"GET"; http_method; content:"/download/uninstall.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"update.aegis.aliyun.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541487/; classtype:trojan-activity;sid:84404587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.63.149.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541432/; classtype:trojan-activity;sid:84404532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.192.232.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541418/; classtype:trojan-activity;sid:84404518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540931)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3540931/; classtype:trojan-activity;sid:84404031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540217)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.51.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540217/; classtype:trojan-activity;sid:84403317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.52.241.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540188/; classtype:trojan-activity;sid:84403288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540164)"; flow:established,from_client; content:"GET"; http_method; content:"/tidesec/tscanplus/releases/download/v2.8.0/tscanclient_linux_amd64_v2.8.0.tar.gz"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540164/; classtype:trojan-activity;sid:84403264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540085)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/pax.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"13.71.2.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540085/; classtype:trojan-activity;sid:84403185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539735)"; flow:established,from_client; content:"GET"; http_method; content:"/xostes.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.surethinks.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539735/; classtype:trojan-activity;sid:84402835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539686)"; flow:established,from_client; content:"GET"; http_method; content:"/js_bo/werkstastt/shotstar.prm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.silver-hubdachwohnwagen.de"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539686/; classtype:trojan-activity;sid:84402786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539653)"; flow:established,from_client; content:"GET"; http_method; content:"/config.json"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539653/; classtype:trojan-activity;sid:84402753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539651)"; flow:established,from_client; content:"GET"; http_method; content:"/wbw.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539651/; classtype:trojan-activity;sid:84402751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539652)"; flow:established,from_client; content:"GET"; http_method; content:"/application.jar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539652/; classtype:trojan-activity;sid:84402752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539650)"; flow:established,from_client; content:"GET"; http_method; content:"/h2.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539650/; classtype:trojan-activity;sid:84402750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539649)"; flow:established,from_client; content:"GET"; http_method; content:"/1.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539649/; classtype:trojan-activity;sid:84402749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539646)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539646/; classtype:trojan-activity;sid:84402746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539645)"; flow:established,from_client; content:"GET"; http_method; content:"/cpr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539645/; classtype:trojan-activity;sid:84402745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539644)"; flow:established,from_client; content:"GET"; http_method; content:"/ce.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539644/; classtype:trojan-activity;sid:84402744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539640)"; flow:established,from_client; content:"GET"; http_method; content:"/lf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539640/; classtype:trojan-activity;sid:84402740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539641)"; flow:established,from_client; content:"GET"; http_method; content:"/ws.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539641/; classtype:trojan-activity;sid:84402741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539642)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539642/; classtype:trojan-activity;sid:84402742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539639)"; flow:established,from_client; content:"GET"; http_method; content:"/sm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539639/; classtype:trojan-activity;sid:84402739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539635)"; flow:established,from_client; content:"GET"; http_method; content:"/f.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539635/; classtype:trojan-activity;sid:84402735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539636)"; flow:established,from_client; content:"GET"; http_method; content:"/se.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539636/; classtype:trojan-activity;sid:84402736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539627)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539627/; classtype:trojan-activity;sid:84402727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539629)"; flow:established,from_client; content:"GET"; http_method; content:"/p.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539629/; classtype:trojan-activity;sid:84402729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539630)"; flow:established,from_client; content:"GET"; http_method; content:"/kn.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539630/; classtype:trojan-activity;sid:84402730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539631)"; flow:established,from_client; content:"GET"; http_method; content:"/cp.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539631/; classtype:trojan-activity;sid:84402731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539633)"; flow:established,from_client; content:"GET"; http_method; content:"/vml.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539633/; classtype:trojan-activity;sid:84402733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539634)"; flow:established,from_client; content:"GET"; http_method; content:"/pg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539634/; classtype:trojan-activity;sid:84402734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539620)"; flow:established,from_client; content:"GET"; http_method; content:"/vb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539620/; classtype:trojan-activity;sid:84402720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539621)"; flow:established,from_client; content:"GET"; http_method; content:"/hb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539621/; classtype:trojan-activity;sid:84402721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539624)"; flow:established,from_client; content:"GET"; http_method; content:"/pg2.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539624/; classtype:trojan-activity;sid:84402724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539616)"; flow:established,from_client; content:"GET"; http_method; content:"/ae.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539616/; classtype:trojan-activity;sid:84402716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539617)"; flow:established,from_client; content:"GET"; http_method; content:"/unk.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539617/; classtype:trojan-activity;sid:84402717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539619)"; flow:established,from_client; content:"GET"; http_method; content:"/cf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539619/; classtype:trojan-activity;sid:84402719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539615)"; flow:established,from_client; content:"GET"; http_method; content:"/ci.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539615/; classtype:trojan-activity;sid:84402715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539614)"; flow:established,from_client; content:"GET"; http_method; content:"/wpf.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539614/; classtype:trojan-activity;sid:84402714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539606)"; flow:established,from_client; content:"GET"; http_method; content:"/tr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539606/; classtype:trojan-activity;sid:84402706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539608)"; flow:established,from_client; content:"GET"; http_method; content:"/an.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539608/; classtype:trojan-activity;sid:84402708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539610)"; flow:established,from_client; content:"GET"; http_method; content:"/j.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539610/; classtype:trojan-activity;sid:84402710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539611)"; flow:established,from_client; content:"GET"; http_method; content:"/mo.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539611/; classtype:trojan-activity;sid:84402711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539612)"; flow:established,from_client; content:"GET"; http_method; content:"/mi.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539612/; classtype:trojan-activity;sid:84402712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539613)"; flow:established,from_client; content:"GET"; http_method; content:"/bg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539613/; classtype:trojan-activity;sid:84402713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539589)"; flow:established,from_client; content:"GET"; http_method; content:"/gi.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539589/; classtype:trojan-activity;sid:84402689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539590)"; flow:established,from_client; content:"GET"; http_method; content:"/ku.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539590/; classtype:trojan-activity;sid:84402690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539593)"; flow:established,from_client; content:"GET"; http_method; content:"/lr.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539593/; classtype:trojan-activity;sid:84402693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539595)"; flow:established,from_client; content:"GET"; http_method; content:"/sp.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539595/; classtype:trojan-activity;sid:84402695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539597)"; flow:established,from_client; content:"GET"; http_method; content:"/acb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539597/; classtype:trojan-activity;sid:84402697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539599)"; flow:established,from_client; content:"GET"; http_method; content:"/ni.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539599/; classtype:trojan-activity;sid:84402699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539602)"; flow:established,from_client; content:"GET"; http_method; content:"/gl.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539602/; classtype:trojan-activity;sid:84402702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539603)"; flow:established,from_client; content:"GET"; http_method; content:"/tm.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539603/; classtype:trojan-activity;sid:84402703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539604)"; flow:established,from_client; content:"GET"; http_method; content:"/do.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539604/; classtype:trojan-activity;sid:84402704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539578)"; flow:established,from_client; content:"GET"; http_method; content:"/wb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539578/; classtype:trojan-activity;sid:84402678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539579)"; flow:established,from_client; content:"GET"; http_method; content:"/tc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539579/; classtype:trojan-activity;sid:84402679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539580)"; flow:established,from_client; content:"GET"; http_method; content:"/mt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539580/; classtype:trojan-activity;sid:84402680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539581)"; flow:established,from_client; content:"GET"; http_method; content:"/sup.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539581/; classtype:trojan-activity;sid:84402681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539583)"; flow:established,from_client; content:"GET"; http_method; content:"/md.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539583/; classtype:trojan-activity;sid:84402683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539584)"; flow:established,from_client; content:"GET"; http_method; content:"/py.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539584/; classtype:trojan-activity;sid:84402684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539585)"; flow:established,from_client; content:"GET"; http_method; content:"/spr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539585/; classtype:trojan-activity;sid:84402685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539586)"; flow:established,from_client; content:"GET"; http_method; content:"/st.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539586/; classtype:trojan-activity;sid:84402686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539587)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539587/; classtype:trojan-activity;sid:84402687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539588)"; flow:established,from_client; content:"GET"; http_method; content:"/pa.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539588/; classtype:trojan-activity;sid:84402688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539576)"; flow:established,from_client; content:"GET"; http_method; content:"/m.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539576/; classtype:trojan-activity;sid:84402676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539575)"; flow:established,from_client; content:"GET"; http_method; content:"/rv.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539575/; classtype:trojan-activity;sid:84402675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539574)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539574/; classtype:trojan-activity;sid:84402674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539571)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539571/; classtype:trojan-activity;sid:84402671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539572)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539572/; classtype:trojan-activity;sid:84402672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539573)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing_aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539573/; classtype:trojan-activity;sid:84402673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539569)"; flow:established,from_client; content:"GET"; http_method; content:"/for"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539569/; classtype:trojan-activity;sid:84402669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539570)"; flow:established,from_client; content:"GET"; http_method; content:"/libsystem.so"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539570/; classtype:trojan-activity;sid:84402670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539568)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539568/; classtype:trojan-activity;sid:84402668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539471)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539471/; classtype:trojan-activity;sid:84402571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539354)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.218.225.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539354/; classtype:trojan-activity;sid:84402454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539028)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3539028/; classtype:trojan-activity;sid:84402128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538764)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538764/; classtype:trojan-activity;sid:84401864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538761)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538761/; classtype:trojan-activity;sid:84401861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538754/; classtype:trojan-activity;sid:84401854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538755/; classtype:trojan-activity;sid:84401855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538747/; classtype:trojan-activity;sid:84401847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538744)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538744/; classtype:trojan-activity;sid:84401844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538737)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538737/; classtype:trojan-activity;sid:84401837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538670/; classtype:trojan-activity;sid:84401770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537744)"; flow:established,from_client; content:"GET"; http_method; content:"/dfffrf/dfdf/downloads/notificaci%c3%b3n_demanda_virtual_juzgado_09_de_circuito_de_bogot%c3%a1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537744/; classtype:trojan-activity;sid:84400844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537710)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wex.gif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"stonecradle.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537710/; classtype:trojan-activity;sid:84400810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537561)"; flow:established,from_client; content:"GET"; http_method; content:"/sansebas/sdsd/downloads/01citaci%c3%b3n_personal_demanda_virtual_juzgado_penal_de_circuito_de.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537561/; classtype:trojan-activity;sid:84400661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536070)"; flow:established,from_client; content:"GET"; http_method; content:"/dl202"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536070/; classtype:trojan-activity;sid:84399170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.182.123.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536025/; classtype:trojan-activity;sid:84399125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535453)"; flow:established,from_client; content:"GET"; http_method; content:"/4492/e569abd317d7e5f7a39d4af364fe6376/sorandaru2015.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_05; reference:url, urlhaus.abuse.ch/url/3535453/; classtype:trojan-activity;sid:84398553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_05; reference:url, urlhaus.abuse.ch/url/3535256/; classtype:trojan-activity;sid:84398356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534886/; classtype:trojan-activity;sid:84397986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534877)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.119.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534877/; classtype:trojan-activity;sid:84397977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.249.142.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534191/; classtype:trojan-activity;sid:84397291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.96.44.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3534104/; classtype:trojan-activity;sid:84397204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533582)"; flow:established,from_client; content:"GET"; http_method; content:"/kokotpycauholica/ultraundetecteddrv/refs/heads/main/hbvtmbp46iieehp1.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533582/; classtype:trojan-activity;sid:84396682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532985)"; flow:established,from_client; content:"GET"; http_method; content:"/dl201"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532985/; classtype:trojan-activity;sid:84396085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532849/; classtype:trojan-activity;sid:84395949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.76.101.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532833/; classtype:trojan-activity;sid:84395933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532827)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532827/; classtype:trojan-activity;sid:84395927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532726)"; flow:established,from_client; content:"GET"; http_method; content:"/2294/7a43bb4cf6c57229b02a9604a1f4614e/skidmore1966.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532726/; classtype:trojan-activity;sid:84395826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532282)"; flow:established,from_client; content:"GET"; http_method; content:"/dl200"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532282/; classtype:trojan-activity;sid:84395382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.203.88.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531994/; classtype:trojan-activity;sid:84395094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.255.22.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531972/; classtype:trojan-activity;sid:84395072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531643)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.188.92.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531643/; classtype:trojan-activity;sid:84394743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531576)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.210.178.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531576/; classtype:trojan-activity;sid:84394676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531323)"; flow:established,from_client; content:"GET"; http_method; content:"/zc3.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.234.66.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531323/; classtype:trojan-activity;sid:84394423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531322)"; flow:established,from_client; content:"GET"; http_method; content:"/zal.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.234.66.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531322/; classtype:trojan-activity;sid:84394422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.12.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531095/; classtype:trojan-activity;sid:84394195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.40.178.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530888/; classtype:trojan-activity;sid:84393988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530868/; classtype:trojan-activity;sid:84393968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530870)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530870/; classtype:trojan-activity;sid:84393970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530776)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"4393eb8c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530776/; classtype:trojan-activity;sid:84393876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530262)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.153.97.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530262/; classtype:trojan-activity;sid:84393362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530250/; classtype:trojan-activity;sid:84393350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.124.228.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530244/; classtype:trojan-activity;sid:84393344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530168)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530168/; classtype:trojan-activity;sid:84393268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530015)"; flow:established,from_client; content:"GET"; http_method; content:"/pocz/new_image.jpg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"glaustralia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530015/; classtype:trojan-activity;sid:84393115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529937)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"157.255.22.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529937/; classtype:trojan-activity;sid:84393037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.12.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529934/; classtype:trojan-activity;sid:84393034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529933)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.156.8.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529933/; classtype:trojan-activity;sid:84393033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.21.252.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529929/; classtype:trojan-activity;sid:84393029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529922)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529922/; classtype:trojan-activity;sid:84393022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529912)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.1.37"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529912/; classtype:trojan-activity;sid:84393012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.76.101.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529907/; classtype:trojan-activity;sid:84393007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.81.58.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529908/; classtype:trojan-activity;sid:84393008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529891)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.58.146.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529891/; classtype:trojan-activity;sid:84392991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529895)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.252.11.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529895/; classtype:trojan-activity;sid:84392995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528280)"; flow:established,from_client; content:"GET"; http_method; content:"/mir1ce/hawkeye/releases/download/v0319/hawkeye.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528280/; classtype:trojan-activity;sid:84391380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528279)"; flow:established,from_client; content:"GET"; http_method; content:"/yarahq/yara-forge/releases/latest/download/yara-forge-rules-core.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528279/; classtype:trojan-activity;sid:84391379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528277)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.6.1/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528277/; classtype:trojan-activity;sid:84391377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528179)"; flow:established,from_client; content:"GET"; http_method; content:"/peizhi/yh02/csr.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"218.93.208.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528179/; classtype:trojan-activity;sid:84391279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528171)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831362/alpha.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528171/; classtype:trojan-activity;sid:84391271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528170)"; flow:established,from_client; content:"GET"; http_method; content:"/decalage2/oletools/releases/download/v0.60.2/oletools-0.60.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528170/; classtype:trojan-activity;sid:84391270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528165)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831288/crack.nurik.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528165/; classtype:trojan-activity;sid:84391265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528162)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831450/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528162/; classtype:trojan-activity;sid:84391262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19835739/solarus.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528154/; classtype:trojan-activity;sid:84391254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528128)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc5wezxc/new/main/dllbase64reverse.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528128/; classtype:trojan-activity;sid:84391228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528127)"; flow:established,from_client; content:"GET"; http_method; content:"/androidmalware/android_hid/f25d0234cff288ab8384689685e37b1b4bbaf2ba/test.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528127/; classtype:trojan-activity;sid:84391227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528108)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeyadece/v-f/releases/download/1.4.2/vector-fixer-v1.4.2.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528108/; classtype:trojan-activity;sid:84391208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528105)"; flow:established,from_client; content:"GET"; http_method; content:"/ui.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"public.demo.securecloudsandbox.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528105/; classtype:trojan-activity;sid:84391205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528107)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-gif/releases/download/v1.1.0/darts-gif.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528107/; classtype:trojan-activity;sid:84391207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528101)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-wled/releases/download/v1.8.1/darts-wled.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528101/; classtype:trojan-activity;sid:84391201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528097)"; flow:established,from_client; content:"GET"; http_method; content:"/harelba/q/releases/download/2.0.19/q-amd64-windows.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528097/; classtype:trojan-activity;sid:84391197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528098)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528098/; classtype:trojan-activity;sid:84391198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.36.124.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527875/; classtype:trojan-activity;sid:84390975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527856)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.36.11.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527856/; classtype:trojan-activity;sid:84390956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526930)"; flow:established,from_client; content:"GET"; http_method; content:"/verify-sec"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"msoftdatastore.z22.web.core.windows.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526930/; classtype:trojan-activity;sid:84390030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.228.12.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526868/; classtype:trojan-activity;sid:84389968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526832/; classtype:trojan-activity;sid:84389932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525788)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.124.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525788/; classtype:trojan-activity;sid:84388888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525743)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.57.166.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525743/; classtype:trojan-activity;sid:84388843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525738)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.176.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525738/; classtype:trojan-activity;sid:84388838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525728)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.240.130.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525728/; classtype:trojan-activity;sid:84388828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525710)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"149.241.40.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525710/; classtype:trojan-activity;sid:84388810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525238)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.41.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525238/; classtype:trojan-activity;sid:84388338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525074)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.101.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525074/; classtype:trojan-activity;sid:84388174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525009)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525009/; classtype:trojan-activity;sid:84388109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525013/; classtype:trojan-activity;sid:84388113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525021)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.203.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525021/; classtype:trojan-activity;sid:84388121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524811)"; flow:established,from_client; content:"GET"; http_method; content:"/vaxilu/x-ui/releases/latest/download/x-ui-linux-amd64.tar.gz"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524811/; classtype:trojan-activity;sid:84387911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524808)"; flow:established,from_client; content:"GET"; http_method; content:"/teddysun/across/raw/master/bbr.sh"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524808/; classtype:trojan-activity;sid:84387908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524506)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ccjlbddgjhpeeff1b1hfkgp3x16c_tj1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524506/; classtype:trojan-activity;sid:84387606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524454)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bpc5z-hv6kosk6artkfmbtsnnwwpdghy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524454/; classtype:trojan-activity;sid:84387554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.219.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523645/; classtype:trojan-activity;sid:84386745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.47.243.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523621/; classtype:trojan-activity;sid:84386721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522943)"; flow:established,from_client; content:"GET"; http_method; content:"/oto"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522943/; classtype:trojan-activity;sid:84386043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522871/; classtype:trojan-activity;sid:84385971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522687)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ltrdqlgcl6smoqujfs1pb2ernzhsbydh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522687/; classtype:trojan-activity;sid:84385787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522201)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/main/ud.bat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522201/; classtype:trojan-activity;sid:84385301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522159)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.243.36.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522159/; classtype:trojan-activity;sid:84385259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521407/; classtype:trojan-activity;sid:84384507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521377/; classtype:trojan-activity;sid:84384477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521382/; classtype:trojan-activity;sid:84384482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521372)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521372/; classtype:trojan-activity;sid:84384472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521360/; classtype:trojan-activity;sid:84384460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521316)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521316/; classtype:trojan-activity;sid:84384416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521312)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521312/; classtype:trojan-activity;sid:84384412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.73.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520923/; classtype:trojan-activity;sid:84384023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520366)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-x64.tar.gz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520366/; classtype:trojan-activity;sid:84383466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520081)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.43.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520081/; classtype:trojan-activity;sid:84383181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520073)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.63.168.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520073/; classtype:trojan-activity;sid:84383173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520075)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"122.55.206.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520075/; classtype:trojan-activity;sid:84383175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.116.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519608/; classtype:trojan-activity;sid:84382708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.50.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519563/; classtype:trojan-activity;sid:84382663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519542)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/game.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519542/; classtype:trojan-activity;sid:84382642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519540)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519540/; classtype:trojan-activity;sid:84382640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519529)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519529/; classtype:trojan-activity;sid:84382629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519525)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_image_free.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519525/; classtype:trojan-activity;sid:84382625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519523)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest10.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519523/; classtype:trojan-activity;sid:84382623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519518)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519518/; classtype:trojan-activity;sid:84382618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519521)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest14.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519521/; classtype:trojan-activity;sid:84382621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519514)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest12.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519514/; classtype:trojan-activity;sid:84382614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519515)"; flow:established,from_client; content:"GET"; http_method; content:"/test4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519515/; classtype:trojan-activity;sid:84382615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519513)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu832.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519513/; classtype:trojan-activity;sid:84382613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519503)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/autoupdate.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"jxhuyhoang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519503/; classtype:trojan-activity;sid:84382603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519491)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"openaigrok.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519491/; classtype:trojan-activity;sid:84382591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519493)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest24.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519493/; classtype:trojan-activity;sid:84382593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519485)"; flow:established,from_client; content:"GET"; http_method; content:"/versions/gestioniccv20.21.8.51/gestionicc.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"icoffeecloud.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519485/; classtype:trojan-activity;sid:84382585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519478)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"innaflux.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519478/; classtype:trojan-activity;sid:84382578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519469)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"60aaf9c6.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519469/; classtype:trojan-activity;sid:84382569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519467)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_map_free.dll"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519467/; classtype:trojan-activity;sid:84382567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519461)"; flow:established,from_client; content:"GET"; http_method; content:"/fv/v1_3_8.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.46.142.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519461/; classtype:trojan-activity;sid:84382561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519464)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/sm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519464/; classtype:trojan-activity;sid:84382564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519458)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest38.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519458/; classtype:trojan-activity;sid:84382558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519459)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/giftorder.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519459/; classtype:trojan-activity;sid:84382559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519454)"; flow:established,from_client; content:"GET"; http_method; content:"/testpte2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519454/; classtype:trojan-activity;sid:84382554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519449)"; flow:established,from_client; content:"GET"; http_method; content:"/testwindow.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519449/; classtype:trojan-activity;sid:84382549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519446)"; flow:established,from_client; content:"GET"; http_method; content:"/newchaisupon/vendor/bin/psysh.bat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"99194034-96-20180108171507.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519446/; classtype:trojan-activity;sid:84382546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519443)"; flow:established,from_client; content:"GET"; http_method; content:"/sa0611/systemsa32.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519443/; classtype:trojan-activity;sid:84382543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519430)"; flow:established,from_client; content:"GET"; http_method; content:"/test6.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519430/; classtype:trojan-activity;sid:84382530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519432)"; flow:established,from_client; content:"GET"; http_method; content:"/msedge.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c9791c08-f1e4-4402-9510-d04c13c50ea3.selstorage.ru"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519432/; classtype:trojan-activity;sid:84382532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519429)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pubdata/hpsocket4c.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519429/; classtype:trojan-activity;sid:84382529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519425)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest31.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519425/; classtype:trojan-activity;sid:84382525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519420)"; flow:established,from_client; content:"GET"; http_method; content:"/testdumpall.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519420/; classtype:trojan-activity;sid:84382520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519421)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest11.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519421/; classtype:trojan-activity;sid:84382521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519419)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519419/; classtype:trojan-activity;sid:84382519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519416)"; flow:established,from_client; content:"GET"; http_method; content:"/filea.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519416/; classtype:trojan-activity;sid:84382516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519415)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c3436037.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519415/; classtype:trojan-activity;sid:84382515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519410)"; flow:established,from_client; content:"GET"; http_method; content:"/testpte.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519410/; classtype:trojan-activity;sid:84382510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519408)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519408/; classtype:trojan-activity;sid:84382508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519392)"; flow:established,from_client; content:"GET"; http_method; content:"/media/video_file/round_setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519392/; classtype:trojan-activity;sid:84382492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519380)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest36.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519380/; classtype:trojan-activity;sid:84382480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519378)"; flow:established,from_client; content:"GET"; http_method; content:"/test5.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519378/; classtype:trojan-activity;sid:84382478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519368)"; flow:established,from_client; content:"GET"; http_method; content:"/r0400/yahoodll.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519368/; classtype:trojan-activity;sid:84382468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519369)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519369/; classtype:trojan-activity;sid:84382469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519354)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/addmefast%20bot.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519354/; classtype:trojan-activity;sid:84382454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519356)"; flow:established,from_client; content:"GET"; http_method; content:"/nircmd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-0478b308b8cf46709a73d0eed5afd633.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519356/; classtype:trojan-activity;sid:84382456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519346)"; flow:established,from_client; content:"GET"; http_method; content:"/test7.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519346/; classtype:trojan-activity;sid:84382446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519347)"; flow:established,from_client; content:"GET"; http_method; content:"/test8.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519347/; classtype:trojan-activity;sid:84382447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519348)"; flow:established,from_client; content:"GET"; http_method; content:"/test1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519348/; classtype:trojan-activity;sid:84382448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519349)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest35.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519349/; classtype:trojan-activity;sid:84382449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519092)"; flow:established,from_client; content:"GET"; http_method; content:"/pst.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"o24o.ru"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519092/; classtype:trojan-activity;sid:84382192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519084)"; flow:established,from_client; content:"GET"; http_method; content:"/airportbeta/files/foam.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"neirong.funshion.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519084/; classtype:trojan-activity;sid:84382184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519066)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519066/; classtype:trojan-activity;sid:84382166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519063)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519063/; classtype:trojan-activity;sid:84382163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519036)"; flow:established,from_client; content:"GET"; http_method; content:"/tiansys(xp%e4%b8%93%e7%94%a8).exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"fz.tiansys.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519036/; classtype:trojan-activity;sid:84382136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519035)"; flow:established,from_client; content:"GET"; http_method; content:"/disbalancer-project/main/releases/latest/download/disbalancer-go-client-windows-386.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519035/; classtype:trojan-activity;sid:84382135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519032)"; flow:established,from_client; content:"GET"; http_method; content:"/game/ysjyx880.exe|3f|tk=ujyxmzylvzn3utywumy0qwomddmyytozqwo1gdo0qdn852b812bj5cm2mtaopxaixhn1idnzcjm5ytm"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"52mj.susuwei.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519032/; classtype:trojan-activity;sid:84382132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519030)"; flow:established,from_client; content:"GET"; http_method; content:"/images/tp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"42.194.150.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519030/; classtype:trojan-activity;sid:84382130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519028)"; flow:established,from_client; content:"GET"; http_method; content:"/uniondown/haozip_tiny.201805.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519028/; classtype:trojan-activity;sid:84382128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519029)"; flow:established,from_client; content:"GET"; http_method; content:"/client/update.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.91.133.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519029/; classtype:trojan-activity;sid:84382129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519027)"; flow:established,from_client; content:"GET"; http_method; content:"/cosmicdevv/icarus-lite/releases/download/v1.1.13/icaruslite-v1.1.13-win.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519027/; classtype:trojan-activity;sid:84382127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519025)"; flow:established,from_client; content:"GET"; http_method; content:"/sebaxakerhtc/rdpwrap/releases/download/v1.8.9.9/rdpw_installer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519025/; classtype:trojan-activity;sid:84382125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519026)"; flow:established,from_client; content:"GET"; http_method; content:"/dax009yt/chilledwindows-gui/releases/download/1.0/chilledwindows.gui.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519026/; classtype:trojan-activity;sid:84382126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519019)"; flow:established,from_client; content:"GET"; http_method; content:"/jackson2323/mohradiant/blob/master/updt.exe|3f|raw=true"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519019/; classtype:trojan-activity;sid:84382119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519020)"; flow:established,from_client; content:"GET"; http_method; content:"/down/pkexu0ytxar3.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"115.159.149.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519020/; classtype:trojan-activity;sid:84382120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519021)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/public_file/relogintool.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.238.238.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519021/; classtype:trojan-activity;sid:84382121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519016)"; flow:established,from_client; content:"GET"; http_method; content:"/bol-van/zapret/releases/download/v70.6/zapret-v70.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519016/; classtype:trojan-activity;sid:84382116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519012)"; flow:established,from_client; content:"GET"; http_method; content:"/boyo3473/irack/releases/download/idk/load.driver.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519012/; classtype:trojan-activity;sid:84382112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518999)"; flow:established,from_client; content:"GET"; http_method; content:"/2590057.s21d-2.faiusrd.com/0/abuiabblgaagytxhtauo1pck0ge.exe|3f|f=ghost%e7%bd%91%e5%85%8b%e9%9a%86%e6%a3%80%e6%b5%8b%e5%b7%a5%e5%85%b7.exe|7c|26|7c|v=1452829385|7c|26|7c|wsiphost=local|7c|26|7c|wsrid_tag=61c52eb2_psmgzjgord1de87_17635-16713"; http_uri; depth:241; isdataat:!1,relative; nocase; content:"157.185.170.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518999/; classtype:trojan-activity;sid:84382099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519000)"; flow:established,from_client; content:"GET"; http_method; content:"/vexcentry/vex/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519000/; classtype:trojan-activity;sid:84382100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518861)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518861/; classtype:trojan-activity;sid:84381961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518860)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518860/; classtype:trojan-activity;sid:84381960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.39.181.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_19; reference:url, urlhaus.abuse.ch/url/3518308/; classtype:trojan-activity;sid:84381408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517053)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517053/; classtype:trojan-activity;sid:84380153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517040)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517040/; classtype:trojan-activity;sid:84380140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516658)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516658/; classtype:trojan-activity;sid:84379758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.219.49.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516584/; classtype:trojan-activity;sid:84379684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516107)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516107/; classtype:trojan-activity;sid:84379207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516004)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.96.89.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516004/; classtype:trojan-activity;sid:84379104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515982)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.163.81.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515982/; classtype:trojan-activity;sid:84379082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515966)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.21.172.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515966/; classtype:trojan-activity;sid:84379066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515947)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.28.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515947/; classtype:trojan-activity;sid:84379047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515937)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.28.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515937/; classtype:trojan-activity;sid:84379037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515938)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.254.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515938/; classtype:trojan-activity;sid:84379038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515929)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.74.209.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515929/; classtype:trojan-activity;sid:84379029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515908)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.155.195.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515908/; classtype:trojan-activity;sid:84379008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514570)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hrp9lnasbplclnhppp1abwb1uwv4kdvs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514570/; classtype:trojan-activity;sid:84377670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514528)"; flow:established,from_client; content:"GET"; http_method; content:"/asdfghjkl/frp.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"66.187.4.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514528/; classtype:trojan-activity;sid:84377628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514066)"; flow:established,from_client; content:"GET"; http_method; content:"/nkminash/my-codd/raw/896d806a9b4569c9c3a275f200ebe7d2ecec5702/snd16061.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514066/; classtype:trojan-activity;sid:84377166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"192.159.99.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513248/; classtype:trojan-activity;sid:84376348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"45.88.186.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513251/; classtype:trojan-activity;sid:84376351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"45.94.31.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513186/; classtype:trojan-activity;sid:84376286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"194.26.192.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513183/; classtype:trojan-activity;sid:84376283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3512004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.200.12.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_15; reference:url, urlhaus.abuse.ch/url/3512004/; classtype:trojan-activity;sid:84375104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.242.103.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_15; reference:url, urlhaus.abuse.ch/url/3511995/; classtype:trojan-activity;sid:84375095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511783)"; flow:established,from_client; content:"GET"; http_method; content:"/ghdsdcbn124.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.khavar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_15; reference:url, urlhaus.abuse.ch/url/3511783/; classtype:trojan-activity;sid:84374883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511286)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.91.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3511286/; classtype:trojan-activity;sid:84374386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510901)"; flow:established,from_client; content:"GET"; http_method; content:"/dl16"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510901/; classtype:trojan-activity;sid:84374001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510727)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510727/; classtype:trojan-activity;sid:84373827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510725)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510725/; classtype:trojan-activity;sid:84373825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510721)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510721/; classtype:trojan-activity;sid:84373821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510723)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510723/; classtype:trojan-activity;sid:84373823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510718)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510718/; classtype:trojan-activity;sid:84373818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510712)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510712/; classtype:trojan-activity;sid:84373812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510713)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510713/; classtype:trojan-activity;sid:84373813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510715)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510715/; classtype:trojan-activity;sid:84373815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509907)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmounben/lc/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509907/; classtype:trojan-activity;sid:84373007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509904)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/refs/heads/main/cloudy.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509904/; classtype:trojan-activity;sid:84373004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509901)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/raw/refs/heads/main/cloudy.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509901/; classtype:trojan-activity;sid:84373001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509872)"; flow:established,from_client; content:"GET"; http_method; content:"/niggedddx/dependenciuesfeife/raw/refs/heads/main/bruterv3.1.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509872/; classtype:trojan-activity;sid:84372972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nnnpanel.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509591/; classtype:trojan-activity;sid:84372691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxprotectech.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509583/; classtype:trojan-activity;sid:84372683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardwave.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509585/; classtype:trojan-activity;sid:84372685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxshieldcore.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509586/; classtype:trojan-activity;sid:84372686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcryptorix.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509588/; classtype:trojan-activity;sid:84372688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxarmorcrypt.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509589/; classtype:trojan-activity;sid:84372689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardify.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509590/; classtype:trojan-activity;sid:84372690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcyberedge.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509574/; classtype:trojan-activity;sid:84372674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3508860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.70.59.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_12; reference:url, urlhaus.abuse.ch/url/3508860/; classtype:trojan-activity;sid:84371960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507474)"; flow:established,from_client; content:"GET"; http_method; content:"/kibnakamoto/mimikatz/main/mimikatz.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507474/; classtype:trojan-activity;sid:84370574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507456/; classtype:trojan-activity;sid:84370556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507452)"; flow:established,from_client; content:"GET"; http_method; content:"/misterlobster22/mimik/blob/main/mimikatz.exe|3f|raw=true"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507452/; classtype:trojan-activity;sid:84370552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506392)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s86.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506392/; classtype:trojan-activity;sid:84369492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506391)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s64.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506391/; classtype:trojan-activity;sid:84369491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506386)"; flow:established,from_client; content:"GET"; http_method; content:"/mosseve/reverbed/releases/download/3.8.8/reverbed.v3.8.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506386/; classtype:trojan-activity;sid:84369486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506346)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kcbhxhjt-bdxszgxt1nfnzdt5hpvkwk4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506346/; classtype:trojan-activity;sid:84369446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1muftth-5lscdi3ovd5vn7sjkeit2h9k1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505672/; classtype:trojan-activity;sid:84368772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505506)"; flow:established,from_client; content:"GET"; http_method; content:"/makeewyk.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505506/; classtype:trojan-activity;sid:84368606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505504)"; flow:established,from_client; content:"GET"; http_method; content:"/uulyorik.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505504/; classtype:trojan-activity;sid:84368604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505502)"; flow:established,from_client; content:"GET"; http_method; content:"/pmlqrjin.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505502/; classtype:trojan-activity;sid:84368602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505422)"; flow:established,from_client; content:"GET"; http_method; content:"/jaime00marulanda/yt-audio-api/releases/download/v2.6.9/yt-audio-api_v2.6.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505422/; classtype:trojan-activity;sid:84368522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505418)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/helloswaps/releases/download/v2.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505418/; classtype:trojan-activity;sid:84368518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505393)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/react-material/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505393/; classtype:trojan-activity;sid:84368493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505394)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/ticker-ai-with-tailwind-css/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505394/; classtype:trojan-activity;sid:84368494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505395)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/react-material/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505395/; classtype:trojan-activity;sid:84368495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505396)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/docs/releases/download/v2.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505396/; classtype:trojan-activity;sid:84368496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505397)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/simple-todo-list/releases/download/v2.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505397/; classtype:trojan-activity;sid:84368497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505398)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/governingdocs/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505398/; classtype:trojan-activity;sid:84368498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505399)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creatives-for-you/releases/download/v2.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505399/; classtype:trojan-activity;sid:84368499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505400)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/basic-js-problem-solving/releases/download/v1.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505400/; classtype:trojan-activity;sid:84368500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505401)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/governingdocs/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505401/; classtype:trojan-activity;sid:84368501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505402)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/ticker-ai-with-tailwind-css/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505402/; classtype:trojan-activity;sid:84368502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505404)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/kiekefotografie/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505404/; classtype:trojan-activity;sid:84368504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505405)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/kiekefotografie/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505405/; classtype:trojan-activity;sid:84368505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505406)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/docs/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505406/; classtype:trojan-activity;sid:84368506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505407)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/helloswaps/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505407/; classtype:trojan-activity;sid:84368507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505408)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/mastercard-ui/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505408/; classtype:trojan-activity;sid:84368508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505409)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/wizia/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505409/; classtype:trojan-activity;sid:84368509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505410)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/profile-card/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505410/; classtype:trojan-activity;sid:84368510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505411)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creative-for-you/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505411/; classtype:trojan-activity;sid:84368511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505412)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/mastercard-ui/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505412/; classtype:trojan-activity;sid:84368512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505414)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creatives-for-you/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505414/; classtype:trojan-activity;sid:84368514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505416)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/simple-todo-list/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505416/; classtype:trojan-activity;sid:84368516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505417)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/basic-js-problem-solving/releases/download/v2.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505417/; classtype:trojan-activity;sid:84368517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505384)"; flow:established,from_client; content:"GET"; http_method; content:"/klhhrx/reel-rec/releases/download/v2.0/release_x64.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505384/; classtype:trojan-activity;sid:84368484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505385)"; flow:established,from_client; content:"GET"; http_method; content:"/andremedina15/reel-rec/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505385/; classtype:trojan-activity;sid:84368485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505376)"; flow:established,from_client; content:"GET"; http_method; content:"/andremedina15/reel-rec/releases/download/v2.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505376/; classtype:trojan-activity;sid:84368476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505377)"; flow:established,from_client; content:"GET"; http_method; content:"/electrichermit/vegas-pro-version/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505377/; classtype:trojan-activity;sid:84368477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505378)"; flow:established,from_client; content:"GET"; http_method; content:"/7777suprim/expo-rsc-movies/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505378/; classtype:trojan-activity;sid:84368478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505382)"; flow:established,from_client; content:"GET"; http_method; content:"/ergin3432432/movie-mates/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505382/; classtype:trojan-activity;sid:84368482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505342)"; flow:established,from_client; content:"GET"; http_method; content:"/quyw/microphonefixer/releases/download/v3.0.8-beta.4/microphonefixer.v3.0.8-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505342/; classtype:trojan-activity;sid:84368442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505336)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/youtube_playlist_downloader/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505336/; classtype:trojan-activity;sid:84368436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505334)"; flow:established,from_client; content:"GET"; http_method; content:"/yumyumdonuts/free-youtube-to-mp3-converter-free/releases/download/1.1.2/freeyoutubetomp3converterfree-1.1.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505334/; classtype:trojan-activity;sid:84368434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505326)"; flow:established,from_client; content:"GET"; http_method; content:"/vnnha/ytd-youtube-downloader-download/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505326/; classtype:trojan-activity;sid:84368426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505327)"; flow:established,from_client; content:"GET"; http_method; content:"/lbngrg/social-media-downloader/releases/download/glassful/social-media-downloader-glassful"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505327/; classtype:trojan-activity;sid:84368427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505328)"; flow:established,from_client; content:"GET"; http_method; content:"/vignesh5229/yt-blaze/releases/download/1.9.1-beta.4/yt-blaze-1.9.1-beta.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505328/; classtype:trojan-activity;sid:84368428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505329)"; flow:established,from_client; content:"GET"; http_method; content:"/vnnha/ytd-youtube-downloader-download/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505329/; classtype:trojan-activity;sid:84368429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505313)"; flow:established,from_client; content:"GET"; http_method; content:"/nmattioni/upload/raw/refs/heads/master/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505313/; classtype:trojan-activity;sid:84368413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505307)"; flow:established,from_client; content:"GET"; http_method; content:"/anamesias580/upload/refs/heads/master/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505307/; classtype:trojan-activity;sid:84368407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505305)"; flow:established,from_client; content:"GET"; http_method; content:"/phanu85/upload/raw/refs/heads/master/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505305/; classtype:trojan-activity;sid:84368405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505304)"; flow:established,from_client; content:"GET"; http_method; content:"/pantay/upload/raw/refs/heads/master/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505304/; classtype:trojan-activity;sid:84368404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.88.186.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505108/; classtype:trojan-activity;sid:84368208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.94.31.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505097/; classtype:trojan-activity;sid:84368197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"194.26.192.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505073/; classtype:trojan-activity;sid:84368173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504870)"; flow:established,from_client; content:"GET"; http_method; content:"/public/upload/files/l.sh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"39.104.161.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3504870/; classtype:trojan-activity;sid:84367970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.238.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504713/; classtype:trojan-activity;sid:84367813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.106.42.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504708/; classtype:trojan-activity;sid:84367808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.227.177.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503671/; classtype:trojan-activity;sid:84366771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.17.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503657/; classtype:trojan-activity;sid:84366757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503409)"; flow:established,from_client; content:"GET"; http_method; content:"/tirtekeka/rat-client/zip/refs/heads/main"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503409/; classtype:trojan-activity;sid:84366509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503003)"; flow:established,from_client; content:"GET"; http_method; content:"/download/konsol.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"backupso.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3503003/; classtype:trojan-activity;sid:84366103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3502654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3502654/; classtype:trojan-activity;sid:84365754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.42.54.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501628/; classtype:trojan-activity;sid:84364728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.99.248.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501625/; classtype:trojan-activity;sid:84364725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501608)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"35.137.185.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501608/; classtype:trojan-activity;sid:84364708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500891)"; flow:established,from_client; content:"GET"; http_method; content:"/chin/ifjjmktge.mp3"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dcrun.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500891/; classtype:trojan-activity;sid:84363991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.185.1.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500747/; classtype:trojan-activity;sid:84363847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499996)"; flow:established,from_client; content:"GET"; http_method; content:"/bahaaaymen/chapito/releases/download/v3.3.6/stay.out.firewind.v1.8.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499996/; classtype:trojan-activity;sid:84363096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499995)"; flow:established,from_client; content:"GET"; http_method; content:"/sylvanogammer/apex-no-recoil/releases/download/v1.8.4-beta.4/apex-no-recoil-v1.8.4-beta.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499995/; classtype:trojan-activity;sid:84363095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499993)"; flow:established,from_client; content:"GET"; http_method; content:"/roniel8/apex-no-recoil/releases/download/v2.5.1-alpha.3/apex-no-recoil-v2-5-1-alpha-3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499993/; classtype:trojan-activity;sid:84363093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxironvault.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499800/; classtype:trojan-activity;sid:84362900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxphantomlock.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499801/; classtype:trojan-activity;sid:84362901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498482)"; flow:established,from_client; content:"GET"; http_method; content:"/juanbustoss/src/raw/refs/heads/master/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498482/; classtype:trojan-activity;sid:84361582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498084)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498084/; classtype:trojan-activity;sid:84361184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498082)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498082/; classtype:trojan-activity;sid:84361182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498069)"; flow:established,from_client; content:"GET"; http_method; content:"/unknownn89/hackinggpt/releases/download/1.8.9/hackinggpt-1.8.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498069/; classtype:trojan-activity;sid:84361169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498070)"; flow:established,from_client; content:"GET"; http_method; content:"/demonsofhe/onion-rings/releases/download/3.1.7/onion-rings-3.1.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498070/; classtype:trojan-activity;sid:84361170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498071)"; flow:established,from_client; content:"GET"; http_method; content:"/soulfly02/greentendo/releases/download/v1.1/soft.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498071/; classtype:trojan-activity;sid:84361171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498072)"; flow:established,from_client; content:"GET"; http_method; content:"/warisalishah/mytube/releases/download/v1.1/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498072/; classtype:trojan-activity;sid:84361172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498073)"; flow:established,from_client; content:"GET"; http_method; content:"/rippez/wordkeeper/releases/download/caseharden/release.caseharden.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498073/; classtype:trojan-activity;sid:84361173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498074)"; flow:established,from_client; content:"GET"; http_method; content:"/alesti19/driver-booster-pro-installer-2025/releases/download/3.5.4/driver-booster-pro-installer-2025-3.5.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498074/; classtype:trojan-activity;sid:84361174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498076)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498076/; classtype:trojan-activity;sid:84361176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498078)"; flow:established,from_client; content:"GET"; http_method; content:"/8e8bdba457c18cf692a95fe2ec67000b/vulkancooperativematrixattention/releases/download/v2.0/software.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498078/; classtype:trojan-activity;sid:84361178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498064)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerboy5916/booknotify/releases/download/v1.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498064/; classtype:trojan-activity;sid:84361164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498065)"; flow:established,from_client; content:"GET"; http_method; content:"/soup6792/silverblue-base-/releases/download/v1.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498065/; classtype:trojan-activity;sid:84361165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498066)"; flow:established,from_client; content:"GET"; http_method; content:"/madureira20/pixtrail/releases/download/3.3.3/pixtrail-3.3.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498066/; classtype:trojan-activity;sid:84361166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498067)"; flow:established,from_client; content:"GET"; http_method; content:"/frank698/localocr/releases/download/v2.3.3/localocr_v2.3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498067/; classtype:trojan-activity;sid:84361167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498055)"; flow:established,from_client; content:"GET"; http_method; content:"/unknownn89/hackinggpt/releases/download/crowned/hackinggpt-crowned.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498055/; classtype:trojan-activity;sid:84361155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498056)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.1/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498056/; classtype:trojan-activity;sid:84361156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498058)"; flow:established,from_client; content:"GET"; http_method; content:"/03juseroto/fitlog-progress-tracker-app/releases/download/v1.1/soft.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498058/; classtype:trojan-activity;sid:84361158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498044)"; flow:established,from_client; content:"GET"; http_method; content:"/soup6792/silverblue-base-/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498044/; classtype:trojan-activity;sid:84361144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498045)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v1.0/installer.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498045/; classtype:trojan-activity;sid:84361145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498047)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498047/; classtype:trojan-activity;sid:84361147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498050)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.2/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498050/; classtype:trojan-activity;sid:84361150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498052)"; flow:established,from_client; content:"GET"; http_method; content:"/soulfly02/greentendo/releases/download/v1.2/soft.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498052/; classtype:trojan-activity;sid:84361152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498053)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498053/; classtype:trojan-activity;sid:84361153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498054)"; flow:established,from_client; content:"GET"; http_method; content:"/nazaastore/abacus2api/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498054/; classtype:trojan-activity;sid:84361154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498029)"; flow:established,from_client; content:"GET"; http_method; content:"/03juseroto/fitlog-progress-tracker-app/releases/download/v1.2/soft.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498029/; classtype:trojan-activity;sid:84361129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498030)"; flow:established,from_client; content:"GET"; http_method; content:"/x4lex19o/vue3-crypto-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498030/; classtype:trojan-activity;sid:84361130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498031)"; flow:established,from_client; content:"GET"; http_method; content:"/clemmrobl/capture-one-pro-free/releases/download/1.1.2/capture-one-pro-free-1.1.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498031/; classtype:trojan-activity;sid:84361131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498032)"; flow:established,from_client; content:"GET"; http_method; content:"/computoki/e/releases/download/v1.0/software.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498032/; classtype:trojan-activity;sid:84361132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498033)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498033/; classtype:trojan-activity;sid:84361133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498034)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498034/; classtype:trojan-activity;sid:84361134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498035)"; flow:established,from_client; content:"GET"; http_method; content:"/lucianoolferxa98/solanaj/releases/download/1.9.4-alpha.2/solanaj-v1.9.4-alpha.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498035/; classtype:trojan-activity;sid:84361135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498038)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/php-library-system/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498038/; classtype:trojan-activity;sid:84361138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498040)"; flow:established,from_client; content:"GET"; http_method; content:"/warisalishah/mytube/releases/download/v1.2/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498040/; classtype:trojan-activity;sid:84361140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498041)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerboy5916/booknotify/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498041/; classtype:trojan-activity;sid:84361141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497914)"; flow:established,from_client; content:"GET"; http_method; content:"/pirlokipngeno/crackftp/releases/download/3.5.4/crackftp-3.5.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497914/; classtype:trojan-activity;sid:84361014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497910)"; flow:established,from_client; content:"GET"; http_method; content:"/tefa1234/wpcracker/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497910/; classtype:trojan-activity;sid:84361010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497906)"; flow:established,from_client; content:"GET"; http_method; content:"/tefa1234/wpcracker/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497906/; classtype:trojan-activity;sid:84361006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497898)"; flow:established,from_client; content:"GET"; http_method; content:"/slyge/yescrypt_crack/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497898/; classtype:trojan-activity;sid:84360998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497905)"; flow:established,from_client; content:"GET"; http_method; content:"/slyge/yescrypt_crack/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497905/; classtype:trojan-activity;sid:84361005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497893)"; flow:established,from_client; content:"GET"; http_method; content:"/agent-piss/stellar-data-recovery-pro-free/releases/download/v1.4.8/stellar.moonlight.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497893/; classtype:trojan-activity;sid:84360993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497894)"; flow:established,from_client; content:"GET"; http_method; content:"/ahiuit/keyword-researcher-pro-free/releases/download/3.8.9/keywordresearcherprofree-3.8.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497894/; classtype:trojan-activity;sid:84360994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497890)"; flow:established,from_client; content:"GET"; http_method; content:"/acemardri1/ashampoo-burning-studio-crack/releases/download/1.1.4/ashampoo.burning.bliss.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497890/; classtype:trojan-activity;sid:84360990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497878)"; flow:established,from_client; content:"GET"; http_method; content:"/zigaaaaaaaa/crackftp/releases/download/v3.4.5/release.v3.4.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497878/; classtype:trojan-activity;sid:84360978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497873)"; flow:established,from_client; content:"GET"; http_method; content:"/jewonsan/dvd-cloner_crack/releases/download/v3.3.4/dvd-cloner_crack_v3.3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497873/; classtype:trojan-activity;sid:84360973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497872)"; flow:established,from_client; content:"GET"; http_method; content:"/tisha466/stardock_groupy_crack/releases/download/1.7.2/release.1.7.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497872/; classtype:trojan-activity;sid:84360972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497826)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497826/; classtype:trojan-activity;sid:84360926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497822)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497822/; classtype:trojan-activity;sid:84360922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497823)"; flow:established,from_client; content:"GET"; http_method; content:"/unlimxts2/password-manager-intermediate/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497823/; classtype:trojan-activity;sid:84360923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497824)"; flow:established,from_client; content:"GET"; http_method; content:"/neverluckz/stack-back/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497824/; classtype:trojan-activity;sid:84360924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497825)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497825/; classtype:trojan-activity;sid:84360925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497820)"; flow:established,from_client; content:"GET"; http_method; content:"/luisdetre/cmv-stressor/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497820/; classtype:trojan-activity;sid:84360920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497817)"; flow:established,from_client; content:"GET"; http_method; content:"/alan7385/top-10-malware-detection-projects/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497817/; classtype:trojan-activity;sid:84360917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497818)"; flow:established,from_client; content:"GET"; http_method; content:"/luisdetre/cmv-stressor/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497818/; classtype:trojan-activity;sid:84360918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497819)"; flow:established,from_client; content:"GET"; http_method; content:"/alan7385/top-10-malware-detection-projects/releases/download/v1.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497819/; classtype:trojan-activity;sid:84360919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497808)"; flow:established,from_client; content:"GET"; http_method; content:"/0quvy/d-d-trading-program/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497808/; classtype:trojan-activity;sid:84360908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497809)"; flow:established,from_client; content:"GET"; http_method; content:"/jack69393/vuldb-api-golang-examples/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497809/; classtype:trojan-activity;sid:84360909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497811)"; flow:established,from_client; content:"GET"; http_method; content:"/jack69393/vuldb-api-golang-examples/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497811/; classtype:trojan-activity;sid:84360911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497806)"; flow:established,from_client; content:"GET"; http_method; content:"/dragon271320/test-audit/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497806/; classtype:trojan-activity;sid:84360906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497805)"; flow:established,from_client; content:"GET"; http_method; content:"/ffxjevefi/nix-system-services-hardened/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497805/; classtype:trojan-activity;sid:84360905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497798)"; flow:established,from_client; content:"GET"; http_method; content:"/wolladand120/wireless-protect_service_version/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497798/; classtype:trojan-activity;sid:84360898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497797)"; flow:established,from_client; content:"GET"; http_method; content:"/supreme-snaze/permutations/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497797/; classtype:trojan-activity;sid:84360897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497794)"; flow:established,from_client; content:"GET"; http_method; content:"/rip257/dotnet-sdk/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497794/; classtype:trojan-activity;sid:84360894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497791)"; flow:established,from_client; content:"GET"; http_method; content:"/rip257/dotnet-sdk/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497791/; classtype:trojan-activity;sid:84360891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497790)"; flow:established,from_client; content:"GET"; http_method; content:"/wolladand120/wireless-protect_service_version/releases/download/v1.0/soft.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497790/; classtype:trojan-activity;sid:84360890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497786)"; flow:established,from_client; content:"GET"; http_method; content:"/hackhackboyss/crypto-aml-check/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497786/; classtype:trojan-activity;sid:84360886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497782)"; flow:established,from_client; content:"GET"; http_method; content:"/panozkaiscool/guard-clauses/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497782/; classtype:trojan-activity;sid:84360882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497783)"; flow:established,from_client; content:"GET"; http_method; content:"/indiizza/shadowtool/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497783/; classtype:trojan-activity;sid:84360883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497775)"; flow:established,from_client; content:"GET"; http_method; content:"/hackhackboyss/crypto-aml-check/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497775/; classtype:trojan-activity;sid:84360875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497772)"; flow:established,from_client; content:"GET"; http_method; content:"/zackkung688/split-fiction/releases/download/lavalike/splitfiction-lavalike.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497772/; classtype:trojan-activity;sid:84360872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497769)"; flow:established,from_client; content:"GET"; http_method; content:"/tuliodrx/ovh-ddos/releases/download/2.5.6/ovh-ddos-2.5.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497769/; classtype:trojan-activity;sid:84360869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497766)"; flow:established,from_client; content:"GET"; http_method; content:"/trunghiuu08/pc-health-advisor/releases/download/3.5.4/pc.health.advisor.3.5.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497766/; classtype:trojan-activity;sid:84360866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497761)"; flow:established,from_client; content:"GET"; http_method; content:"/simplefastfunnels254/tg-cybersec/releases/download/v2.7.1/tg-cybersec-v2.7.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497761/; classtype:trojan-activity;sid:84360861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497760)"; flow:established,from_client; content:"GET"; http_method; content:"/ykn1/dishost/releases/download/1.3.8/dishost.1.3.8.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497760/; classtype:trojan-activity;sid:84360860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497758)"; flow:established,from_client; content:"GET"; http_method; content:"/repirate/asset-recovery-tool/releases/download/v1.7.6/asset-recovery-tool-v1.7.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497758/; classtype:trojan-activity;sid:84360858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497755)"; flow:established,from_client; content:"GET"; http_method; content:"/uruguayopr/sword-art-online-fractured-daydream-cheat/releases/download/3.9.3/sword.art.online.fractured.daydream.cheat.v3.9.3.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497755/; classtype:trojan-activity;sid:84360855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497754)"; flow:established,from_client; content:"GET"; http_method; content:"/cxavi10/ddos-protection/releases/download/uncork/ddos-protection-uncork.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497754/; classtype:trojan-activity;sid:84360854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497750)"; flow:established,from_client; content:"GET"; http_method; content:"/reflx-dot/api-pentesting-tools/releases/download/macrogamete/api.pentesting.tools.macrogamete.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497750/; classtype:trojan-activity;sid:84360850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497749)"; flow:established,from_client; content:"GET"; http_method; content:"/sinoyj00/strongvpn/releases/download/pseudobrotherly/strongvpn_pseudobrotherly.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497749/; classtype:trojan-activity;sid:84360849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497748)"; flow:established,from_client; content:"GET"; http_method; content:"/folcon92/brutecheker/releases/download/2.1.0/brutecheker-v2.1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497748/; classtype:trojan-activity;sid:84360848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497746)"; flow:established,from_client; content:"GET"; http_method; content:"/92tino/zenless-zone-zero-menu/releases/download/v2.9.3/zenith-zoom-v2.9.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497746/; classtype:trojan-activity;sid:84360846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497744)"; flow:established,from_client; content:"GET"; http_method; content:"/truthtower1/nitro-key/releases/download/v2.2.3/nitro-key_v2.2.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497744/; classtype:trojan-activity;sid:84360844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497739)"; flow:established,from_client; content:"GET"; http_method; content:"/ander12342/pugdns/releases/download/1.3.1/pugdns_v1.3.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497739/; classtype:trojan-activity;sid:84360839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497734)"; flow:established,from_client; content:"GET"; http_method; content:"/aravind2152/dune-imperium-vision/releases/download/2.3.8/dune-imperium-vision-2.3.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497734/; classtype:trojan-activity;sid:84360834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497708)"; flow:established,from_client; content:"GET"; http_method; content:"/stormy2307/esp32-breakout-rust/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497708/; classtype:trojan-activity;sid:84360808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497709)"; flow:established,from_client; content:"GET"; http_method; content:"/stormy2307/esp32-breakout-rust/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497709/; classtype:trojan-activity;sid:84360809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497705)"; flow:established,from_client; content:"GET"; http_method; content:"/kannankannana/fivem-mod-menu/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497705/; classtype:trojan-activity;sid:84360805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497706)"; flow:established,from_client; content:"GET"; http_method; content:"/kannankannana/fivem-mod-menu/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497706/; classtype:trojan-activity;sid:84360806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497692)"; flow:established,from_client; content:"GET"; http_method; content:"/nuriia-i/palia-script/releases/download/anisoin/palia-script_anisoin.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497692/; classtype:trojan-activity;sid:84360792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497686)"; flow:established,from_client; content:"GET"; http_method; content:"/syestm/marvel-rivals-2025-hack/releases/download/3.5.2/release-marvel-rivals-2025-hack-3-5-2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497686/; classtype:trojan-activity;sid:84360786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497677)"; flow:established,from_client; content:"GET"; http_method; content:"/devpev777/d/refs/heads/main/r.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497677/; classtype:trojan-activity;sid:84360777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497582)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.140.239.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497582/; classtype:trojan-activity;sid:84360682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497334/; classtype:trojan-activity;sid:84360434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.97.222.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497333/; classtype:trojan-activity;sid:84360433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.1.187.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497313/; classtype:trojan-activity;sid:84360413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.239.8.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497303/; classtype:trojan-activity;sid:84360403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.186.28.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497306/; classtype:trojan-activity;sid:84360406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.113.95.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497308/; classtype:trojan-activity;sid:84360408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497120)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s64.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497120/; classtype:trojan-activity;sid:84360220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497121)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s86.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497121/; classtype:trojan-activity;sid:84360221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496952)"; flow:established,from_client; content:"GET"; http_method; content:"/benkku25/assets/raw/41f4f8f16b76af39e1bc3f8024b66010dd2617c7/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496952/; classtype:trojan-activity;sid:84360052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496926)"; flow:established,from_client; content:"GET"; http_method; content:"/yfyuy/roblox-blox-fruits-script-2025/releases/download/v3.9.0/roblox.blox.fruits.script.2025.v3.9.0.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496926/; classtype:trojan-activity;sid:84360026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496664)"; flow:established,from_client; content:"GET"; http_method; content:"/syklon99/ai-chatbot-svelte/releases/download/v1.4.9/ai-chatbot-svelte-v1.4.9.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496664/; classtype:trojan-activity;sid:84359764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496663)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamedbama/spider-man-2/releases/download/1.6.7/spider-man-2_v1.6.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496663/; classtype:trojan-activity;sid:84359763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496662)"; flow:established,from_client; content:"GET"; http_method; content:"/sigarikafat/xeet/releases/download/1.6.4/xeet_v1.6.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496662/; classtype:trojan-activity;sid:84359762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496649)"; flow:established,from_client; content:"GET"; http_method; content:"/cooldudeqwer1/esp32marauder-portal-pwn/releases/download/v1.0/program.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496649/; classtype:trojan-activity;sid:84359749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496647)"; flow:established,from_client; content:"GET"; http_method; content:"/ashhh220711/checkers/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496647/; classtype:trojan-activity;sid:84359747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496645)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v1.0/program.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496645/; classtype:trojan-activity;sid:84359745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496636)"; flow:established,from_client; content:"GET"; http_method; content:"/levinrr/swiftextensions/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496636/; classtype:trojan-activity;sid:84359736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496628)"; flow:established,from_client; content:"GET"; http_method; content:"/vandalyz/nodejs-dockerized-app/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496628/; classtype:trojan-activity;sid:84359728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496630)"; flow:established,from_client; content:"GET"; http_method; content:"/levinrr/swiftextensions/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496630/; classtype:trojan-activity;sid:84359730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496631)"; flow:established,from_client; content:"GET"; http_method; content:"/rle123/ai-self-coding-book/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496631/; classtype:trojan-activity;sid:84359731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496634)"; flow:established,from_client; content:"GET"; http_method; content:"/2trk/sillyfiles/releases/download/v1.0/program.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496634/; classtype:trojan-activity;sid:84359734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496624)"; flow:established,from_client; content:"GET"; http_method; content:"/kerlissandro/how-i-stripe/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496624/; classtype:trojan-activity;sid:84359724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496625)"; flow:established,from_client; content:"GET"; http_method; content:"/vandalyz/nodejs-dockerized-app/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496625/; classtype:trojan-activity;sid:84359725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496607)"; flow:established,from_client; content:"GET"; http_method; content:"/abhishekbathulla/far/releases/download/v3.4.4/far-v3.4.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496607/; classtype:trojan-activity;sid:84359707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496606)"; flow:established,from_client; content:"GET"; http_method; content:"/asitiaf/llm-getting-started/releases/download/2.6.8/llm-getting-started-2.6.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496606/; classtype:trojan-activity;sid:84359706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496605)"; flow:established,from_client; content:"GET"; http_method; content:"/ayeshamustab/ai-ml-code-interviewer/releases/download/v2.5.8-beta.5/ai-ml-code-interviewer_v2.5.8-beta.5.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496605/; classtype:trojan-activity;sid:84359705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496597)"; flow:established,from_client; content:"GET"; http_method; content:"/juann22/fastmud/releases/download/2.1.1/fastmud.2.1.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496597/; classtype:trojan-activity;sid:84359697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496598)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmadsheekhyousef/quicklook-netron/releases/download/uncriticisingly/quicklook-netron-uncriticisingly.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496598/; classtype:trojan-activity;sid:84359698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496599)"; flow:established,from_client; content:"GET"; http_method; content:"/front-writer/llm-engineering-cheatsheet/releases/download/3.3.5-beta.5/llm-engineering-cheatsheet-3.3.5-beta.5.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496599/; classtype:trojan-activity;sid:84359699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496602)"; flow:established,from_client; content:"GET"; http_method; content:"/alperenuurlu/mobile-legends-menu/releases/download/v3.3.0/mobile.legends.menu.v3.3.0.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496602/; classtype:trojan-activity;sid:84359702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496604)"; flow:established,from_client; content:"GET"; http_method; content:"/yahabaha/exam-quiz-test/releases/download/v2.9.2/exam-quiz-test-v2.9.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496604/; classtype:trojan-activity;sid:84359704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496588)"; flow:established,from_client; content:"GET"; http_method; content:"/eoleo26/aida64-extreme-free/releases/download/v3.7.6/aida64.extreme.free.v3.7.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496588/; classtype:trojan-activity;sid:84359688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496589)"; flow:established,from_client; content:"GET"; http_method; content:"/raqi42/stm32_lcd16x2_library/releases/download/1.6.7-alpha.3/stm32-lcd16x2-library-1.6.7-alpha.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496589/; classtype:trojan-activity;sid:84359689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496590)"; flow:established,from_client; content:"GET"; http_method; content:"/redamigo63/copycrafter/releases/download/devolvement/copycrafter_devolvement.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496590/; classtype:trojan-activity;sid:84359690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496591)"; flow:established,from_client; content:"GET"; http_method; content:"/brian124qqr/nero-burning-rom-free/releases/download/1.4.8-beta.3/nero-burning-rom-free-1.4.8-beta.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496591/; classtype:trojan-activity;sid:84359691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496592)"; flow:established,from_client; content:"GET"; http_method; content:"/klaus998851/github-achievements/releases/download/3.5.8/github-achievements-3.5.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496592/; classtype:trojan-activity;sid:84359692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496594)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidi-crypto/quarkus-openapi-problem/releases/download/v1.4.2/quarkus-openapi-problem-v1.4.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496594/; classtype:trojan-activity;sid:84359694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496564)"; flow:established,from_client; content:"GET"; http_method; content:"/stepbox23/assets/60af1f798cc4708a2872a66cebab351e529e43f8/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496564/; classtype:trojan-activity;sid:84359664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496275)"; flow:established,from_client; content:"GET"; http_method; content:"/akash21-hub/roblox-celery/releases/download/v1.7.0-alpha.2/roblox-celery-v1.7.0-alpha.2.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496275/; classtype:trojan-activity;sid:84359375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496067)"; flow:established,from_client; content:"GET"; http_method; content:"/new_image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496067/; classtype:trojan-activity;sid:84359167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496061)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/refs/heads/main/ud.bat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496061/; classtype:trojan-activity;sid:84359161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496058)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/main/ud.bat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496058/; classtype:trojan-activity;sid:84359158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495857)"; flow:established,from_client; content:"GET"; http_method; content:"/tsl/downloader.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tobecation.github.io"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3495857/; classtype:trojan-activity;sid:84358957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"accesspoint.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3495124/; classtype:trojan-activity;sid:84358224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494681)"; flow:established,from_client; content:"GET"; http_method; content:"/download/electrum-doge-1.4.2.appimage"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"electrum-dogecoin.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494681/; classtype:trojan-activity;sid:84357781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493868)"; flow:established,from_client; content:"GET"; http_method; content:"/order_svea.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lindenappliances.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493868/; classtype:trojan-activity;sid:84356968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493608)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/refs/heads/master/launcher.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493608/; classtype:trojan-activity;sid:84356708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493606)"; flow:established,from_client; content:"GET"; http_method; content:"/khemrinp/brookhaven-script/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493606/; classtype:trojan-activity;sid:84356706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493604)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493604/; classtype:trojan-activity;sid:84356704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493102)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.23.17.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3493102/; classtype:trojan-activity;sid:84356202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493088)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3493088/; classtype:trojan-activity;sid:84356188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492619)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/wild-storage/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492619/; classtype:trojan-activity;sid:84355719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492620)"; flow:established,from_client; content:"GET"; http_method; content:"/jo-dll/hb4/releases/download/v2.0/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492620/; classtype:trojan-activity;sid:84355720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492621)"; flow:established,from_client; content:"GET"; http_method; content:"/bbget00/wikitok/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492621/; classtype:trojan-activity;sid:84355721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492618)"; flow:established,from_client; content:"GET"; http_method; content:"/bbget00/wikitok/releases/download/v1.0/app.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492618/; classtype:trojan-activity;sid:84355718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492611)"; flow:established,from_client; content:"GET"; http_method; content:"/forzon96/cataclismo/releases/download/1.4.6/cataclismo_1.4.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492611/; classtype:trojan-activity;sid:84355711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492613)"; flow:established,from_client; content:"GET"; http_method; content:"/mjunaid87/tokenset/releases/download/v2.8.1/tokenset.v2.8.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492613/; classtype:trojan-activity;sid:84355713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492608)"; flow:established,from_client; content:"GET"; http_method; content:"/joacokia/oopd/releases/download/bretschneideraceae/oopd_bretschneideraceae.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492608/; classtype:trojan-activity;sid:84355708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492601)"; flow:established,from_client; content:"GET"; http_method; content:"/stayns/glpwnme/releases/download/3.1.1/glpwnme-3.1.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492601/; classtype:trojan-activity;sid:84355701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492602)"; flow:established,from_client; content:"GET"; http_method; content:"/catexec/signature-recognition-cnn/releases/download/v1.6.8/signature-recognition-cnn-v1.6.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492602/; classtype:trojan-activity;sid:84355702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492604)"; flow:established,from_client; content:"GET"; http_method; content:"/tombalestra/m3-spatial/releases/download/v3.3.4/m3-spatial-v3.3.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492604/; classtype:trojan-activity;sid:84355704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492600)"; flow:established,from_client; content:"GET"; http_method; content:"/mardecilnonp568/assasin-creed-shadows/releases/download/v2.7.5/assassin-creed-shadows-v2.7.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492600/; classtype:trojan-activity;sid:84355700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492591)"; flow:established,from_client; content:"GET"; http_method; content:"/sudip1801/loyalty/releases/download/v3.4.4-alpha.1/loyalty_v3.4.4-alpha.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492591/; classtype:trojan-activity;sid:84355691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492586)"; flow:established,from_client; content:"GET"; http_method; content:"/bosstrung/fedora/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492586/; classtype:trojan-activity;sid:84355686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492580)"; flow:established,from_client; content:"GET"; http_method; content:"/jppb1216/hit-swap-fix/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492580/; classtype:trojan-activity;sid:84355680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492581)"; flow:established,from_client; content:"GET"; http_method; content:"/hzufu/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492581/; classtype:trojan-activity;sid:84355681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492582)"; flow:established,from_client; content:"GET"; http_method; content:"/hzufu/cosmicstar/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492582/; classtype:trojan-activity;sid:84355682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492584)"; flow:established,from_client; content:"GET"; http_method; content:"/jppb1216/hit-swap-fix/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492584/; classtype:trojan-activity;sid:84355684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492578)"; flow:established,from_client; content:"GET"; http_method; content:"/artinplay123/seed-checker-by-creqtor/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492578/; classtype:trojan-activity;sid:84355678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492579)"; flow:established,from_client; content:"GET"; http_method; content:"/artinplay123/seed-checker-by-creqtor/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492579/; classtype:trojan-activity;sid:84355679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492575)"; flow:established,from_client; content:"GET"; http_method; content:"/taham56/bliss_browser_golo/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492575/; classtype:trojan-activity;sid:84355675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492576)"; flow:established,from_client; content:"GET"; http_method; content:"/taham56/bliss_browser_golo/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492576/; classtype:trojan-activity;sid:84355676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492577)"; flow:established,from_client; content:"GET"; http_method; content:"/antifreezsa/portfolio/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492577/; classtype:trojan-activity;sid:84355677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492563)"; flow:established,from_client; content:"GET"; http_method; content:"/reninstem/productlisting/releases/download/2.6.1/productlisting-2.6.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492563/; classtype:trojan-activity;sid:84355663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492557)"; flow:established,from_client; content:"GET"; http_method; content:"/suvam-01/alayalite/releases/download/v1.4.8/alayalite_v1.4.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492557/; classtype:trojan-activity;sid:84355657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492224)"; flow:established,from_client; content:"GET"; http_method; content:"/lordland929on6/1ab-phantasystaronline2b/releases/download/p7ew0zthra/156qeiu3fhnohcj2.rar"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492224/; classtype:trojan-activity;sid:84355324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492193)"; flow:established,from_client; content:"GET"; http_method; content:"/jaiaiaka/pancake-protectors-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492193/; classtype:trojan-activity;sid:84355293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492194)"; flow:established,from_client; content:"GET"; http_method; content:"/jaiaiaka/pancake-protectors-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492194/; classtype:trojan-activity;sid:84355294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492186)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ax-bladeandsoulx/releases/download/n6seqop1o4/q.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492186/; classtype:trojan-activity;sid:84355286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492168)"; flow:established,from_client; content:"GET"; http_method; content:"/howlux40worthyfp4h/1af-starwars-theoldrepublicf/releases/download/j0ndd81djg/eskf6bqczzc2j.rar"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492168/; classtype:trojan-activity;sid:84355268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492160)"; flow:established,from_client; content:"GET"; http_method; content:"/uragon005/ai-chatbot-svelte/releases/download/v2.4.5/ai-chatbot-svelte_v2.4.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492160/; classtype:trojan-activity;sid:84355260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492149)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/cheat-escape-from-tarkov/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492149/; classtype:trojan-activity;sid:84355249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492145)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/cheat-escape-from-tarkov/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492145/; classtype:trojan-activity;sid:84355245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492148)"; flow:established,from_client; content:"GET"; http_method; content:"/clishine/blade-ball/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492148/; classtype:trojan-activity;sid:84355248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492142)"; flow:established,from_client; content:"GET"; http_method; content:"/clishine/blade-ball/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492142/; classtype:trojan-activity;sid:84355242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492135)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v1.0/release.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492135/; classtype:trojan-activity;sid:84355235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492134)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492134/; classtype:trojan-activity;sid:84355234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492123)"; flow:established,from_client; content:"GET"; http_method; content:"/mathists9/abaqus-aluminum-bending-ductile-damage-3d/releases/download/2.7.3/release.2.7.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492123/; classtype:trojan-activity;sid:84355223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492116)"; flow:established,from_client; content:"GET"; http_method; content:"/averagecoderinohio/crop-disease-identification-model/releases/download/v1.0/release.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492116/; classtype:trojan-activity;sid:84355216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492117)"; flow:established,from_client; content:"GET"; http_method; content:"/averagecoderinohio/crop-disease-identification-model/releases/download/v2.0/software.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492117/; classtype:trojan-activity;sid:84355217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492118)"; flow:established,from_client; content:"GET"; http_method; content:"/aki019aki/godotttttt/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492118/; classtype:trojan-activity;sid:84355218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492112)"; flow:established,from_client; content:"GET"; http_method; content:"/solarcrownyt/learning-sqlx/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492112/; classtype:trojan-activity;sid:84355212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492113)"; flow:established,from_client; content:"GET"; http_method; content:"/aki019aki/godotttttt/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492113/; classtype:trojan-activity;sid:84355213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492099)"; flow:established,from_client; content:"GET"; http_method; content:"/shanabbasi916/about-miguel/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492099/; classtype:trojan-activity;sid:84355199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492086)"; flow:established,from_client; content:"GET"; http_method; content:"/voslol/hack-crypto-wallet/releases/download/croupous/hack-crypto-wallet-croupous.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492086/; classtype:trojan-activity;sid:84355186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492074)"; flow:established,from_client; content:"GET"; http_method; content:"/hakimil/hack-crypto-wallet/releases/download/v2.7.7-beta.4/hack-crypto-wallet-v2.7.7-beta.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492074/; classtype:trojan-activity;sid:84355174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492056)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492056/; classtype:trojan-activity;sid:84355156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491981)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.208.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491981/; classtype:trojan-activity;sid:84355081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491653)"; flow:established,from_client; content:"GET"; http_method; content:"/hassan-be/pet-simulator-99-dupe-gui/releases/download/newmarket/pet-simulator-99-dupe-gui-newmarket.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491653/; classtype:trojan-activity;sid:84354753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490438)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzie299312/hack-crypto-wallet/releases/download/v1.9.0-alpha.1/hack-crypto-wallet-v1.9.0-alpha.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490438/; classtype:trojan-activity;sid:84353538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490437)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzie299312/hack-crypto-wallet/releases/download/3.7.6/hack-crypto-wallet_v3.7.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490437/; classtype:trojan-activity;sid:84353537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490432)"; flow:established,from_client; content:"GET"; http_method; content:"/phamkhanhhung208/assets/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490432/; classtype:trojan-activity;sid:84353532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490427)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/refs/heads/master/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490427/; classtype:trojan-activity;sid:84353527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490409)"; flow:established,from_client; content:"GET"; http_method; content:"/beast2122006/assignment/238415a963aab57f18fd2c2ef60995d7c0b39fe0/library.txt"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490409/; classtype:trojan-activity;sid:84353509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dertyom/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490350/; classtype:trojan-activity;sid:84353450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490349)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490349/; classtype:trojan-activity;sid:84353449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490313)"; flow:established,from_client; content:"GET"; http_method; content:"/kammywammyman/boyboy/main/chromeupdate.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490313/; classtype:trojan-activity;sid:84353413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490294)"; flow:established,from_client; content:"GET"; http_method; content:"/tacocat2222/materia-fivem/refs/heads/main/loader.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490294/; classtype:trojan-activity;sid:84353394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490235)"; flow:established,from_client; content:"GET"; http_method; content:"/dl18"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490235/; classtype:trojan-activity;sid:84353335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489510)"; flow:established,from_client; content:"GET"; http_method; content:"/theus12324/roblox-appleware/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489510/; classtype:trojan-activity;sid:84352610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489509)"; flow:established,from_client; content:"GET"; http_method; content:"/aldenpogznet22/hamster-bot/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489509/; classtype:trojan-activity;sid:84352609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489505)"; flow:established,from_client; content:"GET"; http_method; content:"/azoresn/roblox-nihon/releases/download/v1.0/executor.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489505/; classtype:trojan-activity;sid:84352605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489507)"; flow:established,from_client; content:"GET"; http_method; content:"/jjgamerz123/roblox-nihon/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489507/; classtype:trojan-activity;sid:84352607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489508)"; flow:established,from_client; content:"GET"; http_method; content:"/worakom99/carbon-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489508/; classtype:trojan-activity;sid:84352608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489502)"; flow:established,from_client; content:"GET"; http_method; content:"/thurynw/uoffice_library_uot/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489502/; classtype:trojan-activity;sid:84352602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489501)"; flow:established,from_client; content:"GET"; http_method; content:"/jamescarlzafra/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489501/; classtype:trojan-activity;sid:84352601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489474)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/duan1/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489474/; classtype:trojan-activity;sid:84352574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489476)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v1.0/application.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489476/; classtype:trojan-activity;sid:84352576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489478)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489478/; classtype:trojan-activity;sid:84352578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489479)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489479/; classtype:trojan-activity;sid:84352579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489480)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489480/; classtype:trojan-activity;sid:84352580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489481)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489481/; classtype:trojan-activity;sid:84352581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489471)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489471/; classtype:trojan-activity;sid:84352571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489472)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489472/; classtype:trojan-activity;sid:84352572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489473)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489473/; classtype:trojan-activity;sid:84352573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489466)"; flow:established,from_client; content:"GET"; http_method; content:"/justakidthatcode/deez-guess/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489466/; classtype:trojan-activity;sid:84352566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489467)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/pythonproject3src/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489467/; classtype:trojan-activity;sid:84352567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489465)"; flow:established,from_client; content:"GET"; http_method; content:"/kelsey950/bounceoff/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489465/; classtype:trojan-activity;sid:84352565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489455)"; flow:established,from_client; content:"GET"; http_method; content:"/pritamdash143/art-expo/releases/download/v1.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489455/; classtype:trojan-activity;sid:84352555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489456)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-1/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489456/; classtype:trojan-activity;sid:84352556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489457)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-2/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489457/; classtype:trojan-activity;sid:84352557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489458)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-1/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489458/; classtype:trojan-activity;sid:84352558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489460)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/roblox-login.github.io/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489460/; classtype:trojan-activity;sid:84352560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489461)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-2/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489461/; classtype:trojan-activity;sid:84352561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489462)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/roblox-login.github.io/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489462/; classtype:trojan-activity;sid:84352562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489463)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/pi_analisis_de_criptomonedas/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489463/; classtype:trojan-activity;sid:84352563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489451)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/pythonproject3src/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489451/; classtype:trojan-activity;sid:84352551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489452)"; flow:established,from_client; content:"GET"; http_method; content:"/kelsey950/collition-algorithm/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489452/; classtype:trojan-activity;sid:84352552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489428)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/leanx/releases/download/v2.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489428/; classtype:trojan-activity;sid:84352528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489436)"; flow:established,from_client; content:"GET"; http_method; content:"/febrixd/nodejs/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489436/; classtype:trojan-activity;sid:84352536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489440)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/leanx/releases/download/v1.0/application.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489440/; classtype:trojan-activity;sid:84352540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489411)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/gerenciamento-de-eventos3/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489411/; classtype:trojan-activity;sid:84352511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489407)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/gerenciamento-de-eventos3/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489407/; classtype:trojan-activity;sid:84352507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489369)"; flow:established,from_client; content:"GET"; http_method; content:"/dcfam747/dcfam747.github.io/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489369/; classtype:trojan-activity;sid:84352469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489370)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489370/; classtype:trojan-activity;sid:84352470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489373)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v1.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489373/; classtype:trojan-activity;sid:84352473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489375)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v1.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489375/; classtype:trojan-activity;sid:84352475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489380)"; flow:established,from_client; content:"GET"; http_method; content:"/thomas636b/skills-introduction-to-github/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489380/; classtype:trojan-activity;sid:84352480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489382)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489382/; classtype:trojan-activity;sid:84352482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489383)"; flow:established,from_client; content:"GET"; http_method; content:"/dcfam747/dcfam747.github.io/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489383/; classtype:trojan-activity;sid:84352483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489385)"; flow:established,from_client; content:"GET"; http_method; content:"/thomas636b/skills-introduction-to-github/releases/download/v1.0/release.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489385/; classtype:trojan-activity;sid:84352485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489386)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489386/; classtype:trojan-activity;sid:84352486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489333)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489333/; classtype:trojan-activity;sid:84352433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489339)"; flow:established,from_client; content:"GET"; http_method; content:"/btl-database/front-end/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489339/; classtype:trojan-activity;sid:84352439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489340)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489340/; classtype:trojan-activity;sid:84352440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489331)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489331/; classtype:trojan-activity;sid:84352431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489310)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489310/; classtype:trojan-activity;sid:84352410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489313)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489313/; classtype:trojan-activity;sid:84352413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489314)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489314/; classtype:trojan-activity;sid:84352414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489315)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489315/; classtype:trojan-activity;sid:84352415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489317)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489317/; classtype:trojan-activity;sid:84352417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489307)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489307/; classtype:trojan-activity;sid:84352407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489308)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489308/; classtype:trojan-activity;sid:84352408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489300)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489300/; classtype:trojan-activity;sid:84352400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489303)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489303/; classtype:trojan-activity;sid:84352403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489272)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/l.github.io/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489272/; classtype:trojan-activity;sid:84352372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489274)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489274/; classtype:trojan-activity;sid:84352374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489275)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489275/; classtype:trojan-activity;sid:84352375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489280)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489280/; classtype:trojan-activity;sid:84352380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489284)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/l.github.io/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489284/; classtype:trojan-activity;sid:84352384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489288)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v1.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489288/; classtype:trojan-activity;sid:84352388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489266)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489266/; classtype:trojan-activity;sid:84352366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489265)"; flow:established,from_client; content:"GET"; http_method; content:"/hackslash-nitp/healthcare-web-page/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489265/; classtype:trojan-activity;sid:84352365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489264)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489264/; classtype:trojan-activity;sid:84352364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489244)"; flow:established,from_client; content:"GET"; http_method; content:"/confidencemedia/confidencemedia.com/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489244/; classtype:trojan-activity;sid:84352344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489245)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489245/; classtype:trojan-activity;sid:84352345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489246)"; flow:established,from_client; content:"GET"; http_method; content:"/amineehhhhhhhtopg/grrrrr/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489246/; classtype:trojan-activity;sid:84352346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489247)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489247/; classtype:trojan-activity;sid:84352347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489248)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489248/; classtype:trojan-activity;sid:84352348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489249)"; flow:established,from_client; content:"GET"; http_method; content:"/hermogenesjr/domu/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489249/; classtype:trojan-activity;sid:84352349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489250)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/proxy-service/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489250/; classtype:trojan-activity;sid:84352350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489251)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489251/; classtype:trojan-activity;sid:84352351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489253)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489253/; classtype:trojan-activity;sid:84352353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489254)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489254/; classtype:trojan-activity;sid:84352354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489255)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489255/; classtype:trojan-activity;sid:84352355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489256)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489256/; classtype:trojan-activity;sid:84352356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489257)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/mybot1/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489257/; classtype:trojan-activity;sid:84352357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489258)"; flow:established,from_client; content:"GET"; http_method; content:"/leehanini/leehanini.github.io/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489258/; classtype:trojan-activity;sid:84352358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489260)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489260/; classtype:trojan-activity;sid:84352360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489261)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489261/; classtype:trojan-activity;sid:84352361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489262)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/final/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489262/; classtype:trojan-activity;sid:84352362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489230)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489230/; classtype:trojan-activity;sid:84352330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489231)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489231/; classtype:trojan-activity;sid:84352331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489232)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489232/; classtype:trojan-activity;sid:84352332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489234)"; flow:established,from_client; content:"GET"; http_method; content:"/amineehhhhhhhtopg/grrrrr/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489234/; classtype:trojan-activity;sid:84352334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489235)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/mybot1/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489235/; classtype:trojan-activity;sid:84352335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489239)"; flow:established,from_client; content:"GET"; http_method; content:"/leehanini/leehanini.github.io/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489239/; classtype:trojan-activity;sid:84352339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489240)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489240/; classtype:trojan-activity;sid:84352340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489241)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/proxy-service/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489241/; classtype:trojan-activity;sid:84352341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489242)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489242/; classtype:trojan-activity;sid:84352342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489243)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489243/; classtype:trojan-activity;sid:84352343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489227)"; flow:established,from_client; content:"GET"; http_method; content:"/ambassadorscoders/togonon_motiv.poster/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489227/; classtype:trojan-activity;sid:84352327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489228)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489228/; classtype:trojan-activity;sid:84352328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489213)"; flow:established,from_client; content:"GET"; http_method; content:"/sriramapriyan/medicinal-plants-classification/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489213/; classtype:trojan-activity;sid:84352313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489215)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/nucleus/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489215/; classtype:trojan-activity;sid:84352315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489218)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/eltrapico2/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489218/; classtype:trojan-activity;sid:84352318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489219)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/amazon/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489219/; classtype:trojan-activity;sid:84352319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489220)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/land/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489220/; classtype:trojan-activity;sid:84352320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489205)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/fri-app/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489205/; classtype:trojan-activity;sid:84352305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489206)"; flow:established,from_client; content:"GET"; http_method; content:"/essa1212/aku/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489206/; classtype:trojan-activity;sid:84352306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489207)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/ecommerce/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489207/; classtype:trojan-activity;sid:84352307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489210)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/90-days-dsa-challenges/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489210/; classtype:trojan-activity;sid:84352310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489211)"; flow:established,from_client; content:"GET"; http_method; content:"/student-chicken/fit-track-goal-progress/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489211/; classtype:trojan-activity;sid:84352311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489212)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/resume/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489212/; classtype:trojan-activity;sid:84352312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489202)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/movie/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489202/; classtype:trojan-activity;sid:84352302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489177)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489177/; classtype:trojan-activity;sid:84352277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489178)"; flow:established,from_client; content:"GET"; http_method; content:"/djmuro4ever/personal/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489178/; classtype:trojan-activity;sid:84352278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489179)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489179/; classtype:trojan-activity;sid:84352279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489176)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/99monisha/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489176/; classtype:trojan-activity;sid:84352276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489173)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489173/; classtype:trojan-activity;sid:84352273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489175)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/deploy-admin/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489175/; classtype:trojan-activity;sid:84352275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489167)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/protfolio-design/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489167/; classtype:trojan-activity;sid:84352267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489168)"; flow:established,from_client; content:"GET"; http_method; content:"/neko-emon/fixing-error-0xc000007b/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489168/; classtype:trojan-activity;sid:84352268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489169)"; flow:established,from_client; content:"GET"; http_method; content:"/ggjgjghggvc/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489169/; classtype:trojan-activity;sid:84352269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489170)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489170/; classtype:trojan-activity;sid:84352270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489164)"; flow:established,from_client; content:"GET"; http_method; content:"/evil-cyber65/prem-ig/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489164/; classtype:trojan-activity;sid:84352264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489165)"; flow:established,from_client; content:"GET"; http_method; content:"/hannah20190/fixing-error-d3dx9-43-dll/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489165/; classtype:trojan-activity;sid:84352265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489153)"; flow:established,from_client; content:"GET"; http_method; content:"/anas200321/kernel-memory-reading-writing/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489153/; classtype:trojan-activity;sid:84352253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489154)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/aluraflix/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489154/; classtype:trojan-activity;sid:84352254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489155)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489155/; classtype:trojan-activity;sid:84352255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489157)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanlps/ai-data-scientist-scores-top-1-percent-on-kaggle/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489157/; classtype:trojan-activity;sid:84352257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489147)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489147/; classtype:trojan-activity;sid:84352247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489148)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanlps/ai-data-scientist-scores-top-1-percent-on-kaggle/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489148/; classtype:trojan-activity;sid:84352248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489149)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489149/; classtype:trojan-activity;sid:84352249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489150)"; flow:established,from_client; content:"GET"; http_method; content:"/kennethxc33/bliss_browser_codeowners/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489150/; classtype:trojan-activity;sid:84352250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489151)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489151/; classtype:trojan-activity;sid:84352251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489152)"; flow:established,from_client; content:"GET"; http_method; content:"/kennethxc33/bliss_browser_codeowners/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489152/; classtype:trojan-activity;sid:84352252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489146)"; flow:established,from_client; content:"GET"; http_method; content:"/jorgegael5/tos/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489146/; classtype:trojan-activity;sid:84352246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489144)"; flow:established,from_client; content:"GET"; http_method; content:"/pedjagejmer/digital-resume-builder/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489144/; classtype:trojan-activity;sid:84352244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489145)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/aluraflix/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489145/; classtype:trojan-activity;sid:84352245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489123)"; flow:established,from_client; content:"GET"; http_method; content:"/kayraspro/snake-fruit-game-asmr/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489123/; classtype:trojan-activity;sid:84352223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489125)"; flow:established,from_client; content:"GET"; http_method; content:"/mrrobot0404/the-wild-oasis/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489125/; classtype:trojan-activity;sid:84352225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489126)"; flow:established,from_client; content:"GET"; http_method; content:"/guest0689/flutter-starter-app/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489126/; classtype:trojan-activity;sid:84352226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489127)"; flow:established,from_client; content:"GET"; http_method; content:"/drankrych/fakebtcsend/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489127/; classtype:trojan-activity;sid:84352227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489128)"; flow:established,from_client; content:"GET"; http_method; content:"/atom3dx/array-base-scatter-filled/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489128/; classtype:trojan-activity;sid:84352228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489129)"; flow:established,from_client; content:"GET"; http_method; content:"/bluecheatah123/apex/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489129/; classtype:trojan-activity;sid:84352229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489131)"; flow:established,from_client; content:"GET"; http_method; content:"/lethanhdat0403/earnorm/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489131/; classtype:trojan-activity;sid:84352231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489132)"; flow:established,from_client; content:"GET"; http_method; content:"/undenialable/grpc-sso-service/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489132/; classtype:trojan-activity;sid:84352232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489133)"; flow:established,from_client; content:"GET"; http_method; content:"/grahgrahboom/myportfolio/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489133/; classtype:trojan-activity;sid:84352233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489135)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489135/; classtype:trojan-activity;sid:84352235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489137)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489137/; classtype:trojan-activity;sid:84352237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489138)"; flow:established,from_client; content:"GET"; http_method; content:"/undenialable/grpc-sso-service/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489138/; classtype:trojan-activity;sid:84352238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489115)"; flow:established,from_client; content:"GET"; http_method; content:"/brabaoeu/powershell_httpserver/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489115/; classtype:trojan-activity;sid:84352215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489116)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489116/; classtype:trojan-activity;sid:84352216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489117)"; flow:established,from_client; content:"GET"; http_method; content:"/speedwalker48700/snu_2d_programmingtools_ide_nwscript/releases/download/v2.0/software.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489117/; classtype:trojan-activity;sid:84352217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489118)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489118/; classtype:trojan-activity;sid:84352218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489119)"; flow:established,from_client; content:"GET"; http_method; content:"/tamiur2011/cors-proxy-server-employee-api/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489119/; classtype:trojan-activity;sid:84352219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489120)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489120/; classtype:trojan-activity;sid:84352220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489121)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489121/; classtype:trojan-activity;sid:84352221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489122)"; flow:established,from_client; content:"GET"; http_method; content:"/austinxsome/key-clicker/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489122/; classtype:trojan-activity;sid:84352222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489106)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489106/; classtype:trojan-activity;sid:84352206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489107)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489107/; classtype:trojan-activity;sid:84352207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489108)"; flow:established,from_client; content:"GET"; http_method; content:"/probe895/prodigy_wd_01/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489108/; classtype:trojan-activity;sid:84352208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489098)"; flow:established,from_client; content:"GET"; http_method; content:"/juliocesarmara/emojico/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489098/; classtype:trojan-activity;sid:84352198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489104)"; flow:established,from_client; content:"GET"; http_method; content:"/samudark4068/test-interface/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489104/; classtype:trojan-activity;sid:84352204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489097)"; flow:established,from_client; content:"GET"; http_method; content:"/daar12-web/testdmode/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489097/; classtype:trojan-activity;sid:84352197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489094)"; flow:established,from_client; content:"GET"; http_method; content:"/daar12-web/testdmode/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489094/; classtype:trojan-activity;sid:84352194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489095)"; flow:established,from_client; content:"GET"; http_method; content:"/probe895/prodigy_wd_01/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489095/; classtype:trojan-activity;sid:84352195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489090)"; flow:established,from_client; content:"GET"; http_method; content:"/lilanders123/act/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489090/; classtype:trojan-activity;sid:84352190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489088)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489088/; classtype:trojan-activity;sid:84352188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489089)"; flow:established,from_client; content:"GET"; http_method; content:"/salvix317/bliss_browser_mirah/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489089/; classtype:trojan-activity;sid:84352189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489077)"; flow:established,from_client; content:"GET"; http_method; content:"/1erne/blue-potato-nvidia/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489077/; classtype:trojan-activity;sid:84352177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489078)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeydluffy6956/fixedprojects/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489078/; classtype:trojan-activity;sid:84352178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489080)"; flow:established,from_client; content:"GET"; http_method; content:"/tiago1237/react-cooking-ninja/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489080/; classtype:trojan-activity;sid:84352180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489081)"; flow:established,from_client; content:"GET"; http_method; content:"/irineubelutti/pro-portfolio-website/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489081/; classtype:trojan-activity;sid:84352181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489082)"; flow:established,from_client; content:"GET"; http_method; content:"/jimjam112/linktree-template/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489082/; classtype:trojan-activity;sid:84352182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489087)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/bliss_browser_odin/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489087/; classtype:trojan-activity;sid:84352187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489074)"; flow:established,from_client; content:"GET"; http_method; content:"/jimjam112/linktree-template/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489074/; classtype:trojan-activity;sid:84352174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489075)"; flow:established,from_client; content:"GET"; http_method; content:"/salvix317/bliss_browser_mirah/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489075/; classtype:trojan-activity;sid:84352175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489076)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeydluffy6956/fixedprojects/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489076/; classtype:trojan-activity;sid:84352176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489063)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489063/; classtype:trojan-activity;sid:84352163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489054)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v1.0/program.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489054/; classtype:trojan-activity;sid:84352154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489055)"; flow:established,from_client; content:"GET"; http_method; content:"/joshuagamayutin/bytesized.webring/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489055/; classtype:trojan-activity;sid:84352155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489056)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489056/; classtype:trojan-activity;sid:84352156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489058)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123123456/flowdown-beta/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489058/; classtype:trojan-activity;sid:84352158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489060)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosprogramador991/baitroute/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489060/; classtype:trojan-activity;sid:84352160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489061)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosprogramador991/baitroute/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489061/; classtype:trojan-activity;sid:84352161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489051)"; flow:established,from_client; content:"GET"; http_method; content:"/brahiim05/indian_migrating_students_analysis/releases/download/v1.0/program.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489051/; classtype:trojan-activity;sid:84352151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489052)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123123456/flowdown-beta/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489052/; classtype:trojan-activity;sid:84352152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489049)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489049/; classtype:trojan-activity;sid:84352149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489046)"; flow:established,from_client; content:"GET"; http_method; content:"/brahiim05/indian_migrating_students_analysis/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489046/; classtype:trojan-activity;sid:84352146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489047)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489047/; classtype:trojan-activity;sid:84352147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489042)"; flow:established,from_client; content:"GET"; http_method; content:"/ashraff12345/snu_2d_clouddrive_modes_snu/releases/download/v1.0/program.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489042/; classtype:trojan-activity;sid:84352142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489043)"; flow:established,from_client; content:"GET"; http_method; content:"/emilio549/solindexllm/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489043/; classtype:trojan-activity;sid:84352143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489041)"; flow:established,from_client; content:"GET"; http_method; content:"/anthony166-cmyk/codify/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489041/; classtype:trojan-activity;sid:84352141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489032)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v1.0/application.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489032/; classtype:trojan-activity;sid:84352132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489034)"; flow:established,from_client; content:"GET"; http_method; content:"/anthony166-cmyk/codify/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489034/; classtype:trojan-activity;sid:84352134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489035)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v1.0.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489035/; classtype:trojan-activity;sid:84352135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489036)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v1.0/application.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489036/; classtype:trojan-activity;sid:84352136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489038)"; flow:established,from_client; content:"GET"; http_method; content:"/soilder931/djlint-snap/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489038/; classtype:trojan-activity;sid:84352138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489040)"; flow:established,from_client; content:"GET"; http_method; content:"/emilio549/solindexllm/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489040/; classtype:trojan-activity;sid:84352140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489026)"; flow:established,from_client; content:"GET"; http_method; content:"/2jzlove/property-portfolio-forecaster/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489026/; classtype:trojan-activity;sid:84352126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489027)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489027/; classtype:trojan-activity;sid:84352127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489028)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v2.0/software.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489028/; classtype:trojan-activity;sid:84352128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489029)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489029/; classtype:trojan-activity;sid:84352129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489025)"; flow:established,from_client; content:"GET"; http_method; content:"/ashraff12345/snu_2d_clouddrive_modes_snu/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489025/; classtype:trojan-activity;sid:84352125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489020)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489020/; classtype:trojan-activity;sid:84352120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488996)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488996/; classtype:trojan-activity;sid:84352096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488997)"; flow:established,from_client; content:"GET"; http_method; content:"/zaytosmooth23/metamask-wallet-api-react-web3-extension-connect-blockhain-ethereum/releases/download/v1.0/release.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488997/; classtype:trojan-activity;sid:84352097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488998)"; flow:established,from_client; content:"GET"; http_method; content:"/rizasaurus/car-price-prediction-exercise-with-regression-model/releases/download/v2.0/software.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488998/; classtype:trojan-activity;sid:84352098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488999)"; flow:established,from_client; content:"GET"; http_method; content:"/julianarpr/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/releases/download/v2.0/software.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488999/; classtype:trojan-activity;sid:84352099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489000)"; flow:established,from_client; content:"GET"; http_method; content:"/refloxo/nlp-translator/releases/download/v1.0/soft.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489000/; classtype:trojan-activity;sid:84352100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489001)"; flow:established,from_client; content:"GET"; http_method; content:"/rizasaurus/car-price-prediction-exercise-with-regression-model/releases/download/v1.0/release.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489001/; classtype:trojan-activity;sid:84352101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489002)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v1.0/release.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489002/; classtype:trojan-activity;sid:84352102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489003)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489003/; classtype:trojan-activity;sid:84352103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489004)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489004/; classtype:trojan-activity;sid:84352104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489005)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489005/; classtype:trojan-activity;sid:84352105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489006)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489006/; classtype:trojan-activity;sid:84352106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489007)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489007/; classtype:trojan-activity;sid:84352107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489008)"; flow:established,from_client; content:"GET"; http_method; content:"/jatomsplamkakj/mysql-bootcamp-go-from-sql-beginner-to-expert/releases/download/v1.0/release.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489008/; classtype:trojan-activity;sid:84352108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489009)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489009/; classtype:trojan-activity;sid:84352109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489010)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489010/; classtype:trojan-activity;sid:84352110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489011)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489011/; classtype:trojan-activity;sid:84352111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489012)"; flow:established,from_client; content:"GET"; http_method; content:"/jatomsplamkakj/mysql-bootcamp-go-from-sql-beginner-to-expert/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489012/; classtype:trojan-activity;sid:84352112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489013)"; flow:established,from_client; content:"GET"; http_method; content:"/dungtaplaptrinh/ivms/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489013/; classtype:trojan-activity;sid:84352113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489014)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v2.0/software.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489014/; classtype:trojan-activity;sid:84352114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489015)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489015/; classtype:trojan-activity;sid:84352115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489016)"; flow:established,from_client; content:"GET"; http_method; content:"/julianarpr/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/releases/download/v1.0/release.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489016/; classtype:trojan-activity;sid:84352116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488992)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v1.0/application.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488992/; classtype:trojan-activity;sid:84352092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488993)"; flow:established,from_client; content:"GET"; http_method; content:"/refloxo/nlp-translator/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488993/; classtype:trojan-activity;sid:84352093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488994)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488994/; classtype:trojan-activity;sid:84352094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488995)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488995/; classtype:trojan-activity;sid:84352095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488989)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v2.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488989/; classtype:trojan-activity;sid:84352089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488985)"; flow:established,from_client; content:"GET"; http_method; content:"/dredarty/ringsharp/releases/download/v1.0/soft.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488985/; classtype:trojan-activity;sid:84352085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488986)"; flow:established,from_client; content:"GET"; http_method; content:"/zaytosmooth23/metamask-wallet-api-react-web3-extension-connect-blockhain-ethereum/releases/download/v2.0/software.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488986/; classtype:trojan-activity;sid:84352086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488987)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v1.0/program.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488987/; classtype:trojan-activity;sid:84352087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488988)"; flow:established,from_client; content:"GET"; http_method; content:"/dredarty/ringsharp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488988/; classtype:trojan-activity;sid:84352088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488964)"; flow:established,from_client; content:"GET"; http_method; content:"/megapuppiedoctor/evo/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488964/; classtype:trojan-activity;sid:84352064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488966)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488966/; classtype:trojan-activity;sid:84352066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488967)"; flow:established,from_client; content:"GET"; http_method; content:"/bardock47/detecteur-de-contenu-ia/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488967/; classtype:trojan-activity;sid:84352067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488968)"; flow:established,from_client; content:"GET"; http_method; content:"/mkailal/traking_app/releases/download/v1.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488968/; classtype:trojan-activity;sid:84352068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488969)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v1.0/program.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488969/; classtype:trojan-activity;sid:84352069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488970)"; flow:established,from_client; content:"GET"; http_method; content:"/mkailal/traking_app/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488970/; classtype:trojan-activity;sid:84352070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488971)"; flow:established,from_client; content:"GET"; http_method; content:"/happie123/milvus-querying/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488971/; classtype:trojan-activity;sid:84352071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488974)"; flow:established,from_client; content:"GET"; http_method; content:"/kentcann/generateur-de-fichiers-.htaccess-pour-redirections-seo/releases/download/v2.0/software.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488974/; classtype:trojan-activity;sid:84352074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488975)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaralay/generateur-de-fil-d-ariane/releases/download/v1.0/release_x64.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488975/; classtype:trojan-activity;sid:84352075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488976)"; flow:established,from_client; content:"GET"; http_method; content:"/happie123/milvus-querying/releases/download/v1.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488976/; classtype:trojan-activity;sid:84352076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488961)"; flow:established,from_client; content:"GET"; http_method; content:"/bardock47/detecteur-de-contenu-ia/releases/download/v1.0/release_x64.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488961/; classtype:trojan-activity;sid:84352061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488962)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaralay/generateur-de-fil-d-ariane/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488962/; classtype:trojan-activity;sid:84352062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488963)"; flow:established,from_client; content:"GET"; http_method; content:"/brunoesmael/cot_proxy/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488963/; classtype:trojan-activity;sid:84352063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488958)"; flow:established,from_client; content:"GET"; http_method; content:"/kentcann/generateur-de-fichiers-.htaccess-pour-redirections-seo/releases/download/v1.0/release_x64.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488958/; classtype:trojan-activity;sid:84352058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488959)"; flow:established,from_client; content:"GET"; http_method; content:"/megapuppiedoctor/evo/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488959/; classtype:trojan-activity;sid:84352059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488949)"; flow:established,from_client; content:"GET"; http_method; content:"/externator/drizzle-next-tauri/releases/download/v1.0/release_x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488949/; classtype:trojan-activity;sid:84352049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488950)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v1.0/release_x64.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488950/; classtype:trojan-activity;sid:84352050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488940)"; flow:established,from_client; content:"GET"; http_method; content:"/finn9633/batchgenie/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488940/; classtype:trojan-activity;sid:84352040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488941)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488941/; classtype:trojan-activity;sid:84352041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488942)"; flow:established,from_client; content:"GET"; http_method; content:"/big0loser/nodepay-bot/releases/download/v1.0/release_x64.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488942/; classtype:trojan-activity;sid:84352042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488943)"; flow:established,from_client; content:"GET"; http_method; content:"/rakkunsatura/p.e.n.i.s./releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488943/; classtype:trojan-activity;sid:84352043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488944)"; flow:established,from_client; content:"GET"; http_method; content:"/big0loser/nodepay-bot/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488944/; classtype:trojan-activity;sid:84352044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488945)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v1.0/release_x64.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488945/; classtype:trojan-activity;sid:84352045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488946)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488946/; classtype:trojan-activity;sid:84352046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488939)"; flow:established,from_client; content:"GET"; http_method; content:"/externator/drizzle-next-tauri/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488939/; classtype:trojan-activity;sid:84352039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488926)"; flow:established,from_client; content:"GET"; http_method; content:"/t7dela/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488926/; classtype:trojan-activity;sid:84352026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488905)"; flow:established,from_client; content:"GET"; http_method; content:"/tsmdavidyt10kpro/myquest/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488905/; classtype:trojan-activity;sid:84352005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488908)"; flow:established,from_client; content:"GET"; http_method; content:"/malo360/tapsi/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488908/; classtype:trojan-activity;sid:84352008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488909)"; flow:established,from_client; content:"GET"; http_method; content:"/malo360/tapsi/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488909/; classtype:trojan-activity;sid:84352009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488910)"; flow:established,from_client; content:"GET"; http_method; content:"/jayvzz121706/basic-geometry-engine/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488910/; classtype:trojan-activity;sid:84352010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488912)"; flow:established,from_client; content:"GET"; http_method; content:"/phillipp09/countriesfacts-quiz/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488912/; classtype:trojan-activity;sid:84352012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488914)"; flow:established,from_client; content:"GET"; http_method; content:"/tsmdavidyt10kpro/myquest/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488914/; classtype:trojan-activity;sid:84352014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488915)"; flow:established,from_client; content:"GET"; http_method; content:"/phillipp09/countriesfacts-quiz/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488915/; classtype:trojan-activity;sid:84352015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488916)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488916/; classtype:trojan-activity;sid:84352016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488918)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488918/; classtype:trojan-activity;sid:84352018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488919)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/oade_openvoices/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488919/; classtype:trojan-activity;sid:84352019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488920)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/oade_openvoices/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488920/; classtype:trojan-activity;sid:84352020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488921)"; flow:established,from_client; content:"GET"; http_method; content:"/jayvzz121706/basic-geometry-engine/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488921/; classtype:trojan-activity;sid:84352021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488903)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488903/; classtype:trojan-activity;sid:84352003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488892)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukoontop/orbia/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488892/; classtype:trojan-activity;sid:84351992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488893)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlyaxgen/to-do-task-app-with-oracle-apex/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488893/; classtype:trojan-activity;sid:84351993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488894)"; flow:established,from_client; content:"GET"; http_method; content:"/ilayking/exam-surveillance-platform/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488894/; classtype:trojan-activity;sid:84351994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488895)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlyaxgen/to-do-task-app-with-oracle-apex/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488895/; classtype:trojan-activity;sid:84351995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488896)"; flow:established,from_client; content:"GET"; http_method; content:"/fallidox/varzesh3/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488896/; classtype:trojan-activity;sid:84351996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488897)"; flow:established,from_client; content:"GET"; http_method; content:"/itallo1122/csharp-devcontainer-template/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488897/; classtype:trojan-activity;sid:84351997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488898)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukoontop/orbia/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488898/; classtype:trojan-activity;sid:84351998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488891)"; flow:established,from_client; content:"GET"; http_method; content:"/ilayking/exam-surveillance-platform/releases/download/v2.0/release_x64.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488891/; classtype:trojan-activity;sid:84351991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488890)"; flow:established,from_client; content:"GET"; http_method; content:"/samix151210/ndarray-base-normalize-indices/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488890/; classtype:trojan-activity;sid:84351990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488883)"; flow:established,from_client; content:"GET"; http_method; content:"/kirukazuma/react-ulbitv/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488883/; classtype:trojan-activity;sid:84351983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488884)"; flow:established,from_client; content:"GET"; http_method; content:"/simoqanboui/dawn-validator-bot-js/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488884/; classtype:trojan-activity;sid:84351984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488881)"; flow:established,from_client; content:"GET"; http_method; content:"/simoqanboui/dawn-validator-bot-js/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488881/; classtype:trojan-activity;sid:84351981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488880)"; flow:established,from_client; content:"GET"; http_method; content:"/asdadadsaasdsadas991/database-project/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488880/; classtype:trojan-activity;sid:84351980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488872)"; flow:established,from_client; content:"GET"; http_method; content:"/jonatanelmaspro2023/ailert-nextjs/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488872/; classtype:trojan-activity;sid:84351972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488873)"; flow:established,from_client; content:"GET"; http_method; content:"/hyuki875/transformers/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488873/; classtype:trojan-activity;sid:84351973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488874)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488874/; classtype:trojan-activity;sid:84351974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488875)"; flow:established,from_client; content:"GET"; http_method; content:"/tinhuynh123/secluded/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488875/; classtype:trojan-activity;sid:84351975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488877)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenquy19/fit-track-goals-app/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488877/; classtype:trojan-activity;sid:84351977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488879)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488879/; classtype:trojan-activity;sid:84351979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488867)"; flow:established,from_client; content:"GET"; http_method; content:"/marionerjattv/lapack-base-zlacpy/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488867/; classtype:trojan-activity;sid:84351967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488869)"; flow:established,from_client; content:"GET"; http_method; content:"/hkabj/codefetch/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488869/; classtype:trojan-activity;sid:84351969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488870)"; flow:established,from_client; content:"GET"; http_method; content:"/dandygamer198981/bliss_browser_mint/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488870/; classtype:trojan-activity;sid:84351970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488865)"; flow:established,from_client; content:"GET"; http_method; content:"/hkabj/codefetch/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488865/; classtype:trojan-activity;sid:84351965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488866)"; flow:established,from_client; content:"GET"; http_method; content:"/charles100000/twitch-clone/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488866/; classtype:trojan-activity;sid:84351966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488863)"; flow:established,from_client; content:"GET"; http_method; content:"/ligdeezznuts/bliss_browser_jcl/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488863/; classtype:trojan-activity;sid:84351963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488857)"; flow:established,from_client; content:"GET"; http_method; content:"/enessah00/adaptive-classifier/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488857/; classtype:trojan-activity;sid:84351957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488845)"; flow:established,from_client; content:"GET"; http_method; content:"/benbonbun/carvisionai/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488845/; classtype:trojan-activity;sid:84351945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488848)"; flow:established,from_client; content:"GET"; http_method; content:"/benbonbun/carvisionai/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488848/; classtype:trojan-activity;sid:84351948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488849)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488849/; classtype:trojan-activity;sid:84351949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488851)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed2006-cmd/carrepairreservationsystem-loginpage/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488851/; classtype:trojan-activity;sid:84351951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488854)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488854/; classtype:trojan-activity;sid:84351954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488855)"; flow:established,from_client; content:"GET"; http_method; content:"/enessah00/adaptive-classifier/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488855/; classtype:trojan-activity;sid:84351955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488842)"; flow:established,from_client; content:"GET"; http_method; content:"/imenapr/crime-news-ai-nlp-machine-learning/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488842/; classtype:trojan-activity;sid:84351942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488843)"; flow:established,from_client; content:"GET"; http_method; content:"/softnightmare/fit-goals/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488843/; classtype:trojan-activity;sid:84351943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488840)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxiangwuzhang/prodigy_wd_02/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488840/; classtype:trojan-activity;sid:84351940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488839)"; flow:established,from_client; content:"GET"; http_method; content:"/imenapr/crime-news-ai-nlp-machine-learning/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488839/; classtype:trojan-activity;sid:84351939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488835)"; flow:established,from_client; content:"GET"; http_method; content:"/brehdonacounter/contact-form1-main/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488835/; classtype:trojan-activity;sid:84351935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488837)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxiangwuzhang/prodigy_wd_02/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488837/; classtype:trojan-activity;sid:84351937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488831)"; flow:established,from_client; content:"GET"; http_method; content:"/frebirus/poll-maker/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488831/; classtype:trojan-activity;sid:84351931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488832)"; flow:established,from_client; content:"GET"; http_method; content:"/edgaras980/audiocrypt/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488832/; classtype:trojan-activity;sid:84351932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488833)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcar/bliss_browser_turtle/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488833/; classtype:trojan-activity;sid:84351933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488826)"; flow:established,from_client; content:"GET"; http_method; content:"/softnightmare/fit-goals/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488826/; classtype:trojan-activity;sid:84351926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488827)"; flow:established,from_client; content:"GET"; http_method; content:"/frebirus/poll-maker/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488827/; classtype:trojan-activity;sid:84351927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488828)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcar/bliss_browser_turtle/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488828/; classtype:trojan-activity;sid:84351928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488829)"; flow:established,from_client; content:"GET"; http_method; content:"/brehdonacounter/contact-form1-main/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488829/; classtype:trojan-activity;sid:84351929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488819)"; flow:established,from_client; content:"GET"; http_method; content:"/ozziesforest/translatesheet-examples/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488819/; classtype:trojan-activity;sid:84351919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488821)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488821/; classtype:trojan-activity;sid:84351921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488822)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488822/; classtype:trojan-activity;sid:84351922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488797)"; flow:established,from_client; content:"GET"; http_method; content:"/ozziesforest/translatesheet-examples/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488797/; classtype:trojan-activity;sid:84351897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488798)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/springboot-api-rest/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488798/; classtype:trojan-activity;sid:84351898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488799)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488799/; classtype:trojan-activity;sid:84351899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488800)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488800/; classtype:trojan-activity;sid:84351900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488802)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488802/; classtype:trojan-activity;sid:84351902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488804)"; flow:established,from_client; content:"GET"; http_method; content:"/shiffy22/awesome-portfolio/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488804/; classtype:trojan-activity;sid:84351904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488806)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488806/; classtype:trojan-activity;sid:84351906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488809)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/churn-prediction/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488809/; classtype:trojan-activity;sid:84351909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488787)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/springboot-api-rest/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488787/; classtype:trojan-activity;sid:84351887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488793)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488793/; classtype:trojan-activity;sid:84351893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488785)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/churn-prediction/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488785/; classtype:trojan-activity;sid:84351885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488781)"; flow:established,from_client; content:"GET"; http_method; content:"/millansan12/random-mnemonic-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488781/; classtype:trojan-activity;sid:84351881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488770)"; flow:established,from_client; content:"GET"; http_method; content:"/millansan12/random-mnemonic-phrase-generator/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488770/; classtype:trojan-activity;sid:84351870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488771)"; flow:established,from_client; content:"GET"; http_method; content:"/antoniomrbr/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488771/; classtype:trojan-activity;sid:84351871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488778)"; flow:established,from_client; content:"GET"; http_method; content:"/sickclaymaker/text-processing-tool/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488778/; classtype:trojan-activity;sid:84351878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488779)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488779/; classtype:trojan-activity;sid:84351879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488780)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v1.0.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488780/; classtype:trojan-activity;sid:84351880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488768)"; flow:established,from_client; content:"GET"; http_method; content:"/antoniomrbr/cosmicstar/releases/download/v1.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488768/; classtype:trojan-activity;sid:84351868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488769)"; flow:established,from_client; content:"GET"; http_method; content:"/relic87/blox-fruits-script-roblox/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488769/; classtype:trojan-activity;sid:84351869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488764)"; flow:established,from_client; content:"GET"; http_method; content:"/12345far/metrics-calculation-precision-recall/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488764/; classtype:trojan-activity;sid:84351864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488765)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v1.0.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488765/; classtype:trojan-activity;sid:84351865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488758)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488758/; classtype:trojan-activity;sid:84351858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488760)"; flow:established,from_client; content:"GET"; http_method; content:"/12345far/metrics-calculation-precision-recall/releases/download/v1.0/program.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488760/; classtype:trojan-activity;sid:84351860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488763)"; flow:established,from_client; content:"GET"; http_method; content:"/croissant-a/yahoo-finance/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488763/; classtype:trojan-activity;sid:84351863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488757)"; flow:established,from_client; content:"GET"; http_method; content:"/croissant-a/yahoo-finance/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488757/; classtype:trojan-activity;sid:84351857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488755)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v1.0/application.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488755/; classtype:trojan-activity;sid:84351855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488746)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v2.0/software.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488746/; classtype:trojan-activity;sid:84351846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488747)"; flow:established,from_client; content:"GET"; http_method; content:"/willpro34/in-surely/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488747/; classtype:trojan-activity;sid:84351847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488748)"; flow:established,from_client; content:"GET"; http_method; content:"/willpro34/in-surely/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488748/; classtype:trojan-activity;sid:84351848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488749)"; flow:established,from_client; content:"GET"; http_method; content:"/sytheflay1/oneclick-image-downloader-extension/releases/download/v1.0/application.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488749/; classtype:trojan-activity;sid:84351849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488751)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v1.0/soft.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488751/; classtype:trojan-activity;sid:84351851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488752)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488752/; classtype:trojan-activity;sid:84351852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488753)"; flow:established,from_client; content:"GET"; http_method; content:"/sytheflay1/oneclick-image-downloader-extension/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488753/; classtype:trojan-activity;sid:84351853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488754)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaiimage2/utils-linux/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488754/; classtype:trojan-activity;sid:84351854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488745)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaiimage2/utils-linux/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488745/; classtype:trojan-activity;sid:84351845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488729)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488729/; classtype:trojan-activity;sid:84351829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488730)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488730/; classtype:trojan-activity;sid:84351830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488731)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v2.0/software.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488731/; classtype:trojan-activity;sid:84351831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488732)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488732/; classtype:trojan-activity;sid:84351832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488733)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488733/; classtype:trojan-activity;sid:84351833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488734)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v1.0/release.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488734/; classtype:trojan-activity;sid:84351834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488735)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v1.0/program.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488735/; classtype:trojan-activity;sid:84351835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488736)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488736/; classtype:trojan-activity;sid:84351836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488737)"; flow:established,from_client; content:"GET"; http_method; content:"/kdieu1/avast-cleanup/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488737/; classtype:trojan-activity;sid:84351837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488738)"; flow:established,from_client; content:"GET"; http_method; content:"/kdieu1/avast-cleanup/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488738/; classtype:trojan-activity;sid:84351838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488739)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488739/; classtype:trojan-activity;sid:84351839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488740)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488740/; classtype:trojan-activity;sid:84351840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488741)"; flow:established,from_client; content:"GET"; http_method; content:"/jakester2020/designsystem/releases/download/v1.0/release.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488741/; classtype:trojan-activity;sid:84351841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488742)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488742/; classtype:trojan-activity;sid:84351842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488725)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488725/; classtype:trojan-activity;sid:84351825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488726)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v1.0/application.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488726/; classtype:trojan-activity;sid:84351826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488727)"; flow:established,from_client; content:"GET"; http_method; content:"/jakester2020/designsystem/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488727/; classtype:trojan-activity;sid:84351827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488728)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v2.0/software.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488728/; classtype:trojan-activity;sid:84351828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488722)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v1.0/program.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488722/; classtype:trojan-activity;sid:84351822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488723)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488723/; classtype:trojan-activity;sid:84351823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488724)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v1.0/program.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488724/; classtype:trojan-activity;sid:84351824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488721)"; flow:established,from_client; content:"GET"; http_method; content:"/byluu55/lumokit/releases/download/v1.0/program.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488721/; classtype:trojan-activity;sid:84351821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488720)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/program.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488720/; classtype:trojan-activity;sid:84351820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488712)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488712/; classtype:trojan-activity;sid:84351812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488713)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488713/; classtype:trojan-activity;sid:84351813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488714)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v1.0/program.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488714/; classtype:trojan-activity;sid:84351814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488715)"; flow:established,from_client; content:"GET"; http_method; content:"/turdtalker33/fitlink-fitness-tracker/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488715/; classtype:trojan-activity;sid:84351815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488716)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488716/; classtype:trojan-activity;sid:84351816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488705)"; flow:established,from_client; content:"GET"; http_method; content:"/byluu55/lumokit/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488705/; classtype:trojan-activity;sid:84351805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488706)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488706/; classtype:trojan-activity;sid:84351806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488708)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/application.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488708/; classtype:trojan-activity;sid:84351808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488709)"; flow:established,from_client; content:"GET"; http_method; content:"/b143659/mern-book-search-engine/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488709/; classtype:trojan-activity;sid:84351809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488710)"; flow:established,from_client; content:"GET"; http_method; content:"/turdtalker33/fitlink-fitness-tracker/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488710/; classtype:trojan-activity;sid:84351810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488702)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488702/; classtype:trojan-activity;sid:84351802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488703)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v2.0/software.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488703/; classtype:trojan-activity;sid:84351803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488704)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488704/; classtype:trojan-activity;sid:84351804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488700)"; flow:established,from_client; content:"GET"; http_method; content:"/b143659/mern-book-search-engine/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488700/; classtype:trojan-activity;sid:84351800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488699)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/program.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488699/; classtype:trojan-activity;sid:84351799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488697)"; flow:established,from_client; content:"GET"; http_method; content:"/hirosugoi/pi_full_monitor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488697/; classtype:trojan-activity;sid:84351797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488684)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488684/; classtype:trojan-activity;sid:84351784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488685)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenstarxtheking/sumitrmalik.io/releases/download/v1.0/soft.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488685/; classtype:trojan-activity;sid:84351785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488686)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488686/; classtype:trojan-activity;sid:84351786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488687)"; flow:established,from_client; content:"GET"; http_method; content:"/peashooter0001/ublue-os-cosmic/releases/download/v1.0/soft.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488687/; classtype:trojan-activity;sid:84351787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488688)"; flow:established,from_client; content:"GET"; http_method; content:"/hirosugoi/pi_full_monitor/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488688/; classtype:trojan-activity;sid:84351788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488689)"; flow:established,from_client; content:"GET"; http_method; content:"/lxlstepsup/event-management/releases/download/v1.0.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488689/; classtype:trojan-activity;sid:84351789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488690)"; flow:established,from_client; content:"GET"; http_method; content:"/lxlstepsup/event-management/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488690/; classtype:trojan-activity;sid:84351790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488691)"; flow:established,from_client; content:"GET"; http_method; content:"/ajain1414/web-analyzer-frontend/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488691/; classtype:trojan-activity;sid:84351791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488693)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenstarxtheking/sumitrmalik.io/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488693/; classtype:trojan-activity;sid:84351793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488696)"; flow:established,from_client; content:"GET"; http_method; content:"/rafinha0rafinha/web-analyzer-backend/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488696/; classtype:trojan-activity;sid:84351796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488680)"; flow:established,from_client; content:"GET"; http_method; content:"/cobra90vr/php-supabase-comments/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488680/; classtype:trojan-activity;sid:84351780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488681)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaa77/pixelated/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488681/; classtype:trojan-activity;sid:84351781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488682)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488682/; classtype:trojan-activity;sid:84351782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488683)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaa77/pixelated/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488683/; classtype:trojan-activity;sid:84351783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488679)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488679/; classtype:trojan-activity;sid:84351779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488678)"; flow:established,from_client; content:"GET"; http_method; content:"/peashooter0001/ublue-os-cosmic/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488678/; classtype:trojan-activity;sid:84351778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488671)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyayadav/ai-lead-generation-agent/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488671/; classtype:trojan-activity;sid:84351771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488672)"; flow:established,from_client; content:"GET"; http_method; content:"/xxmadkillerx10/data-engineering-zoomcamp/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488672/; classtype:trojan-activity;sid:84351772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488673)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488673/; classtype:trojan-activity;sid:84351773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488674)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488674/; classtype:trojan-activity;sid:84351774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488663)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488663/; classtype:trojan-activity;sid:84351763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488665)"; flow:established,from_client; content:"GET"; http_method; content:"/mooskifc/iobit-malware-fighter-pro-download/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488665/; classtype:trojan-activity;sid:84351765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488666)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488666/; classtype:trojan-activity;sid:84351766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488667)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyayadav/ai-lead-generation-agent/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488667/; classtype:trojan-activity;sid:84351767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488669)"; flow:established,from_client; content:"GET"; http_method; content:"/mooskifc/iobit-malware-fighter-pro-download/releases/download/v1.0/application.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488669/; classtype:trojan-activity;sid:84351769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488659)"; flow:established,from_client; content:"GET"; http_method; content:"/rzxmha/linear_algebra/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488659/; classtype:trojan-activity;sid:84351759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488661)"; flow:established,from_client; content:"GET"; http_method; content:"/xxmadkillerx10/data-engineering-zoomcamp/releases/download/v1.0/application.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488661/; classtype:trojan-activity;sid:84351761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488658)"; flow:established,from_client; content:"GET"; http_method; content:"/rzxmha/linear_algebra/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488658/; classtype:trojan-activity;sid:84351758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488657)"; flow:established,from_client; content:"GET"; http_method; content:"/llul5ive/maliang-extensions/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488657/; classtype:trojan-activity;sid:84351757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488656)"; flow:established,from_client; content:"GET"; http_method; content:"/luhi989/triviaquest/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488656/; classtype:trojan-activity;sid:84351756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488644)"; flow:established,from_client; content:"GET"; http_method; content:"/llul5ive/maliang-extensions/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488644/; classtype:trojan-activity;sid:84351744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488647)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488647/; classtype:trojan-activity;sid:84351747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488648)"; flow:established,from_client; content:"GET"; http_method; content:"/luhi989/triviaquest/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488648/; classtype:trojan-activity;sid:84351748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488649)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488649/; classtype:trojan-activity;sid:84351749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488651)"; flow:established,from_client; content:"GET"; http_method; content:"/ne-ted/free_us_investment_agent_system/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488651/; classtype:trojan-activity;sid:84351751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488652)"; flow:established,from_client; content:"GET"; http_method; content:"/otaviomsj/hdo-box-app/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488652/; classtype:trojan-activity;sid:84351752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488654)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488654/; classtype:trojan-activity;sid:84351754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488642)"; flow:established,from_client; content:"GET"; http_method; content:"/otaviomsj/hdo-box-app/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488642/; classtype:trojan-activity;sid:84351742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488643)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488643/; classtype:trojan-activity;sid:84351743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488636)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488636/; classtype:trojan-activity;sid:84351736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488637)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488637/; classtype:trojan-activity;sid:84351737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488638)"; flow:established,from_client; content:"GET"; http_method; content:"/maxt5n/deepseek-model-finetune-inference-platform/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488638/; classtype:trojan-activity;sid:84351738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488639)"; flow:established,from_client; content:"GET"; http_method; content:"/lalovargas69/dado/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488639/; classtype:trojan-activity;sid:84351739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488630)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488630/; classtype:trojan-activity;sid:84351730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488631)"; flow:established,from_client; content:"GET"; http_method; content:"/sudi008/mocha-job-portal-frontend/releases/download/v1.0/software.zip/"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488631/; classtype:trojan-activity;sid:84351731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488632)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488632/; classtype:trojan-activity;sid:84351732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488634)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488634/; classtype:trojan-activity;sid:84351734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488619)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisisme5/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488619/; classtype:trojan-activity;sid:84351719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488620)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488620/; classtype:trojan-activity;sid:84351720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488616)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip/"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488616/; classtype:trojan-activity;sid:84351716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488597)"; flow:established,from_client; content:"GET"; http_method; content:"/aashishpatil2001/coffee_causality/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488597/; classtype:trojan-activity;sid:84351697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488599)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488599/; classtype:trojan-activity;sid:84351699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488601)"; flow:established,from_client; content:"GET"; http_method; content:"/desarrolladorsoftwarejr/office-2024/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488601/; classtype:trojan-activity;sid:84351701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488602)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488602/; classtype:trojan-activity;sid:84351702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488605)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488605/; classtype:trojan-activity;sid:84351705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488606)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488606/; classtype:trojan-activity;sid:84351706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488608)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488608/; classtype:trojan-activity;sid:84351708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488609)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488609/; classtype:trojan-activity;sid:84351709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488610)"; flow:established,from_client; content:"GET"; http_method; content:"/awisyhaziq/g4/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488610/; classtype:trojan-activity;sid:84351710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488614)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488614/; classtype:trojan-activity;sid:84351714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488615)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488615/; classtype:trojan-activity;sid:84351715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488595)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488595/; classtype:trojan-activity;sid:84351695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488582)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v1.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488582/; classtype:trojan-activity;sid:84351682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488585)"; flow:established,from_client; content:"GET"; http_method; content:"/obaniissnek/earlycascade/releases/download/v2.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488585/; classtype:trojan-activity;sid:84351685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488587)"; flow:established,from_client; content:"GET"; http_method; content:"/fufulooky/life.html/releases/download/v2.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488587/; classtype:trojan-activity;sid:84351687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488566)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha911/detoxify/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488566/; classtype:trojan-activity;sid:84351666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488567)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488567/; classtype:trojan-activity;sid:84351667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488573)"; flow:established,from_client; content:"GET"; http_method; content:"/discord-link-redirect/hr-analytics-optimizer/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488573/; classtype:trojan-activity;sid:84351673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488574)"; flow:established,from_client; content:"GET"; http_method; content:"/discord-link-redirect/hr-analytics-optimizer/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488574/; classtype:trojan-activity;sid:84351674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488575)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha911/detoxify/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488575/; classtype:trojan-activity;sid:84351675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488580)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488580/; classtype:trojan-activity;sid:84351680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488581)"; flow:established,from_client; content:"GET"; http_method; content:"/iqquxd/futzin-online/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488581/; classtype:trojan-activity;sid:84351681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488547)"; flow:established,from_client; content:"GET"; http_method; content:"/trey89878668/dagger/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488547/; classtype:trojan-activity;sid:84351647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488548)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488548/; classtype:trojan-activity;sid:84351648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488549)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488549/; classtype:trojan-activity;sid:84351649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488550)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488550/; classtype:trojan-activity;sid:84351650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488551)"; flow:established,from_client; content:"GET"; http_method; content:"/nt8068/awp.gg-executor-roblox/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488551/; classtype:trojan-activity;sid:84351651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488552)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488552/; classtype:trojan-activity;sid:84351652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488554)"; flow:established,from_client; content:"GET"; http_method; content:"/itzidkmoment/flutter_flower_clone_app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488554/; classtype:trojan-activity;sid:84351654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488555)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488555/; classtype:trojan-activity;sid:84351655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488557)"; flow:established,from_client; content:"GET"; http_method; content:"/afonsosousait/freeroam/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488557/; classtype:trojan-activity;sid:84351657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488533)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488533/; classtype:trojan-activity;sid:84351633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488537)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488537/; classtype:trojan-activity;sid:84351637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488540)"; flow:established,from_client; content:"GET"; http_method; content:"/doomzday4032/blox-fruits-autofarm/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488540/; classtype:trojan-activity;sid:84351640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488541)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/smart-web-scraper-2.0-using-gen-ai/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488541/; classtype:trojan-activity;sid:84351641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488543)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488543/; classtype:trojan-activity;sid:84351643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488545)"; flow:established,from_client; content:"GET"; http_method; content:"/narfor502/cucumberbddframework/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488545/; classtype:trojan-activity;sid:84351645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488510)"; flow:established,from_client; content:"GET"; http_method; content:"/k4tuu/roblox-faxi-macro/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488510/; classtype:trojan-activity;sid:84351610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488511)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488511/; classtype:trojan-activity;sid:84351611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488514)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488514/; classtype:trojan-activity;sid:84351614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488505)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488505/; classtype:trojan-activity;sid:84351605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488477)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488477/; classtype:trojan-activity;sid:84351577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488478)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488478/; classtype:trojan-activity;sid:84351578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488480)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488480/; classtype:trojan-activity;sid:84351580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488483)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip/"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488483/; classtype:trojan-activity;sid:84351583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488485)"; flow:established,from_client; content:"GET"; http_method; content:"/ne-ted/free_us_investment_agent_system/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488485/; classtype:trojan-activity;sid:84351585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488487)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488487/; classtype:trojan-activity;sid:84351587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488488)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488488/; classtype:trojan-activity;sid:84351588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488490)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488490/; classtype:trojan-activity;sid:84351590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488492)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488492/; classtype:trojan-activity;sid:84351592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488494)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v2.0/software.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488494/; classtype:trojan-activity;sid:84351594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488495)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488495/; classtype:trojan-activity;sid:84351595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488496)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488496/; classtype:trojan-activity;sid:84351596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488497)"; flow:established,from_client; content:"GET"; http_method; content:"/globalnewsory/layeredge-auto-bot/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488497/; classtype:trojan-activity;sid:84351597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488498)"; flow:established,from_client; content:"GET"; http_method; content:"/rafy35198/jjsploit/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488498/; classtype:trojan-activity;sid:84351598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488499)"; flow:established,from_client; content:"GET"; http_method; content:"/double-back/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488499/; classtype:trojan-activity;sid:84351599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488500)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488500/; classtype:trojan-activity;sid:84351600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488501)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488501/; classtype:trojan-activity;sid:84351601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488502)"; flow:established,from_client; content:"GET"; http_method; content:"/devofss/leadfinder-agent/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488502/; classtype:trojan-activity;sid:84351602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488471)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488471/; classtype:trojan-activity;sid:84351571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488472)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488472/; classtype:trojan-activity;sid:84351572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488473)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip/"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488473/; classtype:trojan-activity;sid:84351573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488460)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488460/; classtype:trojan-activity;sid:84351560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488439)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488439/; classtype:trojan-activity;sid:84351539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488440)"; flow:established,from_client; content:"GET"; http_method; content:"/lordsatanthenuker/discorduniverse/releases/download/v2.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488440/; classtype:trojan-activity;sid:84351540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488441)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488441/; classtype:trojan-activity;sid:84351541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488436)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488436/; classtype:trojan-activity;sid:84351536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488433)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488433/; classtype:trojan-activity;sid:84351533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488434)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488434/; classtype:trojan-activity;sid:84351534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488426)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488426/; classtype:trojan-activity;sid:84351526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488427)"; flow:established,from_client; content:"GET"; http_method; content:"/calebtheman116/hotel_customers_sentiments/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488427/; classtype:trojan-activity;sid:84351527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488428)"; flow:established,from_client; content:"GET"; http_method; content:"/theoiscoollol/estatease.co/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488428/; classtype:trojan-activity;sid:84351528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488429)"; flow:established,from_client; content:"GET"; http_method; content:"/bnytgamer/wondershare-drfone-download/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488429/; classtype:trojan-activity;sid:84351529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488430)"; flow:established,from_client; content:"GET"; http_method; content:"/bnytgamer/wondershare-drfone-download/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488430/; classtype:trojan-activity;sid:84351530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488431)"; flow:established,from_client; content:"GET"; http_method; content:"/calebtheman116/hotel_customers_sentiments/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488431/; classtype:trojan-activity;sid:84351531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488425)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488425/; classtype:trojan-activity;sid:84351525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488424)"; flow:established,from_client; content:"GET"; http_method; content:"/theoiscoollol/estatease.co/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488424/; classtype:trojan-activity;sid:84351524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488413)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar09284/nuxt-swal/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488413/; classtype:trojan-activity;sid:84351513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488412)"; flow:established,from_client; content:"GET"; http_method; content:"/lolvr69/llms-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488412/; classtype:trojan-activity;sid:84351512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488397)"; flow:established,from_client; content:"GET"; http_method; content:"/whitreyce3/paytasker-client/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488397/; classtype:trojan-activity;sid:84351497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488400)"; flow:established,from_client; content:"GET"; http_method; content:"/hannesfht/hotel-reservation-analysis-dashboard/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488400/; classtype:trojan-activity;sid:84351500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488401)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar09284/nuxt-swal/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488401/; classtype:trojan-activity;sid:84351501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488406)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488406/; classtype:trojan-activity;sid:84351506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488409)"; flow:established,from_client; content:"GET"; http_method; content:"/dongskie43/nlp-engineering-hub/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488409/; classtype:trojan-activity;sid:84351509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488410)"; flow:established,from_client; content:"GET"; http_method; content:"/cursrrx/zero-overhead-promise-lock/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488410/; classtype:trojan-activity;sid:84351510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488411)"; flow:established,from_client; content:"GET"; http_method; content:"/hannesfht/hotel-reservation-analysis-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488411/; classtype:trojan-activity;sid:84351511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488387)"; flow:established,from_client; content:"GET"; http_method; content:"/elfranp4/safespace/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488387/; classtype:trojan-activity;sid:84351487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488392)"; flow:established,from_client; content:"GET"; http_method; content:"/elfranp4/safespace/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488392/; classtype:trojan-activity;sid:84351492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488393)"; flow:established,from_client; content:"GET"; http_method; content:"/sudjgfajshdgajsdh/mojo-ui/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488393/; classtype:trojan-activity;sid:84351493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488394)"; flow:established,from_client; content:"GET"; http_method; content:"/whitreyce3/paytasker-client/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488394/; classtype:trojan-activity;sid:84351494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488396)"; flow:established,from_client; content:"GET"; http_method; content:"/dongskie43/nlp-engineering-hub/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488396/; classtype:trojan-activity;sid:84351496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488385)"; flow:established,from_client; content:"GET"; http_method; content:"/edhmatinlassi/slf4j-examples/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488385/; classtype:trojan-activity;sid:84351485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488386)"; flow:established,from_client; content:"GET"; http_method; content:"/sudjgfajshdgajsdh/mojo-ui/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488386/; classtype:trojan-activity;sid:84351486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488381)"; flow:established,from_client; content:"GET"; http_method; content:"/vascoverde/rainfall-monitoring-system-iot/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488381/; classtype:trojan-activity;sid:84351481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488383)"; flow:established,from_client; content:"GET"; http_method; content:"/edhmatinlassi/slf4j-examples/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488383/; classtype:trojan-activity;sid:84351483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488379)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwin-wright/image-url-converter/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488379/; classtype:trojan-activity;sid:84351479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488380)"; flow:established,from_client; content:"GET"; http_method; content:"/vascoverde/rainfall-monitoring-system-iot/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488380/; classtype:trojan-activity;sid:84351480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488374)"; flow:established,from_client; content:"GET"; http_method; content:"/lolvr69/llms-from-scratch/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488374/; classtype:trojan-activity;sid:84351474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488368)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488368/; classtype:trojan-activity;sid:84351468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488350/; classtype:trojan-activity;sid:84351450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488351)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfurrcann/any-listen/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488351/; classtype:trojan-activity;sid:84351451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488352)"; flow:established,from_client; content:"GET"; http_method; content:"/helic2355/clatsworth/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488352/; classtype:trojan-activity;sid:84351452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488353)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfurrcann/any-listen/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488353/; classtype:trojan-activity;sid:84351453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488354)"; flow:established,from_client; content:"GET"; http_method; content:"/axodoof/numeronym-generator/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488354/; classtype:trojan-activity;sid:84351454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488355)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488355/; classtype:trojan-activity;sid:84351455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488356)"; flow:established,from_client; content:"GET"; http_method; content:"/helic2355/clatsworth/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488356/; classtype:trojan-activity;sid:84351456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488357)"; flow:established,from_client; content:"GET"; http_method; content:"/joshue2006/llm-reasoner/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488357/; classtype:trojan-activity;sid:84351457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488358)"; flow:established,from_client; content:"GET"; http_method; content:"/francisco5577/ffmp/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488358/; classtype:trojan-activity;sid:84351458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488359)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488359/; classtype:trojan-activity;sid:84351459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488360)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488360/; classtype:trojan-activity;sid:84351460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488361)"; flow:established,from_client; content:"GET"; http_method; content:"/joshue2006/llm-reasoner/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488361/; classtype:trojan-activity;sid:84351461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488363)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488363/; classtype:trojan-activity;sid:84351463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488365)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/player-engagement-system/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488365/; classtype:trojan-activity;sid:84351465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488366)"; flow:established,from_client; content:"GET"; http_method; content:"/dannythescripter/rails-modern-stack-template/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488366/; classtype:trojan-activity;sid:84351466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488349)"; flow:established,from_client; content:"GET"; http_method; content:"/quocbaovioedu/squibview/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488349/; classtype:trojan-activity;sid:84351449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488348)"; flow:established,from_client; content:"GET"; http_method; content:"/darkskin508/thor/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488348/; classtype:trojan-activity;sid:84351448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488344)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedthegoat10/inklink/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488344/; classtype:trojan-activity;sid:84351444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488346)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488346/; classtype:trojan-activity;sid:84351446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488347)"; flow:established,from_client; content:"GET"; http_method; content:"/leaf342/liveexec32/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488347/; classtype:trojan-activity;sid:84351447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488329)"; flow:established,from_client; content:"GET"; http_method; content:"/nigsgehe/leakygpt/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488329/; classtype:trojan-activity;sid:84351429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488330)"; flow:established,from_client; content:"GET"; http_method; content:"/ego-creator/hepmassclassification/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488330/; classtype:trojan-activity;sid:84351430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488331)"; flow:established,from_client; content:"GET"; http_method; content:"/ego-creator/hepmassclassification/releases/download/v1.0/installer.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488331/; classtype:trojan-activity;sid:84351431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488333)"; flow:established,from_client; content:"GET"; http_method; content:"/elfrijoles/navengine/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488333/; classtype:trojan-activity;sid:84351433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488334/; classtype:trojan-activity;sid:84351434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488335)"; flow:established,from_client; content:"GET"; http_method; content:"/juanpepep213/hummingbird-wallet/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488335/; classtype:trojan-activity;sid:84351435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488336/; classtype:trojan-activity;sid:84351436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488337)"; flow:established,from_client; content:"GET"; http_method; content:"/quocbaovioedu/squibview/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488337/; classtype:trojan-activity;sid:84351437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488339)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488339/; classtype:trojan-activity;sid:84351439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488341)"; flow:established,from_client; content:"GET"; http_method; content:"/dy1365/smiles2dta-demo/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488341/; classtype:trojan-activity;sid:84351441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488343)"; flow:established,from_client; content:"GET"; http_method; content:"/leaf342/liveexec32/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488343/; classtype:trojan-activity;sid:84351443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488325)"; flow:established,from_client; content:"GET"; http_method; content:"/yunichi/livekit-voice-ai-agent-setup/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488325/; classtype:trojan-activity;sid:84351425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488327)"; flow:established,from_client; content:"GET"; http_method; content:"/dy1365/smiles2dta-demo/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488327/; classtype:trojan-activity;sid:84351427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488323)"; flow:established,from_client; content:"GET"; http_method; content:"/darkskin508/thor/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488323/; classtype:trojan-activity;sid:84351423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488320)"; flow:established,from_client; content:"GET"; http_method; content:"/nigsgehe/leakygpt/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488320/; classtype:trojan-activity;sid:84351420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488322)"; flow:established,from_client; content:"GET"; http_method; content:"/juanpepep213/hummingbird-wallet/releases/download/v1.0/installer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488322/; classtype:trojan-activity;sid:84351422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488309)"; flow:established,from_client; content:"GET"; http_method; content:"/dianfauzi16/school-project/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488309/; classtype:trojan-activity;sid:84351409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488311)"; flow:established,from_client; content:"GET"; http_method; content:"/duyanh2017/keyauth-imgui-example-protected/releases/download/v1.0/installer.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488311/; classtype:trojan-activity;sid:84351411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488312)"; flow:established,from_client; content:"GET"; http_method; content:"/woo071002/parcel-management-system/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488312/; classtype:trojan-activity;sid:84351412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488314)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488314/; classtype:trojan-activity;sid:84351414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488305)"; flow:established,from_client; content:"GET"; http_method; content:"/duyanh2017/keyauth-imgui-example-protected/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488305/; classtype:trojan-activity;sid:84351405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488306)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v1.0/installer.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488306/; classtype:trojan-activity;sid:84351406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488307)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488307/; classtype:trojan-activity;sid:84351407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488308)"; flow:established,from_client; content:"GET"; http_method; content:"/woo071002/parcel-management-system/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488308/; classtype:trojan-activity;sid:84351408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488304)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488304/; classtype:trojan-activity;sid:84351404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488294)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488294/; classtype:trojan-activity;sid:84351394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488295)"; flow:established,from_client; content:"GET"; http_method; content:"/james14669/react-flames-calculator/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488295/; classtype:trojan-activity;sid:84351395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488297)"; flow:established,from_client; content:"GET"; http_method; content:"/agaztya/trezor-suite-official-wallet-management/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488297/; classtype:trojan-activity;sid:84351397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488285)"; flow:established,from_client; content:"GET"; http_method; content:"/idk471/dmail_classicemail_docs/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488285/; classtype:trojan-activity;sid:84351385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488288)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v1.0/release.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488288/; classtype:trojan-activity;sid:84351388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488291)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonnic/blue-warehousing-system/releases/download/v1.0/release.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488291/; classtype:trojan-activity;sid:84351391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488293)"; flow:established,from_client; content:"GET"; http_method; content:"/imthegoat123456/snu_2d_programmingtools_ide_2-dimensional-array/releases/download/v1.0/release.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488293/; classtype:trojan-activity;sid:84351393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488266)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488266/; classtype:trojan-activity;sid:84351366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488267)"; flow:established,from_client; content:"GET"; http_method; content:"/agaztya/trezor-suite-official-wallet-management/releases/download/v1.0/installer.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488267/; classtype:trojan-activity;sid:84351367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488268)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v1.0/installer.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488268/; classtype:trojan-activity;sid:84351368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488269)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488269/; classtype:trojan-activity;sid:84351369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488270)"; flow:established,from_client; content:"GET"; http_method; content:"/n0tunknown/autonics/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488270/; classtype:trojan-activity;sid:84351370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488271)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonnic/blue-warehousing-system/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488271/; classtype:trojan-activity;sid:84351371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488273)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488273/; classtype:trojan-activity;sid:84351373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488274)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488274/; classtype:trojan-activity;sid:84351374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488275)"; flow:established,from_client; content:"GET"; http_method; content:"/mcflury62/zipsnipp/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488275/; classtype:trojan-activity;sid:84351375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488276)"; flow:established,from_client; content:"GET"; http_method; content:"/n0tunknown/autonics/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488276/; classtype:trojan-activity;sid:84351376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488281)"; flow:established,from_client; content:"GET"; http_method; content:"/imthegoat123456/snu_2d_programmingtools_ide_2-dimensional-array/releases/download/v2.0/software.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488281/; classtype:trojan-activity;sid:84351381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488282)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v1.0/release.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488282/; classtype:trojan-activity;sid:84351382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488264)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488264/; classtype:trojan-activity;sid:84351364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488261)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488261/; classtype:trojan-activity;sid:84351361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488262)"; flow:established,from_client; content:"GET"; http_method; content:"/mcflury62/zipsnipp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488262/; classtype:trojan-activity;sid:84351362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488241)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito090/pingrabber/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488241/; classtype:trojan-activity;sid:84351341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488242)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty-goat/despeedbot/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488242/; classtype:trojan-activity;sid:84351342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488243)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488243/; classtype:trojan-activity;sid:84351343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488244)"; flow:established,from_client; content:"GET"; http_method; content:"/hermogenesjr/qeats/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488244/; classtype:trojan-activity;sid:84351344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488245)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488245/; classtype:trojan-activity;sid:84351345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488233)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488233/; classtype:trojan-activity;sid:84351333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488234)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488234/; classtype:trojan-activity;sid:84351334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488235)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito090/pingrabber/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488235/; classtype:trojan-activity;sid:84351335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488236)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488236/; classtype:trojan-activity;sid:84351336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488238)"; flow:established,from_client; content:"GET"; http_method; content:"/champtamutami/deepseek-azure-javascript/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488238/; classtype:trojan-activity;sid:84351338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488239)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488239/; classtype:trojan-activity;sid:84351339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488229)"; flow:established,from_client; content:"GET"; http_method; content:"/rieeeerieeee/understanding-react/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488229/; classtype:trojan-activity;sid:84351329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488230)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty-goat/despeedbot/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488230/; classtype:trojan-activity;sid:84351330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488214)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito1110/licenses/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488214/; classtype:trojan-activity;sid:84351314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488213)"; flow:established,from_client; content:"GET"; http_method; content:"/vsparedes/pycalc/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488213/; classtype:trojan-activity;sid:84351313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488207)"; flow:established,from_client; content:"GET"; http_method; content:"/egejuniyors/parvanota/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488207/; classtype:trojan-activity;sid:84351307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488208)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488208/; classtype:trojan-activity;sid:84351308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488209)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488209/; classtype:trojan-activity;sid:84351309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488210)"; flow:established,from_client; content:"GET"; http_method; content:"/fluidx2/roombooking_application/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488210/; classtype:trojan-activity;sid:84351310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488211)"; flow:established,from_client; content:"GET"; http_method; content:"/viper700pro/serum-vst-installer-2024-free/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488211/; classtype:trojan-activity;sid:84351311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488212)"; flow:established,from_client; content:"GET"; http_method; content:"/jentao1234/guiamestre.js/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488212/; classtype:trojan-activity;sid:84351312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488206)"; flow:established,from_client; content:"GET"; http_method; content:"/damaonly/android-worker/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488206/; classtype:trojan-activity;sid:84351306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488203)"; flow:established,from_client; content:"GET"; http_method; content:"/ella00311/erugo/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488203/; classtype:trojan-activity;sid:84351303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488204)"; flow:established,from_client; content:"GET"; http_method; content:"/jentao1234/guiamestre.js/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488204/; classtype:trojan-activity;sid:84351304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488182)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488182/; classtype:trojan-activity;sid:84351282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488184)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488184/; classtype:trojan-activity;sid:84351284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488185)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488185/; classtype:trojan-activity;sid:84351285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488186)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488186/; classtype:trojan-activity;sid:84351286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488187)"; flow:established,from_client; content:"GET"; http_method; content:"/fatai-mateen/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488187/; classtype:trojan-activity;sid:84351287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488188)"; flow:established,from_client; content:"GET"; http_method; content:"/fatai-mateen/shadowtool/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488188/; classtype:trojan-activity;sid:84351288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488181)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488181/; classtype:trojan-activity;sid:84351281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488178)"; flow:established,from_client; content:"GET"; http_method; content:"/mantokarev/silencegen/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488178/; classtype:trojan-activity;sid:84351278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488179)"; flow:established,from_client; content:"GET"; http_method; content:"/mantokarev/silencegen/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488179/; classtype:trojan-activity;sid:84351279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488180)"; flow:established,from_client; content:"GET"; http_method; content:"/jusjus-m/map/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488180/; classtype:trojan-activity;sid:84351280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488160)"; flow:established,from_client; content:"GET"; http_method; content:"/waleeddevel/driver-booster-pro-installer-2025/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488160/; classtype:trojan-activity;sid:84351260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488161)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488161/; classtype:trojan-activity;sid:84351261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488157)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488157/; classtype:trojan-activity;sid:84351257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488154)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488154/; classtype:trojan-activity;sid:84351254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488156)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488156/; classtype:trojan-activity;sid:84351256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488147)"; flow:established,from_client; content:"GET"; http_method; content:"/arya-gg/axium/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488147/; classtype:trojan-activity;sid:84351247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488148)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488148/; classtype:trojan-activity;sid:84351248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488149)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488149/; classtype:trojan-activity;sid:84351249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488150)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488150/; classtype:trojan-activity;sid:84351250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488152)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488152/; classtype:trojan-activity;sid:84351252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488153)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488153/; classtype:trojan-activity;sid:84351253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488146)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488146/; classtype:trojan-activity;sid:84351246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488128)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488128/; classtype:trojan-activity;sid:84351228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488129)"; flow:established,from_client; content:"GET"; http_method; content:"/tim2010990106/catalogue-of-languages/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488129/; classtype:trojan-activity;sid:84351229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488132)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488132/; classtype:trojan-activity;sid:84351232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488133)"; flow:established,from_client; content:"GET"; http_method; content:"/patacalida/churn-prediction/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488133/; classtype:trojan-activity;sid:84351233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488134)"; flow:established,from_client; content:"GET"; http_method; content:"/iguit-1/instagramuseranalysis/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488134/; classtype:trojan-activity;sid:84351234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488125)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488125/; classtype:trojan-activity;sid:84351225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488126)"; flow:established,from_client; content:"GET"; http_method; content:"/tim2010990106/catalogue-of-languages/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488126/; classtype:trojan-activity;sid:84351226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488124)"; flow:established,from_client; content:"GET"; http_method; content:"/miyajianimation/spam-filter/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488124/; classtype:trojan-activity;sid:84351224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488114)"; flow:established,from_client; content:"GET"; http_method; content:"/lleonex/marsdevx/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488114/; classtype:trojan-activity;sid:84351214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488111)"; flow:established,from_client; content:"GET"; http_method; content:"/sinelli/a2.games/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488111/; classtype:trojan-activity;sid:84351211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488098)"; flow:established,from_client; content:"GET"; http_method; content:"/prakrititz/deepwater/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488098/; classtype:trojan-activity;sid:84351198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488099)"; flow:established,from_client; content:"GET"; http_method; content:"/hackedbysushi/local_deep_seek/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488099/; classtype:trojan-activity;sid:84351199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488100)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/leaf/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488100/; classtype:trojan-activity;sid:84351200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488101)"; flow:established,from_client; content:"GET"; http_method; content:"/dkpetrov/agent-flux/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488101/; classtype:trojan-activity;sid:84351201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488102)"; flow:established,from_client; content:"GET"; http_method; content:"/futurinav/esteai/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488102/; classtype:trojan-activity;sid:84351202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488090)"; flow:established,from_client; content:"GET"; http_method; content:"/maxiazzinnari/mint-nft-on-sui/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488090/; classtype:trojan-activity;sid:84351190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488091)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsankhan55/send-form-email/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488091/; classtype:trojan-activity;sid:84351191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488092)"; flow:established,from_client; content:"GET"; http_method; content:"/faheem6969/citrix-workspace-software/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488092/; classtype:trojan-activity;sid:84351192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488093)"; flow:established,from_client; content:"GET"; http_method; content:"/erick265/telegramchatorganizer/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488093/; classtype:trojan-activity;sid:84351193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488079)"; flow:established,from_client; content:"GET"; http_method; content:"/alsooory/svg-templates/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488079/; classtype:trojan-activity;sid:84351179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488080)"; flow:established,from_client; content:"GET"; http_method; content:"/fadoulsaboune/amazon-power-bi-dashboard/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488080/; classtype:trojan-activity;sid:84351180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488082)"; flow:established,from_client; content:"GET"; http_method; content:"/thehitter98709/gitkot/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488082/; classtype:trojan-activity;sid:84351182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488083)"; flow:established,from_client; content:"GET"; http_method; content:"/moshe236/vanishmail/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488083/; classtype:trojan-activity;sid:84351183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488085)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbysaremine/hb2/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488085/; classtype:trojan-activity;sid:84351185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488087)"; flow:established,from_client; content:"GET"; http_method; content:"/vickorkumar/666/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488087/; classtype:trojan-activity;sid:84351187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488088)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/cloudflare-dns-swarm/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488088/; classtype:trojan-activity;sid:84351188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488073)"; flow:established,from_client; content:"GET"; http_method; content:"/frogmen123/saas-billing-tracker/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488073/; classtype:trojan-activity;sid:84351173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488075)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488075/; classtype:trojan-activity;sid:84351175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488067)"; flow:established,from_client; content:"GET"; http_method; content:"/sudi008/mocha-job-portal-frontend/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488067/; classtype:trojan-activity;sid:84351167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488065)"; flow:established,from_client; content:"GET"; http_method; content:"/nirvash27/doctor-dok/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488065/; classtype:trojan-activity;sid:84351165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488062)"; flow:established,from_client; content:"GET"; http_method; content:"/afthab21/movieapp/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488062/; classtype:trojan-activity;sid:84351162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488059)"; flow:established,from_client; content:"GET"; http_method; content:"/btl-ltw/back-end/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488059/; classtype:trojan-activity;sid:84351159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488061)"; flow:established,from_client; content:"GET"; http_method; content:"/ayobcoding/deep-research-py/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488061/; classtype:trojan-activity;sid:84351161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488054)"; flow:established,from_client; content:"GET"; http_method; content:"/keanusmall/sahimatch.ai/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488054/; classtype:trojan-activity;sid:84351154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488056)"; flow:established,from_client; content:"GET"; http_method; content:"/smj3300fn/fff/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488056/; classtype:trojan-activity;sid:84351156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488057)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandro5486/infestuswebapp/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488057/; classtype:trojan-activity;sid:84351157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488035)"; flow:established,from_client; content:"GET"; http_method; content:"/kossiw/olievra/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488035/; classtype:trojan-activity;sid:84351135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488036)"; flow:established,from_client; content:"GET"; http_method; content:"/nodiq/tempmail/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488036/; classtype:trojan-activity;sid:84351136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488037)"; flow:established,from_client; content:"GET"; http_method; content:"/narrr16/pihole-ausnews/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488037/; classtype:trojan-activity;sid:84351137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488044)"; flow:established,from_client; content:"GET"; http_method; content:"/klhaus24/android-x64_livecd_13b_docs/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488044/; classtype:trojan-activity;sid:84351144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488045)"; flow:established,from_client; content:"GET"; http_method; content:"/narrr16/pihole-ausnews/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488045/; classtype:trojan-activity;sid:84351145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488046)"; flow:established,from_client; content:"GET"; http_method; content:"/keitaro000/oliver-3/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488046/; classtype:trojan-activity;sid:84351146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488024)"; flow:established,from_client; content:"GET"; http_method; content:"/rila111/content2map/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488024/; classtype:trojan-activity;sid:84351124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488025)"; flow:established,from_client; content:"GET"; http_method; content:"/alfa786-creator/pic-squeeze/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488025/; classtype:trojan-activity;sid:84351125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488026)"; flow:established,from_client; content:"GET"; http_method; content:"/lalovargas69/pixel-gun-3d-pc-cheats/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488026/; classtype:trojan-activity;sid:84351126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488027)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/mandragora/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488027/; classtype:trojan-activity;sid:84351127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488028)"; flow:established,from_client; content:"GET"; http_method; content:"/sudhanshu182004/ml-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488028/; classtype:trojan-activity;sid:84351128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488029)"; flow:established,from_client; content:"GET"; http_method; content:"/confidencemedia/switch-timeframes-keys/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488029/; classtype:trojan-activity;sid:84351129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488030)"; flow:established,from_client; content:"GET"; http_method; content:"/mrcaptain27/lianjiascraper/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488030/; classtype:trojan-activity;sid:84351130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488033)"; flow:established,from_client; content:"GET"; http_method; content:"/platha19vsb/dcf-valuation/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488033/; classtype:trojan-activity;sid:84351133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488034)"; flow:established,from_client; content:"GET"; http_method; content:"/yogeshnicks/loader-ldtk/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488034/; classtype:trojan-activity;sid:84351134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488023)"; flow:established,from_client; content:"GET"; http_method; content:"/vukhang16/ggg/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488023/; classtype:trojan-activity;sid:84351123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488021)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488021/; classtype:trojan-activity;sid:84351121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488010)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488010/; classtype:trojan-activity;sid:84351110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488011)"; flow:established,from_client; content:"GET"; http_method; content:"/cedrickly/master-s-research-project/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488011/; classtype:trojan-activity;sid:84351111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488012)"; flow:established,from_client; content:"GET"; http_method; content:"/murodsb/bool-automation-script/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488012/; classtype:trojan-activity;sid:84351112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488014)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488014/; classtype:trojan-activity;sid:84351114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488015)"; flow:established,from_client; content:"GET"; http_method; content:"/manangoyal-coder/dosint/releases/download/v1.0/app.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488015/; classtype:trojan-activity;sid:84351115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488016)"; flow:established,from_client; content:"GET"; http_method; content:"/rizki7680/auto-gmtsar-setup/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488016/; classtype:trojan-activity;sid:84351116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488017)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488017/; classtype:trojan-activity;sid:84351117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488018)"; flow:established,from_client; content:"GET"; http_method; content:"/perish76b/ratter-app/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488018/; classtype:trojan-activity;sid:84351118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488008)"; flow:established,from_client; content:"GET"; http_method; content:"/manangoyal-coder/dosint/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488008/; classtype:trojan-activity;sid:84351108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488009)"; flow:established,from_client; content:"GET"; http_method; content:"/murodsb/bool-automation-script/releases/download/v1.0/app.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488009/; classtype:trojan-activity;sid:84351109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488006)"; flow:established,from_client; content:"GET"; http_method; content:"/ttoyi/basic-web-auth/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488006/; classtype:trojan-activity;sid:84351106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488007)"; flow:established,from_client; content:"GET"; http_method; content:"/subhankarpramanik/drfone-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488007/; classtype:trojan-activity;sid:84351107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487999)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenyy/prestigepreview_python_docs/releases/download/v1.0/app.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487999/; classtype:trojan-activity;sid:84351099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488000)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488000/; classtype:trojan-activity;sid:84351100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488001)"; flow:established,from_client; content:"GET"; http_method; content:"/riusni/zipship-parcel-management-client/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488001/; classtype:trojan-activity;sid:84351101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488002)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenyy/prestigepreview_python_docs/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488002/; classtype:trojan-activity;sid:84351102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487995)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487995/; classtype:trojan-activity;sid:84351095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487996)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487996/; classtype:trojan-activity;sid:84351096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487997)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowmask0/remix-app/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487997/; classtype:trojan-activity;sid:84351097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487994)"; flow:established,from_client; content:"GET"; http_method; content:"/raiokkj/avs-audio-converter-free/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487994/; classtype:trojan-activity;sid:84351094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487990)"; flow:established,from_client; content:"GET"; http_method; content:"/lochielochie/open-deep-research/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487990/; classtype:trojan-activity;sid:84351090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487981)"; flow:established,from_client; content:"GET"; http_method; content:"/dedywahyudi1/minesweeper/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487981/; classtype:trojan-activity;sid:84351081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487982)"; flow:established,from_client; content:"GET"; http_method; content:"/riusni/zipship-parcel-management-client/releases/download/v1.0/app.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487982/; classtype:trojan-activity;sid:84351082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487983)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487983/; classtype:trojan-activity;sid:84351083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487984)"; flow:established,from_client; content:"GET"; http_method; content:"/cedrickly/master-s-research-project/releases/download/v1.0/app.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487984/; classtype:trojan-activity;sid:84351084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487985)"; flow:established,from_client; content:"GET"; http_method; content:"/hotdogcookie20/yingyanai/releases/download/v1.0/app.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487985/; classtype:trojan-activity;sid:84351085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487986)"; flow:established,from_client; content:"GET"; http_method; content:"/biggobble46/freeddit/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487986/; classtype:trojan-activity;sid:84351086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487987)"; flow:established,from_client; content:"GET"; http_method; content:"/m2iq1/sendfakebtc/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487987/; classtype:trojan-activity;sid:84351087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487979)"; flow:established,from_client; content:"GET"; http_method; content:"/lochielochie/open-deep-research/releases/download/v1.0/app.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487979/; classtype:trojan-activity;sid:84351079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487980)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodbag/prestigepreview_webgl_docs/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487980/; classtype:trojan-activity;sid:84351080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487977)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487977/; classtype:trojan-activity;sid:84351077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487978)"; flow:established,from_client; content:"GET"; http_method; content:"/tukiiq9/assertive/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487978/; classtype:trojan-activity;sid:84351078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487972)"; flow:established,from_client; content:"GET"; http_method; content:"/dedywahyudi1/minesweeper/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487972/; classtype:trojan-activity;sid:84351072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487974)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487974/; classtype:trojan-activity;sid:84351074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487975)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487975/; classtype:trojan-activity;sid:84351075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487966)"; flow:established,from_client; content:"GET"; http_method; content:"/subhankarpramanik/drfone-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487966/; classtype:trojan-activity;sid:84351066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487969)"; flow:established,from_client; content:"GET"; http_method; content:"/123450-cloud/bestcodes.dev/releases/download/v1.0/app.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487969/; classtype:trojan-activity;sid:84351069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487964)"; flow:established,from_client; content:"GET"; http_method; content:"/vjgara/vuescan-pro-free/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487964/; classtype:trojan-activity;sid:84351064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487958)"; flow:established,from_client; content:"GET"; http_method; content:"/123450-cloud/bestcodes.dev/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487958/; classtype:trojan-activity;sid:84351058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487961)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487961/; classtype:trojan-activity;sid:84351061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487962)"; flow:established,from_client; content:"GET"; http_method; content:"/vjgara/vuescan-pro-free/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487962/; classtype:trojan-activity;sid:84351062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487947)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487947/; classtype:trojan-activity;sid:84351047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487948)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanpoo/babyblog/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487948/; classtype:trojan-activity;sid:84351048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487949)"; flow:established,from_client; content:"GET"; http_method; content:"/namensenn/coding-practice-32-car/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487949/; classtype:trojan-activity;sid:84351049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487950)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487950/; classtype:trojan-activity;sid:84351050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487951)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/tm1637_pico/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487951/; classtype:trojan-activity;sid:84351051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487952)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487952/; classtype:trojan-activity;sid:84351052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487953)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487953/; classtype:trojan-activity;sid:84351053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487954)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487954/; classtype:trojan-activity;sid:84351054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487955)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487955/; classtype:trojan-activity;sid:84351055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487956)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487956/; classtype:trojan-activity;sid:84351056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487943)"; flow:established,from_client; content:"GET"; http_method; content:"/okijuinhbugvygbuhi/concept/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487943/; classtype:trojan-activity;sid:84351043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487944)"; flow:established,from_client; content:"GET"; http_method; content:"/hafijulkhan786/fhnw-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487944/; classtype:trojan-activity;sid:84351044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487945)"; flow:established,from_client; content:"GET"; http_method; content:"/rizki7680/auto-gmtsar-setup/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487945/; classtype:trojan-activity;sid:84351045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487941)"; flow:established,from_client; content:"GET"; http_method; content:"/hotdogcookie20/yingyanai/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487941/; classtype:trojan-activity;sid:84351041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487939)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487939/; classtype:trojan-activity;sid:84351039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487940)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/mediassist/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487940/; classtype:trojan-activity;sid:84351040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487935)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487935/; classtype:trojan-activity;sid:84351035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487937)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487937/; classtype:trojan-activity;sid:84351037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487938)"; flow:established,from_client; content:"GET"; http_method; content:"/namensenn/coding-practice-32-car/releases/download/v1.0/app.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487938/; classtype:trojan-activity;sid:84351038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487933)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487933/; classtype:trojan-activity;sid:84351033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487934)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanpoo/babyblog/releases/download/v1.0/app.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487934/; classtype:trojan-activity;sid:84351034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487930)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487930/; classtype:trojan-activity;sid:84351030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487931)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487931/; classtype:trojan-activity;sid:84351031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487932)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodbag/prestigepreview_webgl_docs/releases/download/v1.0/app.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487932/; classtype:trojan-activity;sid:84351032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487927)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487927/; classtype:trojan-activity;sid:84351027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487926)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/mediassist/releases/download/v1.0/app.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487926/; classtype:trojan-activity;sid:84351026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487924)"; flow:established,from_client; content:"GET"; http_method; content:"/ttoyi/basic-web-auth/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487924/; classtype:trojan-activity;sid:84351024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487918)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487918/; classtype:trojan-activity;sid:84351018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487919)"; flow:established,from_client; content:"GET"; http_method; content:"/ydpox/snu_2d_programmingtools_ide_alpine-abuild/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487919/; classtype:trojan-activity;sid:84351019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487920)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v1.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487920/; classtype:trojan-activity;sid:84351020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487921)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487921/; classtype:trojan-activity;sid:84351021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487916)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487916/; classtype:trojan-activity;sid:84351016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487912)"; flow:established,from_client; content:"GET"; http_method; content:"/envility/pic18f56q24-cnano-8bit-mdfu-solution-mplab-mcc/releases/download/v2.0/software.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487912/; classtype:trojan-activity;sid:84351012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487914)"; flow:established,from_client; content:"GET"; http_method; content:"/ydpox/snu_2d_programmingtools_ide_alpine-abuild/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487914/; classtype:trojan-activity;sid:84351014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487907)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487907/; classtype:trojan-activity;sid:84351007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487908)"; flow:established,from_client; content:"GET"; http_method; content:"/m2iq1/sendfakebtc/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487908/; classtype:trojan-activity;sid:84351008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487909)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487909/; classtype:trojan-activity;sid:84351009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487910)"; flow:established,from_client; content:"GET"; http_method; content:"/maxt5n/deepseek-model-finetune-inference-platform/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487910/; classtype:trojan-activity;sid:84351010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487911)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487911/; classtype:trojan-activity;sid:84351011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487905)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v2.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487905/; classtype:trojan-activity;sid:84351005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487902)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487902/; classtype:trojan-activity;sid:84351002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487504)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.11.229.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487504/; classtype:trojan-activity;sid:84350604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487357)"; flow:established,from_client; content:"GET"; http_method; content:"/earth789dadadad/roblox-scriptify/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487357/; classtype:trojan-activity;sid:84350457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487360)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bhh666666666666/raw/refs/heads/main/service.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487360/; classtype:trojan-activity;sid:84350460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487363)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/vbvgghjjio999000/raw/refs/heads/main/bnoaprihjatuasss.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487363/; classtype:trojan-activity;sid:84350463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487364)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bbgy555555551/raw/refs/heads/main/ntladlklthawd.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487364/; classtype:trojan-activity;sid:84350464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487083)"; flow:established,from_client; content:"GET"; http_method; content:"/chenjee/roblox-scriptify/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487083/; classtype:trojan-activity;sid:84350183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487080)"; flow:established,from_client; content:"GET"; http_method; content:"/zenn000000/roblox-moon/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487080/; classtype:trojan-activity;sid:84350180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487082)"; flow:established,from_client; content:"GET"; http_method; content:"/zenn000000/roblox-moon/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487082/; classtype:trojan-activity;sid:84350182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487069)"; flow:established,from_client; content:"GET"; http_method; content:"/dl19"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487069/; classtype:trojan-activity;sid:84350169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.18.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486773/; classtype:trojan-activity;sid:84349873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486184)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dgasgxc/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486184/; classtype:trojan-activity;sid:84349284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486183)"; flow:established,from_client; content:"GET"; http_method; content:"/lawrencesanity1108/gta-5-mod-menu-2024/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486183/; classtype:trojan-activity;sid:84349283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486174)"; flow:established,from_client; content:"GET"; http_method; content:"/wearetuanmuda/gta-5-mod-menu-2025/releases/download/v1.4.2/gta.5.mod.menu.2025.v1.4.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486174/; classtype:trojan-activity;sid:84349274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486175)"; flow:established,from_client; content:"GET"; http_method; content:"/potatowearsyeeezye/gta-5-mod-menu-2025/releases/download/3.7.2/gta-5-mod-menu-2025-v3.7.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486175/; classtype:trojan-activity;sid:84349275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485392)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"112.53.96.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485392/; classtype:trojan-activity;sid:84348492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485369)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.242.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485369/; classtype:trojan-activity;sid:84348469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485332)"; flow:established,from_client; content:"GET"; http_method; content:"/aasdasdqrunshkkkkkkk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485332/; classtype:trojan-activity;sid:84348432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485330)"; flow:established,from_client; content:"GET"; http_method; content:"/asdqsadsdahhhhhtxt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485330/; classtype:trojan-activity;sid:84348430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485329)"; flow:established,from_client; content:"GET"; http_method; content:"/ps_z.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485329/; classtype:trojan-activity;sid:84348429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485210)"; flow:established,from_client; content:"GET"; http_method; content:"/duduzx/como-ba/releases/download/v1.0/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485210/; classtype:trojan-activity;sid:84348310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485212)"; flow:established,from_client; content:"GET"; http_method; content:"/anikthakur05/nosferatu-2/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485212/; classtype:trojan-activity;sid:84348312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485213)"; flow:established,from_client; content:"GET"; http_method; content:"/curly3/n3xus-scr1pt-r0bl0x/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485213/; classtype:trojan-activity;sid:84348313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485214)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485214/; classtype:trojan-activity;sid:84348314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485215)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485215/; classtype:trojan-activity;sid:84348315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485198)"; flow:established,from_client; content:"GET"; http_method; content:"/maiosn12/celex-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485198/; classtype:trojan-activity;sid:84348298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485202)"; flow:established,from_client; content:"GET"; http_method; content:"/maiosn12/celex-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485202/; classtype:trojan-activity;sid:84348302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485206)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisisme5/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485206/; classtype:trojan-activity;sid:84348306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485207)"; flow:established,from_client; content:"GET"; http_method; content:"/anikthakur05/nosferatu-2/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485207/; classtype:trojan-activity;sid:84348307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485208)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485208/; classtype:trojan-activity;sid:84348308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485196)"; flow:established,from_client; content:"GET"; http_method; content:"/massambaf/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485196/; classtype:trojan-activity;sid:84348296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485194)"; flow:established,from_client; content:"GET"; http_method; content:"/febrixd/synapsez-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485194/; classtype:trojan-activity;sid:84348294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485193)"; flow:established,from_client; content:"GET"; http_method; content:"/khalid2344/mint-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485193/; classtype:trojan-activity;sid:84348293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485154)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kzbxe0sxh2nekdwfbbrvyzg6vsu-nmci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485154/; classtype:trojan-activity;sid:84348254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485144)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k4idibw1vtsntpbqtvbfabfgm2h5s14d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485144/; classtype:trojan-activity;sid:84348244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485140)"; flow:established,from_client; content:"GET"; http_method; content:"/dalsaniyacoomercio/hydrogen-executor/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485140/; classtype:trojan-activity;sid:84348240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485126)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1km_hwk7sn_amuk7q2dk9kttzwk1taelw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485126/; classtype:trojan-activity;sid:84348226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485125)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ek4th7ucqd9_h2yf9orhzhuallukeo0n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485125/; classtype:trojan-activity;sid:84348225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485114)"; flow:established,from_client; content:"GET"; http_method; content:"/neymitobr/zorara-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485114/; classtype:trojan-activity;sid:84348214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485111)"; flow:established,from_client; content:"GET"; http_method; content:"/msaad453/nexus-roblox/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485111/; classtype:trojan-activity;sid:84348211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxfortitech.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484561/; classtype:trojan-activity;sid:84347661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"accesspoint.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484576/; classtype:trojan-activity;sid:84347676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484493)"; flow:established,from_client; content:"GET"; http_method; content:"/dl17"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484493/; classtype:trojan-activity;sid:84347593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484480)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484480/; classtype:trojan-activity;sid:84347580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484481)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484481/; classtype:trojan-activity;sid:84347581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484485)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484485/; classtype:trojan-activity;sid:84347585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484474)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484474/; classtype:trojan-activity;sid:84347574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484476)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484476/; classtype:trojan-activity;sid:84347576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484478)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484478/; classtype:trojan-activity;sid:84347578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484465)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484465/; classtype:trojan-activity;sid:84347565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484466)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v3.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484466/; classtype:trojan-activity;sid:84347566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484464)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484464/; classtype:trojan-activity;sid:84347564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484461)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484461/; classtype:trojan-activity;sid:84347561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483995)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483995/; classtype:trojan-activity;sid:84347095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483996)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483996/; classtype:trojan-activity;sid:84347096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483999)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v3.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483999/; classtype:trojan-activity;sid:84347099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484001)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484001/; classtype:trojan-activity;sid:84347101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484002)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484002/; classtype:trojan-activity;sid:84347102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484003)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484003/; classtype:trojan-activity;sid:84347103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484005)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484005/; classtype:trojan-activity;sid:84347105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484006)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484006/; classtype:trojan-activity;sid:84347106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484007)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484007/; classtype:trojan-activity;sid:84347107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483988)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483988/; classtype:trojan-activity;sid:84347088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483989)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483989/; classtype:trojan-activity;sid:84347089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483990)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483990/; classtype:trojan-activity;sid:84347090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483991)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483991/; classtype:trojan-activity;sid:84347091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483992)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483992/; classtype:trojan-activity;sid:84347092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483987)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483987/; classtype:trojan-activity;sid:84347087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483985)"; flow:established,from_client; content:"GET"; http_method; content:"/amr414/roblox-celery/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483985/; classtype:trojan-activity;sid:84347085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483986)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483986/; classtype:trojan-activity;sid:84347086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483983)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483983/; classtype:trojan-activity;sid:84347083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483984)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483984/; classtype:trojan-activity;sid:84347084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483982)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v2.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483982/; classtype:trojan-activity;sid:84347082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483978)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483978/; classtype:trojan-activity;sid:84347078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483979)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483979/; classtype:trojan-activity;sid:84347079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483980)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483980/; classtype:trojan-activity;sid:84347080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483406)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1q6iji-1uq5ksrr3luufy3to-jfs4ec4d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483406/; classtype:trojan-activity;sid:84346506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483319)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1inbpqtz2qyus0zqldnbhutbzwgdghhs0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483319/; classtype:trojan-activity;sid:84346419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483317)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g4q6iay5qjzlgigjqnwftkdc5-o_2pqx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483317/; classtype:trojan-activity;sid:84346417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483311)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19oyoc9sosknxnhyr6e7yrdumyqr6ixdz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483311/; classtype:trojan-activity;sid:84346411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483309)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cl-nvhrrue_wg2zkpuxmvk40tk3knacb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483309/; classtype:trojan-activity;sid:84346409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483308)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10yn0gknsk0hopi5eyv9vxkxxvmwi9k4u"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483308/; classtype:trojan-activity;sid:84346408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483034)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483034/; classtype:trojan-activity;sid:84346134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483030)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v1.0/executor.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483030/; classtype:trojan-activity;sid:84346130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483023)"; flow:established,from_client; content:"GET"; http_method; content:"/solodeveloperop/roexec-executor/releases/download/v2.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483023/; classtype:trojan-activity;sid:84346123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483025)"; flow:established,from_client; content:"GET"; http_method; content:"/thealonemax/roexec-executor/releases/download/v1.0/executor.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483025/; classtype:trojan-activity;sid:84346125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483026)"; flow:established,from_client; content:"GET"; http_method; content:"/progmainging/roblox-celery/releases/download/2.9.9-alpha.2/roblox.celery.2.9.9.alpha.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483026/; classtype:trojan-activity;sid:84346126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483027)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483027/; classtype:trojan-activity;sid:84346127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483028)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v3.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483028/; classtype:trojan-activity;sid:84346128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483029)"; flow:established,from_client; content:"GET"; http_method; content:"/masterlines/electron-executor/releases/download/v1.0/executor.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483029/; classtype:trojan-activity;sid:84346129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483018)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483018/; classtype:trojan-activity;sid:84346118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483019)"; flow:established,from_client; content:"GET"; http_method; content:"/masterlines/electron-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483019/; classtype:trojan-activity;sid:84346119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483021)"; flow:established,from_client; content:"GET"; http_method; content:"/pochimoli/electron-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483021/; classtype:trojan-activity;sid:84346121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483017)"; flow:established,from_client; content:"GET"; http_method; content:"/pochimoli/electron-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483017/; classtype:trojan-activity;sid:84346117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483015)"; flow:established,from_client; content:"GET"; http_method; content:"/thealonemax/roexec-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483015/; classtype:trojan-activity;sid:84346115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483014)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483014/; classtype:trojan-activity;sid:84346114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483008)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483008/; classtype:trojan-activity;sid:84346108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483006)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483006/; classtype:trojan-activity;sid:84346106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482360)"; flow:established,from_client; content:"GET"; http_method; content:"/omio-saha/spotify_data_pipe_snowflake/releases/download/v1.0/release_x64.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482360/; classtype:trojan-activity;sid:84345460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482367)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482367/; classtype:trojan-activity;sid:84345467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482368)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482368/; classtype:trojan-activity;sid:84345468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482333)"; flow:established,from_client; content:"GET"; http_method; content:"/k4tuu/roblox-faxi-macro/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482333/; classtype:trojan-activity;sid:84345433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482343)"; flow:established,from_client; content:"GET"; http_method; content:"/neffriana/swift-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482343/; classtype:trojan-activity;sid:84345443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482330)"; flow:established,from_client; content:"GET"; http_method; content:"/namexer4all/evon-executor/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482330/; classtype:trojan-activity;sid:84345430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482262)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/sunrise/xundfaxgnsp84.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.automobile-bk.de"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482262/; classtype:trojan-activity;sid:84345362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482259)"; flow:established,from_client; content:"GET"; http_method; content:"/2023/xundfaxgnsp84.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.luuk-lifestyle.eu"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482259/; classtype:trojan-activity;sid:84345359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482257)"; flow:established,from_client; content:"GET"; http_method; content:"/bear/2020/goldarnedest.aca"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.support-data.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482257/; classtype:trojan-activity;sid:84345357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481956)"; flow:established,from_client; content:"GET"; http_method; content:"/numonehittaboy/cdn/refs/heads/main/cvf.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481956/; classtype:trojan-activity;sid:84345056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.114.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481604/; classtype:trojan-activity;sid:84344704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481344)"; flow:established,from_client; content:"GET"; http_method; content:"/alishazara/api/refs/heads/master/rh_s.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481344/; classtype:trojan-activity;sid:84344444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481138)"; flow:established,from_client; content:"GET"; http_method; content:"/6354/70534a410169b51c914e9ac9ca318c73/skidanov2017.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481138/; classtype:trojan-activity;sid:84344238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480616)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/raw/main/ud.bat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480616/; classtype:trojan-activity;sid:84343716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480361)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480361/; classtype:trojan-activity;sid:84343461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480359)"; flow:established,from_client; content:"GET"; http_method; content:"/nurraif/mytonwallet/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480359/; classtype:trojan-activity;sid:84343459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480320)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480320/; classtype:trojan-activity;sid:84343420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480322)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480322/; classtype:trojan-activity;sid:84343422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480279)"; flow:established,from_client; content:"GET"; http_method; content:"/pig85236/45k-udemy-course-wordpress-posts/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480279/; classtype:trojan-activity;sid:84343379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480277)"; flow:established,from_client; content:"GET"; http_method; content:"/gwynelan/linux-basics-for-hackers/releases/download/v2.1.2/linux-basics-for-hackers-v2.1.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480277/; classtype:trojan-activity;sid:84343377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480278)"; flow:established,from_client; content:"GET"; http_method; content:"/thanatapn/postman-api-client-setup/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480278/; classtype:trojan-activity;sid:84343378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480271)"; flow:established,from_client; content:"GET"; http_method; content:"/yusen0820/linux-basics-for-hackers/releases/download/v2.6.9/linux-basics-for-hackers-v2.6.9.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480271/; classtype:trojan-activity;sid:84343371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480273)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480273/; classtype:trojan-activity;sid:84343373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480274)"; flow:established,from_client; content:"GET"; http_method; content:"/gollfinho/browser-testing/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480274/; classtype:trojan-activity;sid:84343374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480275)"; flow:established,from_client; content:"GET"; http_method; content:"/barza22/phpstorm-jetbrains-unlimited-ide/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480275/; classtype:trojan-activity;sid:84343375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480276)"; flow:established,from_client; content:"GET"; http_method; content:"/matezk1/rufus-bootable-usb-installer-2025/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480276/; classtype:trojan-activity;sid:84343376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480264)"; flow:established,from_client; content:"GET"; http_method; content:"/basha2247/driver-booster-pro-installer-2025/releases/download/v1.6.7/driver.booster.pro.installer.2025.v1.6.7.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480264/; classtype:trojan-activity;sid:84343364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480265)"; flow:established,from_client; content:"GET"; http_method; content:"/dannythescripter/rails-modern-stack-template/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480265/; classtype:trojan-activity;sid:84343365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480243)"; flow:established,from_client; content:"GET"; http_method; content:"/monggosporlyp/circlexo/releases/download/v1.2/soft.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480243/; classtype:trojan-activity;sid:84343343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480244)"; flow:established,from_client; content:"GET"; http_method; content:"/progmainging/roblox-celery/releases/download/3.8.2/roblox.celery.3.8.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480244/; classtype:trojan-activity;sid:84343344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480245)"; flow:established,from_client; content:"GET"; http_method; content:"/mynameisbenja/metodis_bot/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480245/; classtype:trojan-activity;sid:84343345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480236)"; flow:established,from_client; content:"GET"; http_method; content:"/vixiecheatz/free-lita-raider/releases/download/v3.4.1/free-lita-raider-v3.4.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480236/; classtype:trojan-activity;sid:84343336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480239)"; flow:established,from_client; content:"GET"; http_method; content:"/gnascimento10/roblox-beaming-tool/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480239/; classtype:trojan-activity;sid:84343339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480241)"; flow:established,from_client; content:"GET"; http_method; content:"/itzmartinsk/atlant_bot/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480241/; classtype:trojan-activity;sid:84343341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479407)"; flow:established,from_client; content:"GET"; http_method; content:"/john22-cell/codex-roblox-2025/releases/download/v1.3.0/codex.roblox.sunset.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479407/; classtype:trojan-activity;sid:84342507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479330)"; flow:established,from_client; content:"GET"; http_method; content:"/arcnassss/roblox/releases/download/v2.5.9/roblox_v2.5.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479330/; classtype:trojan-activity;sid:84342430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479331)"; flow:established,from_client; content:"GET"; http_method; content:"/nightlant/krnl-executor/releases/download/2.7.3/krnl-executor-2.7.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479331/; classtype:trojan-activity;sid:84342431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479334)"; flow:established,from_client; content:"GET"; http_method; content:"/gusttahtxdev/roblox-incognito/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479334/; classtype:trojan-activity;sid:84342434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479335)"; flow:established,from_client; content:"GET"; http_method; content:"/walter2016/krnl-lua-script-injector-for-roblox-game-development/releases/download/v1.3.4/krnl.lua.script.injector.v1.3.4.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479335/; classtype:trojan-activity;sid:84342435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479329)"; flow:established,from_client; content:"GET"; http_method; content:"/enderrobohd/codex-roblox-2025/releases/download/2.1.7/codex.roblox.2025.version.2.1.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479329/; classtype:trojan-activity;sid:84342429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479326)"; flow:established,from_client; content:"GET"; http_method; content:"/breezygenerator/roblox-synapse/releases/download/semimonster/roblox.synapse.semimonster.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479326/; classtype:trojan-activity;sid:84342426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479322)"; flow:established,from_client; content:"GET"; http_method; content:"/xtone12/roblox-celery/releases/download/v3.3.6/roblox.celery.v3.3.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479322/; classtype:trojan-activity;sid:84342422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479323)"; flow:established,from_client; content:"GET"; http_method; content:"/hellochat00000/roblox-fisch-script/releases/download/1.1.5-beta.5/roblox-fisch-script-1.1.5-beta.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479323/; classtype:trojan-activity;sid:84342423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479325)"; flow:established,from_client; content:"GET"; http_method; content:"/nt8068/awp.gg-executor-roblox/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479325/; classtype:trojan-activity;sid:84342425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxstealthnet.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479154/; classtype:trojan-activity;sid:84342254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.9.87.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478732/; classtype:trojan-activity;sid:84341832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.134.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478691/; classtype:trojan-activity;sid:84341791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.17.130.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478604/; classtype:trojan-activity;sid:84341704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478512)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.109.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478512/; classtype:trojan-activity;sid:84341612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.149.178.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478498/; classtype:trojan-activity;sid:84341598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxfortifypro.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477468/; classtype:trojan-activity;sid:84340568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxnexguard.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477470/; classtype:trojan-activity;sid:84340570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsentinelx.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477460/; classtype:trojan-activity;sid:84340560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafecrypt.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477462/; classtype:trojan-activity;sid:84340562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsecuregate.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477457/; classtype:trojan-activity;sid:84340557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxfortitech.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477302/; classtype:trojan-activity;sid:84340402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcyberapex.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477161/; classtype:trojan-activity;sid:84340261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475899)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475899/; classtype:trojan-activity;sid:84338999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475894)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475894/; classtype:trojan-activity;sid:84338994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475896)"; flow:established,from_client; content:"GET"; http_method; content:"/iqquxd/futzin-online/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475896/; classtype:trojan-activity;sid:84338996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475656)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475656/; classtype:trojan-activity;sid:84338756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475655)"; flow:established,from_client; content:"GET"; http_method; content:"/pritamdash143/art-expo/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475655/; classtype:trojan-activity;sid:84338755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475653)"; flow:established,from_client; content:"GET"; http_method; content:"/narfor502/cucumberbddframework/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475653/; classtype:trojan-activity;sid:84338753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475642)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475642/; classtype:trojan-activity;sid:84338742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475643)"; flow:established,from_client; content:"GET"; http_method; content:"/itsuzerz/evon-executor/releases/download/v2.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475643/; classtype:trojan-activity;sid:84338743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475644)"; flow:established,from_client; content:"GET"; http_method; content:"/phamtaino/fixing-error-0x80004005-unspecified/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475644/; classtype:trojan-activity;sid:84338744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475645)"; flow:established,from_client; content:"GET"; http_method; content:"/attorneywenn/pragati_backend_2025/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475645/; classtype:trojan-activity;sid:84338745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475646)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475646/; classtype:trojan-activity;sid:84338746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475647)"; flow:established,from_client; content:"GET"; http_method; content:"/andreh219/freeflux/releases/download/v2.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475647/; classtype:trojan-activity;sid:84338747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475650)"; flow:established,from_client; content:"GET"; http_method; content:"/noob123-art/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475650/; classtype:trojan-activity;sid:84338750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475651)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475651/; classtype:trojan-activity;sid:84338751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475624)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475624/; classtype:trojan-activity;sid:84338724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475625)"; flow:established,from_client; content:"GET"; http_method; content:"/7777suprim/expo-rsc-movies/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475625/; classtype:trojan-activity;sid:84338725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475626)"; flow:established,from_client; content:"GET"; http_method; content:"/progamer912-commits/dayz-cheat-h4ck-a1mb0t/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475626/; classtype:trojan-activity;sid:84338726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475627)"; flow:established,from_client; content:"GET"; http_method; content:"/msaad453/nexus-roblox/releases/download/v2.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475627/; classtype:trojan-activity;sid:84338727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475628)"; flow:established,from_client; content:"GET"; http_method; content:"/superoidaa/fixing-error-0x803f8001/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475628/; classtype:trojan-activity;sid:84338728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475629)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475629/; classtype:trojan-activity;sid:84338729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475630)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475630/; classtype:trojan-activity;sid:84338730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475631)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475631/; classtype:trojan-activity;sid:84338731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475634)"; flow:established,from_client; content:"GET"; http_method; content:"/trey89878668/dagger/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475634/; classtype:trojan-activity;sid:84338734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475635)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/realtime-chat-app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475635/; classtype:trojan-activity;sid:84338735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475637)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/fixing-error-0x80070005-access-denied/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475637/; classtype:trojan-activity;sid:84338737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475638)"; flow:established,from_client; content:"GET"; http_method; content:"/baomeomeo/speech/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475638/; classtype:trojan-activity;sid:84338738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475639)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/fixing-error-0x80070424-specified-service/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475639/; classtype:trojan-activity;sid:84338739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475640)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisgod/projectzomboidmodmenu/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475640/; classtype:trojan-activity;sid:84338740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475641)"; flow:established,from_client; content:"GET"; http_method; content:"/ggggddjh/fixing-error-0xc0000142/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475641/; classtype:trojan-activity;sid:84338741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475614)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/youtube_playlist_downloader/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475614/; classtype:trojan-activity;sid:84338714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475615)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475615/; classtype:trojan-activity;sid:84338715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475616)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v3.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475616/; classtype:trojan-activity;sid:84338716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475620)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475620/; classtype:trojan-activity;sid:84338720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475621)"; flow:established,from_client; content:"GET"; http_method; content:"/godsetup/aspx-gh0st-executor/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475621/; classtype:trojan-activity;sid:84338721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475623)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475623/; classtype:trojan-activity;sid:84338723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475613)"; flow:established,from_client; content:"GET"; http_method; content:"/itzidkmoment/flutter_flower_clone_app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475613/; classtype:trojan-activity;sid:84338713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475604)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v2.0/software.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475604/; classtype:trojan-activity;sid:84338704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474916)"; flow:established,from_client; content:"GET"; http_method; content:"/afonsosousait/freeroam/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474916/; classtype:trojan-activity;sid:84338016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474801)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474801/; classtype:trojan-activity;sid:84337901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474802)"; flow:established,from_client; content:"GET"; http_method; content:"/rafy35198/jjsploit/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474802/; classtype:trojan-activity;sid:84337902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474803)"; flow:established,from_client; content:"GET"; http_method; content:"/micheldouglas/roexec-executor/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474803/; classtype:trojan-activity;sid:84337903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474805)"; flow:established,from_client; content:"GET"; http_method; content:"/okallo123/roblox-faxi-macro/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474805/; classtype:trojan-activity;sid:84337905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474808)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474808/; classtype:trojan-activity;sid:84337908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474809)"; flow:established,from_client; content:"GET"; http_method; content:"/meshmod/roblox-celery/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474809/; classtype:trojan-activity;sid:84337909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474810)"; flow:established,from_client; content:"GET"; http_method; content:"/batman00md/roblox-fisch-script/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474810/; classtype:trojan-activity;sid:84337910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474813)"; flow:established,from_client; content:"GET"; http_method; content:"/lawrencesanity1108/gta-5-mod-menu-2024/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474813/; classtype:trojan-activity;sid:84337913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474817)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474817/; classtype:trojan-activity;sid:84337917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474758)"; flow:established,from_client; content:"GET"; http_method; content:"/namexer4all/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474758/; classtype:trojan-activity;sid:84337858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474759)"; flow:established,from_client; content:"GET"; http_method; content:"/duduzx/como-ba/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474759/; classtype:trojan-activity;sid:84337859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474760)"; flow:established,from_client; content:"GET"; http_method; content:"/relic87/blox-fruits-script-roblox/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474760/; classtype:trojan-activity;sid:84337860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474750)"; flow:established,from_client; content:"GET"; http_method; content:"/pixxxxxss/roblox-celery/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474750/; classtype:trojan-activity;sid:84337850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474738)"; flow:established,from_client; content:"GET"; http_method; content:"/hoang24092003/arceus-executor/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474738/; classtype:trojan-activity;sid:84337838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474740)"; flow:established,from_client; content:"GET"; http_method; content:"/amr414/roblox-celery/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474740/; classtype:trojan-activity;sid:84337840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474742)"; flow:established,from_client; content:"GET"; http_method; content:"/newgenmightywarrior/nexus-roblox/releases/download/v2.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474742/; classtype:trojan-activity;sid:84337842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474743)"; flow:established,from_client; content:"GET"; http_method; content:"/chenjee/roblox-scriptify/releases/download/v2.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474743/; classtype:trojan-activity;sid:84337843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474744)"; flow:established,from_client; content:"GET"; http_method; content:"/doomzday4032/blox-fruits-autofarm/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474744/; classtype:trojan-activity;sid:84337844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474745)"; flow:established,from_client; content:"GET"; http_method; content:"/dalsaniyacoomercio/hydrogen-executor/releases/download/v2.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474745/; classtype:trojan-activity;sid:84337845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474746)"; flow:established,from_client; content:"GET"; http_method; content:"/juanvicthor/argon-executor/releases/download/v2.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474746/; classtype:trojan-activity;sid:84337846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474749)"; flow:established,from_client; content:"GET"; http_method; content:"/ishratali007/n3xus-scr1pt-r0bl0x/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474749/; classtype:trojan-activity;sid:84337849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473787)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473787/; classtype:trojan-activity;sid:84336887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473781)"; flow:established,from_client; content:"GET"; http_method; content:"/seltarrx/vite-react-project-setup-scripts/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473781/; classtype:trojan-activity;sid:84336881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473782)"; flow:established,from_client; content:"GET"; http_method; content:"/preakp90/python_wallpaper_crawler/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473782/; classtype:trojan-activity;sid:84336882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473783)"; flow:established,from_client; content:"GET"; http_method; content:"/awisyhaziq/g4/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473783/; classtype:trojan-activity;sid:84336883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473765)"; flow:established,from_client; content:"GET"; http_method; content:"/xterminatordenuci/optimiseur-de-slug-url/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473765/; classtype:trojan-activity;sid:84336865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473766)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473766/; classtype:trojan-activity;sid:84336866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473767)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473767/; classtype:trojan-activity;sid:84336867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473768)"; flow:established,from_client; content:"GET"; http_method; content:"/ab-ff/multi-bit-comparator/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473768/; classtype:trojan-activity;sid:84336868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473771)"; flow:established,from_client; content:"GET"; http_method; content:"/hambez/stm32-imu-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473771/; classtype:trojan-activity;sid:84336871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473774)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473774/; classtype:trojan-activity;sid:84336874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473775)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/roblox-synapse/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473775/; classtype:trojan-activity;sid:84336875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473776)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473776/; classtype:trojan-activity;sid:84336876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473777)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473777/; classtype:trojan-activity;sid:84336877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473779)"; flow:established,from_client; content:"GET"; http_method; content:"/led-sol/mental-health-chatbot/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473779/; classtype:trojan-activity;sid:84336879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473576)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ovluq0bdu-cys5xvyogyjd5qidqb1per"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473576/; classtype:trojan-activity;sid:84336676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473160)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d4aper-gjv3agk8yeny5scayonlc68yo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473160/; classtype:trojan-activity;sid:84336260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472771)"; flow:established,from_client; content:"GET"; http_method; content:"/ujkflzer45sc0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472771/; classtype:trojan-activity;sid:84335871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472675)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472675/; classtype:trojan-activity;sid:84335775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472068)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/prod.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472068/; classtype:trojan-activity;sid:84335168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472065)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/toke.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472065/; classtype:trojan-activity;sid:84335165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472066)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/si.jpg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472066/; classtype:trojan-activity;sid:84335166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471988)"; flow:established,from_client; content:"GET"; http_method; content:"/srv/fup/uploads/drgdf.hgfg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.blackhost.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471988/; classtype:trojan-activity;sid:84335088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470671)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1728896464326/4.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470671/; classtype:trojan-activity;sid:84333771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470668)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1741001373486/7.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470668/; classtype:trojan-activity;sid:84333768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468872)"; flow:established,from_client; content:"GET"; http_method; content:"/xraqwapfu.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"galerisenimutiara.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468872/; classtype:trojan-activity;sid:84331972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467628)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1eczx8yjtfxwos26grqtdixajed3ukcao"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467628/; classtype:trojan-activity;sid:84330728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467629)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1drptefwc7xybtum52bikrhp4j4l6lttc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467629/; classtype:trojan-activity;sid:84330729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/fojik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467546/; classtype:trojan-activity;sid:84330646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467537)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/61705749605.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467537/; classtype:trojan-activity;sid:84330637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467538)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd3b43cd-389e-413e-87b9-e21f40c2630d/downloads/guledazawabumoda.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467538/; classtype:trojan-activity;sid:84330638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467530)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220125031952if_/https://uploads.strikinglycdn.com/files/8318c966-e52a-40ef-94e6-45f59a0c5fd2/7093784418.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467530/; classtype:trojan-activity;sid:84330630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467533)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/637623a6-af9b-4a69-90a8-85cd562c999e/downloads/niwexokaburule.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467533/; classtype:trojan-activity;sid:84330633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96f90b6e-3939-4cac-a3ad-eba9fb8219bf/downloads/71599608952.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467528/; classtype:trojan-activity;sid:84330628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e712c63-2f24-4e6b-a5dc-ff3233100bea/downloads/72290413200.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467523/; classtype:trojan-activity;sid:84330623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/rafubagosewuniwudob.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467524/; classtype:trojan-activity;sid:84330624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/70485427967.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467525/; classtype:trojan-activity;sid:84330625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467526)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/xenogipojadamomixaxulute.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467526/; classtype:trojan-activity;sid:84330626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/9089368795.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467527/; classtype:trojan-activity;sid:84330627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467516)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/safari_magazine_2019_download.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467516/; classtype:trojan-activity;sid:84330616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/fusoze.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467517/; classtype:trojan-activity;sid:84330617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467519)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/plan_technique_piscine_a_debordement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467519/; classtype:trojan-activity;sid:84330619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/83838390139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467521/; classtype:trojan-activity;sid:84330621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6104a42e-c9ca-496d-9156-92538fddca06/downloads/vevowezirebojikidebof.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467510/; classtype:trojan-activity;sid:84330610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/temisipilotiba.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467513/; classtype:trojan-activity;sid:84330613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/79427765137.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467501/; classtype:trojan-activity;sid:84330601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467478)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/examples_of_employee_goals_for_performance_review.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467478/; classtype:trojan-activity;sid:84330578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467477)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/50228966329.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467477/; classtype:trojan-activity;sid:84330577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467475)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/educational_leadership_philosophy_examples.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467475/; classtype:trojan-activity;sid:84330575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/299c0676-bac5-4db6-8fea-3075091e1687/downloads/61526216713.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467476/; classtype:trojan-activity;sid:84330576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gumofeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467465/; classtype:trojan-activity;sid:84330565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467466)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/mawanigokur.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467466/; classtype:trojan-activity;sid:84330566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36054141231.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467469/; classtype:trojan-activity;sid:84330569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467470)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/85925649248.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467470/; classtype:trojan-activity;sid:84330570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467471)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/educacion_financiera_avanzada_partiendo_de_cero_autor_gregor.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467471/; classtype:trojan-activity;sid:84330571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/663ae0bf-1142-4d7a-8653-755553f6852e/downloads/lejafarezafig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467472/; classtype:trojan-activity;sid:84330572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/biwejukajurel.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467474/; classtype:trojan-activity;sid:84330574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467458)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/6083216094.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467458/; classtype:trojan-activity;sid:84330558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/69065118383.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467459/; classtype:trojan-activity;sid:84330559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467461)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/40061082597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467461/; classtype:trojan-activity;sid:84330561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/94224235634.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467462/; classtype:trojan-activity;sid:84330562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/739cff78-28a4-4749-8c7f-abf371b6a947/downloads/62789327536.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467463/; classtype:trojan-activity;sid:84330563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee12fbcb-3848-4c54-8690-0d9c760d3837/downloads/5683334295.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467464/; classtype:trojan-activity;sid:84330564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9b3f7f8-355a-428e-bb44-74bff775274d/downloads/supix.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467453/; classtype:trojan-activity;sid:84330553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/670646a4-4ce8-4367-bccc-c52d2083c9a3/downloads/chronogramme_dune_these_de_doctorat.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467454/; classtype:trojan-activity;sid:84330554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467455)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/zopawakabubijipek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467455/; classtype:trojan-activity;sid:84330555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467456)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/27590969755.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467456/; classtype:trojan-activity;sid:84330556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467457)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kudokexogikekuporeso.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467457/; classtype:trojan-activity;sid:84330557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/48255006417.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467452/; classtype:trojan-activity;sid:84330552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467448)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09540d0c-1db9-4e3c-a32d-6eed7b48ae00/downloads/3841723103.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467448/; classtype:trojan-activity;sid:84330548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_dossier_raep_redige.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467443/; classtype:trojan-activity;sid:84330543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3007465f-aa28-4ea8-964e-00ec10d6daef/downloads/reinforced_concrete_wall_design_examples.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467444/; classtype:trojan-activity;sid:84330544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/munich_tourist_attractions_map.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467445/; classtype:trojan-activity;sid:84330545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467438)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4a17de4-bdbb-4d1a-aaee-49990939d4cf/downloads/problue_7_nordson_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467438/; classtype:trojan-activity;sid:84330538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/30229793875.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467440/; classtype:trojan-activity;sid:84330540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467433)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/cooling_tower_working.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467433/; classtype:trojan-activity;sid:84330533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467434)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/corporate_signature_authority_matrix_template_printable.pdf"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467434/; classtype:trojan-activity;sid:84330534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467425)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/continental_online_assessment_test_answers.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467425/; classtype:trojan-activity;sid:84330525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467427)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sample_testimonials_for_employees.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467427/; classtype:trojan-activity;sid:84330527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467428)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bf8d6b31-0867-4cc2-b138-2d2dbb23ec3a/downloads/bawananulufobomoderawulen.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467428/; classtype:trojan-activity;sid:84330528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/90dc87b4-fd7e-4412-9a6a-76e20db16dbd/downloads/23425133870.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467429/; classtype:trojan-activity;sid:84330529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467422)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/86119351354.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467422/; classtype:trojan-activity;sid:84330522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kagoferoxotopelabalim.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467423/; classtype:trojan-activity;sid:84330523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/bevakabopodo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467412/; classtype:trojan-activity;sid:84330512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467416)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/55669141050.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467416/; classtype:trojan-activity;sid:84330516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fb13673c-7b10-403f-be9e-1b04622101d6/downloads/61656569082.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467417/; classtype:trojan-activity;sid:84330517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467408)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/grammar_plus_class_8.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467408/; classtype:trojan-activity;sid:84330508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/32575227287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467409/; classtype:trojan-activity;sid:84330509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/xavibow.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467410/; classtype:trojan-activity;sid:84330510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467400)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b566d4a5-149a-4042-a2b5-fa837a998781/downloads/62246613540.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467400/; classtype:trojan-activity;sid:84330500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5d43283-67be-4a3b-9041-1427b691166f/downloads/dotadaxokokimidupoz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467401/; classtype:trojan-activity;sid:84330501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a19a3dcf-f832-45fe-91ff-ed566d492286/downloads/31803450103.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467403/; classtype:trojan-activity;sid:84330503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467404)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/26449761459.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467404/; classtype:trojan-activity;sid:84330504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467395)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/manual_de_uso_cummins_insite.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467395/; classtype:trojan-activity;sid:84330495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/83127272265.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467397/; classtype:trojan-activity;sid:84330497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/50013116393.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467389/; classtype:trojan-activity;sid:84330489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sowuluxoranevoxivobu.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467391/; classtype:trojan-activity;sid:84330491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jw_public_talk_outlines.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467392/; classtype:trojan-activity;sid:84330492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467386)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/muxem.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467386/; classtype:trojan-activity;sid:84330486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467381)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa930190-2e12-4ce7-8bd7-0454f2ef6721/downloads/remonstration_visum_ablehnung_muster.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467381/; classtype:trojan-activity;sid:84330481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467382)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1cd14ca4-3aaa-4349-a92b-5919cb2c71ee/downloads/37493963429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467382/; classtype:trojan-activity;sid:84330482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467383)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/26417869572.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467383/; classtype:trojan-activity;sid:84330483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467384)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zutufukatozoxogunubikok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467384/; classtype:trojan-activity;sid:84330484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vawazu.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467385/; classtype:trojan-activity;sid:84330485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/libevisuxalozusofaze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467370/; classtype:trojan-activity;sid:84330470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/61695596025.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467371/; classtype:trojan-activity;sid:84330471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/remebemakuvomurixulat.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467372/; classtype:trojan-activity;sid:84330472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467377)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/35713869772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467377/; classtype:trojan-activity;sid:84330477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467363)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/popezefere.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467363/; classtype:trojan-activity;sid:84330463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467365)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/57373027197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467365/; classtype:trojan-activity;sid:84330465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467367)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e00f0b9-c207-4cb1-9a9a-c11d057e31a3/downloads/request_letter_for_hold_amount_release.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467367/; classtype:trojan-activity;sid:84330467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467369)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/58650400832.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467369/; classtype:trojan-activity;sid:84330469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0684881f-11f6-455b-9188-fb070acdb368/downloads/you_too_can_be_prosperous.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467358/; classtype:trojan-activity;sid:84330458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467360)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/fosodevo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467360/; classtype:trojan-activity;sid:84330460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467353/; classtype:trojan-activity;sid:84330453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467354)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/towedokunorazageleside.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467354/; classtype:trojan-activity;sid:84330454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/65604431763.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467355/; classtype:trojan-activity;sid:84330455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467357)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruwuxa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467357/; classtype:trojan-activity;sid:84330457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467347)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/sulupob.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467347/; classtype:trojan-activity;sid:84330447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a2e88a7-385b-4aed-a81e-123c037cba5d/downloads/57067255053.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467348/; classtype:trojan-activity;sid:84330448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/2544897802.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467350/; classtype:trojan-activity;sid:84330450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467352)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/66812037618.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467352/; classtype:trojan-activity;sid:84330452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b4da0e1a-7caf-4ed8-aaa9-0949952990f3/downloads/49347806429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467344/; classtype:trojan-activity;sid:84330444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467339)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7399f648-106b-4174-b8c0-6d6694895ad3/downloads/vakoxumem.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467339/; classtype:trojan-activity;sid:84330439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gununemedusotojipime.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467340/; classtype:trojan-activity;sid:84330440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467334)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/92c7bb30-769c-4722-92cc-8b01b59910e0/downloads/36512394005.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467334/; classtype:trojan-activity;sid:84330434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f97cb07-1cfa-4fca-b6d8-3f1bf47f56b3/downloads/dulerugufep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467326/; classtype:trojan-activity;sid:84330426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467328)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nopurumonufulelu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467328/; classtype:trojan-activity;sid:84330428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467329)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b44aaa8-926a-4cbd-9774-e30385fa65ac/downloads/zexesotusipedelew.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467329/; classtype:trojan-activity;sid:84330429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/security_daily_activity_report_template.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467321/; classtype:trojan-activity;sid:84330421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a3d7189d-efc6-47e1-bbe5-dc5eeaf610a0/downloads/rtca_do-160g.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467312/; classtype:trojan-activity;sid:84330412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac66f4da-754b-4df9-b080-4728fb201349/downloads/nimoma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467313/; classtype:trojan-activity;sid:84330413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c877865a-29ce-446f-b8f8-42c8a2318eff/downloads/personal_loan_closure_letter_format_in_word.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467314/; classtype:trojan-activity;sid:84330414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467318)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/elkonin_boxes_word_list.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467318/; classtype:trojan-activity;sid:84330418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/zudelejanegine.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467320/; classtype:trojan-activity;sid:84330420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c3d6560-d229-4015-8af2-a70ad89bde0a/downloads/80071621679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467307/; classtype:trojan-activity;sid:84330407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lapeke.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467305/; classtype:trojan-activity;sid:84330405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467303)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/kapabemirowajuzaxadirokef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467303/; classtype:trojan-activity;sid:84330403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/modexad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467304/; classtype:trojan-activity;sid:84330404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467298)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0bdc9896-149c-4815-8e37-9e55432c4120/downloads/bofugesugipufibutunida.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467298/; classtype:trojan-activity;sid:84330398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467300)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/xuguxupevubitutuzoju.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467300/; classtype:trojan-activity;sid:84330400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rubejemi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467301/; classtype:trojan-activity;sid:84330401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atividades_de_concordancia_verbal_5o_ano_com_gabarito.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467286/; classtype:trojan-activity;sid:84330386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467287)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/45524925955.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467287/; classtype:trojan-activity;sid:84330387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467292)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/cyberark_psmp_admin_guide.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467292/; classtype:trojan-activity;sid:84330392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467295)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/kitab_shams_al_maarif.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467295/; classtype:trojan-activity;sid:84330395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3298be68-ecf2-4e6e-8fa7-1bf1d7657489/downloads/xagoje.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467283/; classtype:trojan-activity;sid:84330383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/83df8ca9-16c2-4244-8f9e-8be918c4b8a3/downloads/86611585002.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467279/; classtype:trojan-activity;sid:84330379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/41138401642.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467280/; classtype:trojan-activity;sid:84330380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467281)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/hepatorenales_syndrom.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467281/; classtype:trojan-activity;sid:84330381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467271)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/53744052149.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467271/; classtype:trojan-activity;sid:84330371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467274)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/nijalox.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467274/; classtype:trojan-activity;sid:84330374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467275)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/how_to_change_font_size_in_xchange_editor.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467275/; classtype:trojan-activity;sid:84330375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467277)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/limitorque_mx_ordering_guide.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467277/; classtype:trojan-activity;sid:84330377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/timex_expedition_indiglo_wr50m_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467266/; classtype:trojan-activity;sid:84330366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/hitachi_cd_sem_operation_manual.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467269/; classtype:trojan-activity;sid:84330369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467264)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/87483152555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467264/; classtype:trojan-activity;sid:84330364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/36672004653.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467259/; classtype:trojan-activity;sid:84330359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467262)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/vuzabovamipavowaseke.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467262/; classtype:trojan-activity;sid:84330362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09077edc-9c07-4d95-9708-b2f62b12ca6a/downloads/jikiluwuruwewomurenix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467254/; classtype:trojan-activity;sid:84330354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467258)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/weguma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467258/; classtype:trojan-activity;sid:84330358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467246)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/attributes_of_a_good_research_topic_ppt.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467246/; classtype:trojan-activity;sid:84330346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1663535d-289f-4a17-902d-0bb53881ce69/downloads/kurupojofuxerixutalo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467249/; classtype:trojan-activity;sid:84330349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467250)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/mizibatazikitawejubidodog.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467250/; classtype:trojan-activity;sid:84330350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467251)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/gibabasakofalulizuwa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467251/; classtype:trojan-activity;sid:84330351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467240)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/meravinuvisudome.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467240/; classtype:trojan-activity;sid:84330340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/70815730326.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467241/; classtype:trojan-activity;sid:84330341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467235)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/86649529175.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467235/; classtype:trojan-activity;sid:84330335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467236)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nims_703_b_answers.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467236/; classtype:trojan-activity;sid:84330336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467237)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/tojanigawexulametuzuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467237/; classtype:trojan-activity;sid:84330337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2ad79b-5832-4a2d-a335-92537db54849/downloads/pinestars_choice.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467230/; classtype:trojan-activity;sid:84330330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/18985117210.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467221/; classtype:trojan-activity;sid:84330321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467223)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/03167ecf-a61c-49ea-b541-7a074a81e1da/downloads/6655537579.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467223/; classtype:trojan-activity;sid:84330323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467225)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/41957679215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467225/; classtype:trojan-activity;sid:84330325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_livret_2_vae_rempli.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467226/; classtype:trojan-activity;sid:84330326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f569f34e-b7af-41eb-9a21-0f9939c54b3f/downloads/64195657437.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467228/; classtype:trojan-activity;sid:84330328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467220)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/aspen_pims_manual.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467220/; classtype:trojan-activity;sid:84330320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/fivojudu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467219/; classtype:trojan-activity;sid:84330319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467210)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/20019605198.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467210/; classtype:trojan-activity;sid:84330310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xajuxe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467213/; classtype:trojan-activity;sid:84330313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/81f7a7ad-d4fe-4147-943f-584c2d1e9bf5/downloads/because_of_mr_terupt_online.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467214/; classtype:trojan-activity;sid:84330314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/fajupip.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467215/; classtype:trojan-activity;sid:84330315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/minetest_wiki_commands.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467205/; classtype:trojan-activity;sid:84330305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/ohanian_physics_volume_1.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467206/; classtype:trojan-activity;sid:84330306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1c97d706-1093-417b-afec-0c60fc1d8547/downloads/74906999263.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467207/; classtype:trojan-activity;sid:84330307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/900d123a-2557-4fa9-92f6-1446b602b979/downloads/deporiramuga.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467208/; classtype:trojan-activity;sid:84330308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/traffic_light_risk_assessment_template_mental_health.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467209/; classtype:trojan-activity;sid:84330309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/suritotowid.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467202/; classtype:trojan-activity;sid:84330302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/41821413009.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467196/; classtype:trojan-activity;sid:84330296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467200)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/14312384720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467200/; classtype:trojan-activity;sid:84330300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/37654458598.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467187/; classtype:trojan-activity;sid:84330287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467188)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/23776368177.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467188/; classtype:trojan-activity;sid:84330288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb8ff9f7-37bb-4420-bfa0-f018b38dcfa6/downloads/17065535031.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467190/; classtype:trojan-activity;sid:84330290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467191)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/41591669011.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467191/; classtype:trojan-activity;sid:84330291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/2634956565.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467193/; classtype:trojan-activity;sid:84330293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/437a989b-0a84-4105-b8c7-1870eb56af29/downloads/sbi_disbursement_request_form.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467177/; classtype:trojan-activity;sid:84330277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/27f26436-44ad-4647-8929-a76a4ea0ea67/downloads/sample_query_letter_for_negligence_of_duty.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467180/; classtype:trojan-activity;sid:84330280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/sapebufuj.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467181/; classtype:trojan-activity;sid:84330281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4365da4a-8d29-4708-8e67-b3b566794d83/downloads/fovizijazobupukototofosop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467184/; classtype:trojan-activity;sid:84330284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/93759555539.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467186/; classtype:trojan-activity;sid:84330286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ligitove.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467175/; classtype:trojan-activity;sid:84330275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467176)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/62404701972.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467176/; classtype:trojan-activity;sid:84330276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467171)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/069f5eef-b21d-41b6-aaa6-569b53af1c5a/downloads/rawidesukusutalunug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467171/; classtype:trojan-activity;sid:84330271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d102a54e-7197-4308-a937-d70c58240642/downloads/26442784020.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467172/; classtype:trojan-activity;sid:84330272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467167)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/83882971503.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467167/; classtype:trojan-activity;sid:84330267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467168)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/modelo_carta_entrega_de_inmueble_word.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467168/; classtype:trojan-activity;sid:84330268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467163)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/61905f2a-55dd-4144-8c7c-fce5e91063a8/downloads/british_army_all_arms_tactical_aide_memoire.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467163/; classtype:trojan-activity;sid:84330263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467166)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rakotojifodonosanilorefa.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467166/; classtype:trojan-activity;sid:84330266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467157)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ec2f808-78a9-4c99-aa80-be96e23bf450/downloads/gewikunobapizati.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467157/; classtype:trojan-activity;sid:84330257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nojivurajojirezizi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467154/; classtype:trojan-activity;sid:84330254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467156)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98571e96-4bd9-4ee2-bb76-481ac550907e/downloads/genebugutisevijuk.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467156/; classtype:trojan-activity;sid:84330256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467148)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/jiwekonuwokesarejibezan.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467148/; classtype:trojan-activity;sid:84330248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/159e5f7b-5078-45c9-9b36-63f21684101f/downloads/94962104148.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467149/; classtype:trojan-activity;sid:84330249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467150)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9483bc30-bb1c-4c04-9cf3-38d205924dab/downloads/jugilususosu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467150/; classtype:trojan-activity;sid:84330250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/virapajoridubibakoxofa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467151/; classtype:trojan-activity;sid:84330251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/319984769.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467152/; classtype:trojan-activity;sid:84330252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467142)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/makusikarubikowaxosop.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467142/; classtype:trojan-activity;sid:84330242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467143)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/gikuxuze.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467143/; classtype:trojan-activity;sid:84330243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/wokaselu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467147/; classtype:trojan-activity;sid:84330247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/velafeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467135/; classtype:trojan-activity;sid:84330235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467137)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/97fcff61-ad1b-4591-bfda-ed7d6d6690f0/downloads/49593663309.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467137/; classtype:trojan-activity;sid:84330237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/49103789197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467138/; classtype:trojan-activity;sid:84330238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zafekupegagasaza.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467132/; classtype:trojan-activity;sid:84330232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/55585429936.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467133/; classtype:trojan-activity;sid:84330233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/siwevewedelo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467125/; classtype:trojan-activity;sid:84330225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467126)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fedex_air_waybill_form.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467126/; classtype:trojan-activity;sid:84330226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467127)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d567d1b9-5a9f-4b97-a387-65a7c02f8ff4/downloads/barapinawowaja.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467127/; classtype:trojan-activity;sid:84330227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467114)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/44443741873.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467114/; classtype:trojan-activity;sid:84330214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/haojue_chopper_road_150_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467116/; classtype:trojan-activity;sid:84330216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23c146af-6c5b-426f-944d-9bf55106e4d8/downloads/de_quien_es_hija_elisa_salinas.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467117/; classtype:trojan-activity;sid:84330217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467118)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rewekawejujawidubekafebur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467118/; classtype:trojan-activity;sid:84330218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467121)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3425f1f9-2741-4cdd-9a85-f51cd8a77838/downloads/pyidaungsu_font_keyboard_layout.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467121/; classtype:trojan-activity;sid:84330221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467123)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/carte_du_voyage_d_ulysse.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467123/; classtype:trojan-activity;sid:84330223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/livro_domain_driven_design_portugues.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467109/; classtype:trojan-activity;sid:84330209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kulefenev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467110/; classtype:trojan-activity;sid:84330210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467111)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/lobola_letter_example.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467111/; classtype:trojan-activity;sid:84330211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467108)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/acquisition_value_negative_in_area_01_aa617.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467108/; classtype:trojan-activity;sid:84330208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/widavizuxorig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467101/; classtype:trojan-activity;sid:84330201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467102)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/chris_mccandless_travel_route.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467102/; classtype:trojan-activity;sid:84330202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467103)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17ef1a7d-be6f-43bc-ac3a-a9c4fb65005e/downloads/powejavatunepoxaj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467103/; classtype:trojan-activity;sid:84330203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467106)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/937a3a5d-28a9-4a6d-983b-63f9d4fe1460/downloads/90328489234.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467106/; classtype:trojan-activity;sid:84330206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467098)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/wurowujezodabod.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467098/; classtype:trojan-activity;sid:84330198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/forest_fire_causes_and_effects.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467100/; classtype:trojan-activity;sid:84330200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467086)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6b07c7a9-24ea-41b4-835a-7daa4871c250/downloads/16_personality_factors_by_cattell.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467086/; classtype:trojan-activity;sid:84330186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467087)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/725aea16-586d-4b26-8216-cd50b4981a76/downloads/wiley_organic_chemistry_solutions_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467087/; classtype:trojan-activity;sid:84330187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467088)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/psicoweb_respuestas_2019.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467088/; classtype:trojan-activity;sid:84330188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467091)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e32f5a5-6a1a-4ade-b57e-fa54871724ef/downloads/2040244551.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467091/; classtype:trojan-activity;sid:84330191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/koxisiranarigavod.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467092/; classtype:trojan-activity;sid:84330192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467093)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59d4bc6c-1e33-45d9-a430-f89e52f3f795/downloads/subazituwa.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467093/; classtype:trojan-activity;sid:84330193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467094)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/lettre_promesse_dembauche.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467094/; classtype:trojan-activity;sid:84330194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467080)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/971e893d-d96e-4c35-b8d0-897850ea3ce6/downloads/ice_quarterly_development_report_example.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467080/; classtype:trojan-activity;sid:84330180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467081)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/testigos_tablero_foton.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467081/; classtype:trojan-activity;sid:84330181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467082)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/how_to_get_gst_invoice_for_amazon_purchase.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467082/; classtype:trojan-activity;sid:84330182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/24365322622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467083/; classtype:trojan-activity;sid:84330183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/91284214985.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467085/; classtype:trojan-activity;sid:84330185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c5dd25fc-7740-402b-aa70-862b15f3342c/downloads/8958005659.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467078/; classtype:trojan-activity;sid:84330178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wewofolivofometu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467079/; classtype:trojan-activity;sid:84330179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/9665669589.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467072/; classtype:trojan-activity;sid:84330172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/konibaxixim.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467073/; classtype:trojan-activity;sid:84330173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/self_introduction_during_interview_example.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467074/; classtype:trojan-activity;sid:84330174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ff494cbe-9d2a-4ae4-802e-f50cfad48f0a/downloads/74334894285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467075/; classtype:trojan-activity;sid:84330175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467077)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/55534301355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467077/; classtype:trojan-activity;sid:84330177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/tevolutirasuvujivol.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467065/; classtype:trojan-activity;sid:84330165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/73100246338.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467066/; classtype:trojan-activity;sid:84330166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/earth_making_of_a_planet_national_geographic_worksheet.pdf"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467067/; classtype:trojan-activity;sid:84330167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467068)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exercice_vitesse_6eme_physique.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467068/; classtype:trojan-activity;sid:84330168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467069)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rapport_de_stage_3eme_agence_immobiliere.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467069/; classtype:trojan-activity;sid:84330169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/bisebinalujivefiwugagabu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467070/; classtype:trojan-activity;sid:84330170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467064)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/miludafat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467064/; classtype:trojan-activity;sid:84330164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467061)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea6e6a77-ad86-47ad-bec1-a500695628d4/downloads/66906319004.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467061/; classtype:trojan-activity;sid:84330161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467062)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b77102f9-1066-4a92-8a14-af011902d081/downloads/75162502331.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467062/; classtype:trojan-activity;sid:84330162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mapisirukuw.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467063/; classtype:trojan-activity;sid:84330163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/guzupuzuradadutov.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467058/; classtype:trojan-activity;sid:84330158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467059)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/teks_ratib_al_attas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467059/; classtype:trojan-activity;sid:84330159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/49693757117.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467060/; classtype:trojan-activity;sid:84330160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467050)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/sabre_red_workspace_commands.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467050/; classtype:trojan-activity;sid:84330150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6702c9de-d943-4d22-b78e-7985c91f7713/downloads/84525111813.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467051/; classtype:trojan-activity;sid:84330151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/26bbb7e6-2f83-462e-b1a0-c9b7b5a50d38/downloads/training_needs_assessment_questionnaire_for_sales.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467052/; classtype:trojan-activity;sid:84330152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/najovozulubameto.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467053/; classtype:trojan-activity;sid:84330153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c718f9e1-28ba-4c02-b434-4456f7af09a8/downloads/masizaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467055/; classtype:trojan-activity;sid:84330155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/51274200809.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467049/; classtype:trojan-activity;sid:84330149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467044)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/rolinejagogid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467044/; classtype:trojan-activity;sid:84330144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467042)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/buxam.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467042/; classtype:trojan-activity;sid:84330142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/nokura.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467032/; classtype:trojan-activity;sid:84330132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/69da2f53-c229-4dc7-a889-7b67b52b1a78/downloads/nokejafowikazuvojoj.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467033/; classtype:trojan-activity;sid:84330133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467035)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e43067a0-6374-4a70-a00d-00ee3b01ce8d/downloads/93917384180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467035/; classtype:trojan-activity;sid:84330135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0336533-680f-4ead-a55e-7e292796b70a/downloads/veteluruxoge.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467037/; classtype:trojan-activity;sid:84330137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sirijega.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467024/; classtype:trojan-activity;sid:84330124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c2804a6-aa9c-48a0-92fa-b4e2830d3e94/downloads/ladakh_tourist_map.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467025/; classtype:trojan-activity;sid:84330125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc5e3c0a-70ce-48cf-a48d-87f83c6b3256/downloads/major_problems_in_african_american_history.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467027/; classtype:trojan-activity;sid:84330127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467029)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d38d43db-37ad-45ec-b237-63ac8c84a196/downloads/latovin.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467029/; classtype:trojan-activity;sid:84330129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c10f3982-2d8c-41ef-9c88-95b9c7e0984b/downloads/exagrid_admin_guide.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467018/; classtype:trojan-activity;sid:84330118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467019)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/2880955338.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467019/; classtype:trojan-activity;sid:84330119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/54349718441.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467022/; classtype:trojan-activity;sid:84330122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/satyanarayan_puja_vidhi_in_sanskrit.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467023/; classtype:trojan-activity;sid:84330123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/sample_letter_to_be_excused_from_jury_service.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467016/; classtype:trojan-activity;sid:84330116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/vumemaxexepemetesa.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467011/; classtype:trojan-activity;sid:84330111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467012)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/95493308607.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467012/; classtype:trojan-activity;sid:84330112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467013)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/91589198920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467013/; classtype:trojan-activity;sid:84330113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/learn_korean_language_in_30_days.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467014/; classtype:trojan-activity;sid:84330114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/right_to_information_act_application_form_malayalam.pdf"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467015/; classtype:trojan-activity;sid:84330115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zesowafasunufezef.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467006/; classtype:trojan-activity;sid:84330106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e46fb0c-8d21-4b8c-82fc-88315c96ddde/downloads/bevurusip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467008/; classtype:trojan-activity;sid:84330108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/zanozibiwakixubunifelok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467002/; classtype:trojan-activity;sid:84330102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467003)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/hbc_radiomatic_fse_727_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467003/; classtype:trojan-activity;sid:84330103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4335d81-d2e5-4638-9638-30640b1be91f/downloads/sofipidegib.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466999/; classtype:trojan-activity;sid:84330099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/54040f30-acd4-4a4c-a314-5c4c261b537d/downloads/printable_foods_high_in_uric_acid_chart.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467000/; classtype:trojan-activity;sid:84330100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/15318963311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466992/; classtype:trojan-activity;sid:84330092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0f7f4ed-2d7c-4134-aa94-503b1eb6600b/downloads/pagulabomezex.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466993/; classtype:trojan-activity;sid:84330093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/katisugenifikipevas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466996/; classtype:trojan-activity;sid:84330096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/xowawetavudazinomo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466997/; classtype:trojan-activity;sid:84330097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7662afb9-5d02-4eb9-bd3b-6426a66215ee/downloads/2312138967.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466985/; classtype:trojan-activity;sid:84330085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/evaluation_geographie_6eme_habiter_une_metropole.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466986/; classtype:trojan-activity;sid:84330086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466987)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/kobumedigudopixemevuwef.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466987/; classtype:trojan-activity;sid:84330087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/vadigoxevujo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466989/; classtype:trojan-activity;sid:84330089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/64414313920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466991/; classtype:trojan-activity;sid:84330091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466979)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/mizoxuloniwi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466979/; classtype:trojan-activity;sid:84330079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/66244318284.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466984/; classtype:trojan-activity;sid:84330084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/15247939327.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466971/; classtype:trojan-activity;sid:84330071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/example_of_a_lobola_letter_in_zulu.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466972/; classtype:trojan-activity;sid:84330072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466973)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea25ddad-ebb0-4880-b714-a3f2cdadcbd9/downloads/notas_de_dinheiro_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466973/; classtype:trojan-activity;sid:84330073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/606585da-2917-4da6-a9df-810ae6e7fbc1/downloads/asme_sec_8_div_1_appendix_8.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466975/; classtype:trojan-activity;sid:84330075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466976)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/segaxifalawanevake.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466976/; classtype:trojan-activity;sid:84330076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2c827e54-9a2c-449a-9d97-e20f9555c87a/downloads/pearson_iit_foundation_class_9_maths.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466969/; classtype:trojan-activity;sid:84330069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466970)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d2c6212-591e-450b-b673-947709e569a9/downloads/jidikegegudafipi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466970/; classtype:trojan-activity;sid:84330070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466966)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/gupira.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466966/; classtype:trojan-activity;sid:84330066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466958)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/79599984772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466958/; classtype:trojan-activity;sid:84330058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/actaris_meter_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466957/; classtype:trojan-activity;sid:84330057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/passaic_county_technical_institute_salary_guide.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466946/; classtype:trojan-activity;sid:84330046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466950)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0c2227e9-a807-4022-9307-9c68c8629142/downloads/59021495355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466950/; classtype:trojan-activity;sid:84330050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3abea8f6-1776-4586-b4e6-47b414d29e30/downloads/mozosadoboligemuwisuwet.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466951/; classtype:trojan-activity;sid:84330051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466952)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/malaysia_company_employee_handbook.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466952/; classtype:trojan-activity;sid:84330052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/988c0021-e131-496b-8725-ae310052894b/downloads/berakigevep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466937/; classtype:trojan-activity;sid:84330037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/87631223928.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466938/; classtype:trojan-activity;sid:84330038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466941)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/majisumilorenanevivo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466941/; classtype:trojan-activity;sid:84330041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466944)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/risukepidupapa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466944/; classtype:trojan-activity;sid:84330044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c272bee0-a4e4-45f4-a8ce-0b066973e0cb/downloads/gateman_wk_20_english_manual.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466933/; classtype:trojan-activity;sid:84330033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466934)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/koxid.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466934/; classtype:trojan-activity;sid:84330034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/sasufazovosonufowam.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466935/; classtype:trojan-activity;sid:84330035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466929)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6554737977.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466929/; classtype:trojan-activity;sid:84330029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466928)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/43589756342.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466928/; classtype:trojan-activity;sid:84330028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1d231bc1-15b8-4d3d-b451-c05909392126/downloads/71014366481.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466924/; classtype:trojan-activity;sid:84330024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466920)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/29389545569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466920/; classtype:trojan-activity;sid:84330020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/jebagokapinezax.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466915/; classtype:trojan-activity;sid:84330015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/85747587751.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466916/; classtype:trojan-activity;sid:84330016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/ending_a_lease_letter_to_landlord.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466919/; classtype:trojan-activity;sid:84330019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/possession_letter_format_from_builder.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466909/; classtype:trojan-activity;sid:84330009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/mopuma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466910/; classtype:trojan-activity;sid:84330010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466911)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a618ca0f-2608-47c2-ab22-bbc2ca127bb7/downloads/saziva.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466911/; classtype:trojan-activity;sid:84330011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/229e00b6-6232-4273-bd27-55f919ca28b8/downloads/financas_corporativas_teoria_e_pratica.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466912/; classtype:trojan-activity;sid:84330012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466913)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/76c40511-888a-4b14-bb65-87429974a9ff/downloads/gemotukuwitawusagulobez.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466913/; classtype:trojan-activity;sid:84330013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vupenamubow.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466903/; classtype:trojan-activity;sid:84330003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/10269055308.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466904/; classtype:trojan-activity;sid:84330004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/21711123451.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466905/; classtype:trojan-activity;sid:84330005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466900)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/14203617612.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466900/; classtype:trojan-activity;sid:84330000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466902)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4ad6e04-69d1-4aa9-ba9f-c194e0ac5eef/downloads/lotavawofasopupe.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466902/; classtype:trojan-activity;sid:84330002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/mental_state_examination_checklist.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466898/; classtype:trojan-activity;sid:84329998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e5728c18-e5b3-4c69-bf59-a4be42aea8ac/downloads/22515332125.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466893/; classtype:trojan-activity;sid:84329993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466894)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/metso_neles_positioner_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466894/; classtype:trojan-activity;sid:84329994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466895)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/9840498620.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466895/; classtype:trojan-activity;sid:84329995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3fffd8a4-4d1d-42f8-a3e8-f124f6724c06/downloads/kejawisenukasi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466897/; classtype:trojan-activity;sid:84329997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72065953692.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466885/; classtype:trojan-activity;sid:84329985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466890)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ecb10a4-49e9-4fe5-a6bc-f0f227949dd2/downloads/60627448414.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466890/; classtype:trojan-activity;sid:84329990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/ramevedasap.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466881/; classtype:trojan-activity;sid:84329981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/67882203250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466882/; classtype:trojan-activity;sid:84329982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466877)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/df312c7d-f650-4c0e-a98f-02aee1a43694/downloads/77125885812.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466877/; classtype:trojan-activity;sid:84329977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/27721436213.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466864/; classtype:trojan-activity;sid:84329964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6abf7f7e-d12c-48f3-aa9a-703f4ccff8d7/downloads/81403469667.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466866/; classtype:trojan-activity;sid:84329966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466869)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zikirifusotuxusomel.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466869/; classtype:trojan-activity;sid:84329969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c8a6489-894f-4446-8722-19ef31b6a173/downloads/26803015720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466872/; classtype:trojan-activity;sid:84329972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4d2b55bf-cda3-4071-bf2e-8c27282b789f/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466873/; classtype:trojan-activity;sid:84329973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/10387443769.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466875/; classtype:trojan-activity;sid:84329975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zasuporuxumuza.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466876/; classtype:trojan-activity;sid:84329976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466861)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/77235011630.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466861/; classtype:trojan-activity;sid:84329961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466858)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tovidesukowoxam.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466858/; classtype:trojan-activity;sid:84329958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/xijawef.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466845/; classtype:trojan-activity;sid:84329945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466846)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a6301bc9-fbf1-4861-936b-8ce401d46d09/downloads/non_renewal_of_contract_letter_sample.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466846/; classtype:trojan-activity;sid:84329946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/75925905792.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466847/; classtype:trojan-activity;sid:84329947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/561eb1da-cbac-4811-84b8-e841d63e56cb/downloads/fomogivazugararux.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466848/; classtype:trojan-activity;sid:84329948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466849)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3ccd9234-721c-480b-91a1-84bae34c2069/downloads/votudomafuze.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466849/; classtype:trojan-activity;sid:84329949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466851)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ed3e7e73-6deb-4ec1-95e4-868a6659fe93/downloads/manning_guide_hotel_sample.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466851/; classtype:trojan-activity;sid:84329951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/45596981954.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466852/; classtype:trojan-activity;sid:84329952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tilovapexof.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466853/; classtype:trojan-activity;sid:84329953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466838)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/najufijirubedejalu.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466838/; classtype:trojan-activity;sid:84329938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/ludejawirusoxodofe.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466839/; classtype:trojan-activity;sid:84329939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/4959938645.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466843/; classtype:trojan-activity;sid:84329943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/98085965001.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466832/; classtype:trojan-activity;sid:84329932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/attestation_de_non_affiliation_cnas_algerie.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466827/; classtype:trojan-activity;sid:84329927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nidugapageru.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466830/; classtype:trojan-activity;sid:84329930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6f33080-7dde-4e51-88ef-59c9fd931fca/downloads/latoletevuwogerovug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466831/; classtype:trojan-activity;sid:84329931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466818)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/40119004199.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466818/; classtype:trojan-activity;sid:84329918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466822)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/talivejo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466822/; classtype:trojan-activity;sid:84329922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466824)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/ansul_piranha_system_installation_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466824/; classtype:trojan-activity;sid:84329924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466813)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/scada_system_architecture.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466813/; classtype:trojan-activity;sid:84329913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/63541235931.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466814/; classtype:trojan-activity;sid:84329914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/gaylord_texan_hotel_map.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466802/; classtype:trojan-activity;sid:84329902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466803)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/laxokuzigurebudisinatonu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466803/; classtype:trojan-activity;sid:84329903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466805)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/kojutaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466805/; classtype:trojan-activity;sid:84329905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466808)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/civil_engineer_experience_certificate_word_format.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466808/; classtype:trojan-activity;sid:84329908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/55d28ff0-9d0b-42b4-8190-887f90038148/downloads/gimisomogaro.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466799/; classtype:trojan-activity;sid:84329899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466800)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/how_to_write_a_letter_to_society_for_car_parking.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466800/; classtype:trojan-activity;sid:84329900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466801)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78dac1c1-e6f9-4066-ad39-7cbcdc39e651/downloads/93448099882.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466801/; classtype:trojan-activity;sid:84329901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466794)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/payment_under_protest_letter_sample.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466794/; classtype:trojan-activity;sid:84329894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466797)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/43447829480.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466797/; classtype:trojan-activity;sid:84329897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/97374790135.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466798/; classtype:trojan-activity;sid:84329898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466788)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/71423402684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466788/; classtype:trojan-activity;sid:84329888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c9ed0ab-abf7-4895-9a79-d81e87aed60a/downloads/nezumizegorazulamalit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466790/; classtype:trojan-activity;sid:84329890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a4c519f1-5301-485e-9e9c-56d1397df289/downloads/79371210580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466791/; classtype:trojan-activity;sid:84329891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kekososiwixokaz.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466792/; classtype:trojan-activity;sid:84329892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/14889765830.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466778/; classtype:trojan-activity;sid:84329878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rikisiwudepelapopazi.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466779/; classtype:trojan-activity;sid:84329879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/boriwivamafegujiser.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466781/; classtype:trojan-activity;sid:84329881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/seaworld_donation_request_orlando.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466782/; classtype:trojan-activity;sid:84329882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/schumacher_battery_charger_parts_se-4022.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466786/; classtype:trojan-activity;sid:84329886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d83328cf-50de-409a-9bf6-de7a48f66ed6/downloads/40650293844.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466787/; classtype:trojan-activity;sid:84329887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/ap_cm_relief_fund_application_process.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466777/; classtype:trojan-activity;sid:84329877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/narigokukeminozitema.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466768/; classtype:trojan-activity;sid:84329868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466770)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/32231114245.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466770/; classtype:trojan-activity;sid:84329870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa0b65d5-8cfc-4875-922a-b490488b42be/downloads/schmersal_de-_42279_datasheet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466771/; classtype:trojan-activity;sid:84329871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/checklist_format_for_housekeeping_in_hospital.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466772/; classtype:trojan-activity;sid:84329872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/91812224211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466773/; classtype:trojan-activity;sid:84329873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466774)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/rizepigarebovubugebo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466774/; classtype:trojan-activity;sid:84329874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466775)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/kawopixar.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466775/; classtype:trojan-activity;sid:84329875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/93503353547.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466763/; classtype:trojan-activity;sid:84329863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6974f1eb-71bf-4f90-8572-d8ac4e4f765d/downloads/wazakovefonetak.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466764/; classtype:trojan-activity;sid:84329864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9978fe41-dbcb-4b88-8a80-a839de3f86b5/downloads/42576721881.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466758/; classtype:trojan-activity;sid:84329858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466759)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/73769466656.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466759/; classtype:trojan-activity;sid:84329859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/suvuraxelikubok.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466761/; classtype:trojan-activity;sid:84329861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e09336e-0817-489c-96db-d43d5fd51fc4/downloads/i9_birth_certificate_example.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466762/; classtype:trojan-activity;sid:84329862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466750)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/stromer_st1_owners_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466750/; classtype:trojan-activity;sid:84329850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/7215421885.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466753/; classtype:trojan-activity;sid:84329853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466754)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/37979647215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466754/; classtype:trojan-activity;sid:84329854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/tejovejujepotobafoba.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466755/; classtype:trojan-activity;sid:84329855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466756)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/43947647531.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466756/; classtype:trojan-activity;sid:84329856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/97640682614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466747/; classtype:trojan-activity;sid:84329847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/66a9f463-0ae0-4403-bef2-3061bb9e36ef/downloads/rate_list_of_test_in_dr.lal_pathlabs.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466740/; classtype:trojan-activity;sid:84329840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466745)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/taski_procarpet_45_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466745/; classtype:trojan-activity;sid:84329845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466738)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gomik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466738/; classtype:trojan-activity;sid:84329838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466736)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ef27ce0e-c911-4d37-baad-bea065e796b8/downloads/kirekafusofo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466736/; classtype:trojan-activity;sid:84329836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466732)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wiremabodopigotaf.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466732/; classtype:trojan-activity;sid:84329832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466733)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/67856105857.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466733/; classtype:trojan-activity;sid:84329833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466734)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/rubetugetafapojopodibom.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466734/; classtype:trojan-activity;sid:84329834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/3048437595.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466724/; classtype:trojan-activity;sid:84329824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466726)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc370600-8080-4216-8e6c-52a7f34eeccf/downloads/iso_weld_symbols_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466726/; classtype:trojan-activity;sid:84329826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7539d3e4-198a-4c91-addc-38e6066bfe55/downloads/2305786492.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466729/; classtype:trojan-activity;sid:84329829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466730)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/kangwon_land_inc_annual_report.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466730/; classtype:trojan-activity;sid:84329830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/wanigukanewalew.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466731/; classtype:trojan-activity;sid:84329831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/watiwime.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466715/; classtype:trojan-activity;sid:84329815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/638993752.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466716/; classtype:trojan-activity;sid:84329816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/milagetuxinofu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466717/; classtype:trojan-activity;sid:84329817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/51295545026.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466719/; classtype:trojan-activity;sid:84329819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466720)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xezumiriruko.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466720/; classtype:trojan-activity;sid:84329820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/cleavage_front_row_amy_measurements.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466721/; classtype:trojan-activity;sid:84329821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/diamond_sieve_chart.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466708/; classtype:trojan-activity;sid:84329808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09b152c4-bf66-44a7-8224-2992cea3ed0a/downloads/sample_indian_renunciation_form.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466710/; classtype:trojan-activity;sid:84329810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/pelebesepasirokirefukew.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466711/; classtype:trojan-activity;sid:84329811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466712)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/455fd801-8453-4cfe-b6ee-1af9e2a627f6/downloads/7558215776.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466712/; classtype:trojan-activity;sid:84329812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466713)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/50787175728.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466713/; classtype:trojan-activity;sid:84329813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466706)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/rotem_sigma_user_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466706/; classtype:trojan-activity;sid:84329806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466705)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/lista_de_verbos_em_italiano.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466705/; classtype:trojan-activity;sid:84329805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a580c741-29a0-435a-a011-6aa538a5edae/downloads/25870917787.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466702/; classtype:trojan-activity;sid:84329802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/siwetofulugo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466694/; classtype:trojan-activity;sid:84329794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0739216d-b619-42bb-83b4-7432b4331862/downloads/26798739628.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466695/; classtype:trojan-activity;sid:84329795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466696)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/23513409250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466696/; classtype:trojan-activity;sid:84329796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/the_long_dark_crumbling_highway_map.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466697/; classtype:trojan-activity;sid:84329797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466698)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/92332863676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466698/; classtype:trojan-activity;sid:84329798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c633c3b-7c73-43a9-a161-0e7459f617b4/downloads/popajuzokovuluboz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466682/; classtype:trojan-activity;sid:84329782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.36.146.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466683/; classtype:trojan-activity;sid:84329783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466684)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/6759358871.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466684/; classtype:trojan-activity;sid:84329784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466686)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/gelumoxosudasikaxo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466686/; classtype:trojan-activity;sid:84329786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466687)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/47722224691.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466687/; classtype:trojan-activity;sid:84329787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466689)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/57326063662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466689/; classtype:trojan-activity;sid:84329789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/porebejotenojudud.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466691/; classtype:trojan-activity;sid:84329791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466681)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/duff_and_phelps_size_premium_2022.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466681/; classtype:trojan-activity;sid:84329781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466674)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pass_the_pigs_scoring_sheet.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466674/; classtype:trojan-activity;sid:84329774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ae40ccb-f0fa-4b6b-bfcc-06032a30498c/downloads/logical_thinking_worksheets_for_kindergarten.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466679/; classtype:trojan-activity;sid:84329779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466670)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/151743582.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466670/; classtype:trojan-activity;sid:84329770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/13792310994.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466671/; classtype:trojan-activity;sid:84329771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/cessna_172_instrument_panel_layout.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466666/; classtype:trojan-activity;sid:84329766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/24459864622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466667/; classtype:trojan-activity;sid:84329767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466659)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/sap_fico_cutover_activities.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466659/; classtype:trojan-activity;sid:84329759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466662)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/98444125074.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466662/; classtype:trojan-activity;sid:84329762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/686c0a2e-9a90-4936-9f96-7d72f3c65f03/downloads/54960661120.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466663/; classtype:trojan-activity;sid:84329763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/3262231356.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466664/; classtype:trojan-activity;sid:84329764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/livro_pesquisa_bibliografica.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466648/; classtype:trojan-activity;sid:84329748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466650)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/37ff6e83-e399-4f09-b7f3-13b9438039c2/downloads/54456550535.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466650/; classtype:trojan-activity;sid:84329750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/request_letter_format_in_marathi_language.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466652/; classtype:trojan-activity;sid:84329752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466645)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5809a244-7d90-46f4-9de4-ee86dda3a2de/downloads/evaluation_emc_6eme_devenir_collegien.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466645/; classtype:trojan-activity;sid:84329745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd809168-aa55-4437-9a0e-42447fbc16fd/downloads/22731947285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466640/; classtype:trojan-activity;sid:84329740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/hypothecation_cancellation_request_letter_format.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466641/; classtype:trojan-activity;sid:84329741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/182ae1b8-0b64-4790-be7b-698d5e8b3d57/downloads/gidatigexapufalumiwolagad.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466642/; classtype:trojan-activity;sid:84329742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466634)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/aocs_official_method_ce_1b_89.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466634/; classtype:trojan-activity;sid:84329734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pigogini.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466635/; classtype:trojan-activity;sid:84329735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466639)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ab158387-fd14-4136-be83-18d2feafd209/downloads/regonadafufosofujerijasur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466639/; classtype:trojan-activity;sid:84329739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xewegemodigu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466625/; classtype:trojan-activity;sid:84329725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466629)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/displayport_1.4_spec.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466629/; classtype:trojan-activity;sid:84329729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a49e03e-1cf9-44ed-ac44-c378f90fa5f8/downloads/63521883486.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466632/; classtype:trojan-activity;sid:84329732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/262ea410-a887-458b-b5ec-65748ef01e57/downloads/75258476975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466633/; classtype:trojan-activity;sid:84329733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466619)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/dajagunowe.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466619/; classtype:trojan-activity;sid:84329719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466620)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/hypochondria_ielts_reading_answers.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466620/; classtype:trojan-activity;sid:84329720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/migolijidawononavez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466622/; classtype:trojan-activity;sid:84329722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466617)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48cf8ef6-fe89-47b6-9b8e-43119a3d3833/downloads/89759746182.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466617/; classtype:trojan-activity;sid:84329717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/poquito_mas_nutrition_facts.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466613/; classtype:trojan-activity;sid:84329713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/luxutevosevuke.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466610/; classtype:trojan-activity;sid:84329710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466611)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vamiralu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466611/; classtype:trojan-activity;sid:84329711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bonunorovekofa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466605/; classtype:trojan-activity;sid:84329705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/36407415595.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466606/; classtype:trojan-activity;sid:84329706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/82707682561.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466607/; classtype:trojan-activity;sid:84329707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466608)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0620227-6f33-427f-8ac7-1fb80d24bd78/downloads/loxabafefomukewizirefa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466608/; classtype:trojan-activity;sid:84329708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466609)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/metric_bolt_specification_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466609/; classtype:trojan-activity;sid:84329709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466597)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/22305465780.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466597/; classtype:trojan-activity;sid:84329697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/efeaa59e-2423-41d8-b482-9a37e80979c7/downloads/ge_disconnect_switch.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466598/; classtype:trojan-activity;sid:84329698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7518eff6-349e-4445-8380-e1c43aacea7b/downloads/gemudewefedevovep.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466600/; classtype:trojan-activity;sid:84329700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466601)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/tugojokuru.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466601/; classtype:trojan-activity;sid:84329701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466602)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/hadoop_notes_by_durgasoft_ramakrishna.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466602/; classtype:trojan-activity;sid:84329702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/compassionate_leave_letter_examples.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466603/; classtype:trojan-activity;sid:84329703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2294c0f6-d737-4b16-8fca-94076227dda5/downloads/garrison_carbon_monoxide_and_gas_detector_manual.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466604/; classtype:trojan-activity;sid:84329704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/kuradorug.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466593/; classtype:trojan-activity;sid:84329693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/38053692779.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466594/; classtype:trojan-activity;sid:84329694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466595)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/26107131918.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466595/; classtype:trojan-activity;sid:84329695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466587)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tozivagal.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466587/; classtype:trojan-activity;sid:84329687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466591)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b026e03-5af6-461d-a832-b5e23f93b19f/downloads/rojumedevunez.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466591/; classtype:trojan-activity;sid:84329691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nefusajoxepisajejod.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466585/; classtype:trojan-activity;sid:84329685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466581)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tubewerapip.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466581/; classtype:trojan-activity;sid:84329681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/18645484853.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466583/; classtype:trojan-activity;sid:84329683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466584)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/4850921377.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466584/; classtype:trojan-activity;sid:84329684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/basimonuje.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466567/; classtype:trojan-activity;sid:84329667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4490da21-0774-43c2-8f10-26fe1384ffab/downloads/convention_collective_ucanss_mutatio.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466568/; classtype:trojan-activity;sid:84329668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2f6bcf3c-4b23-42e7-95db-7e5e3070b630/downloads/29680644903.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466569/; classtype:trojan-activity;sid:84329669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e297ab99-26f3-4763-8aa9-4b5ba8336826/downloads/61556440139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466571/; classtype:trojan-activity;sid:84329671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/rikeleneliteta.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466572/; classtype:trojan-activity;sid:84329672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dupibutemuxubezukexe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466559/; classtype:trojan-activity;sid:84329659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58f82e37-5723-4fc5-be87-1ca34da7fc9c/downloads/ladovarudugusujo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466561/; classtype:trojan-activity;sid:84329661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/93623530863.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466562/; classtype:trojan-activity;sid:84329662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/31982364803.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466563/; classtype:trojan-activity;sid:84329663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/manually_update_officescan_server.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466564/; classtype:trojan-activity;sid:84329664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/meligofat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466565/; classtype:trojan-activity;sid:84329665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pibajusapasadasizuvabo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466566/; classtype:trojan-activity;sid:84329666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/vuguvukopipokimukunoju.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466552/; classtype:trojan-activity;sid:84329652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/vmware_horizon_not_loading.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466553/; classtype:trojan-activity;sid:84329653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/gekepozokenaxaketojakoj.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466556/; classtype:trojan-activity;sid:84329656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xekinozu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466557/; classtype:trojan-activity;sid:84329657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/tanaber.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466558/; classtype:trojan-activity;sid:84329658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lokodemerukezabakexa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466546/; classtype:trojan-activity;sid:84329646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466547)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wijigezafububofelib.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466547/; classtype:trojan-activity;sid:84329647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466548)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1a64ed17-85a2-4cee-b266-878ed957a17a/downloads/wezixipusafa.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466548/; classtype:trojan-activity;sid:84329648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ed9a7df-8325-4b88-b206-4975011bd8d3/downloads/73303046927.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466551/; classtype:trojan-activity;sid:84329651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466544)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vafibezesixura.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466544/; classtype:trojan-activity;sid:84329644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466542)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdf9b72e-240a-4a41-ac28-e187be75db3e/downloads/10008295817.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466542/; classtype:trojan-activity;sid:84329642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466539)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/35017680871.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466539/; classtype:trojan-activity;sid:84329639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466534)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b5346c1d-c474-4a92-9b4c-cbf0eee37189/downloads/jamupipenimewuroveg.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466534/; classtype:trojan-activity;sid:84329634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/ritiwuga.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466523/; classtype:trojan-activity;sid:84329623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/98558988287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466524/; classtype:trojan-activity;sid:84329624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d8c405e-d09a-43e6-b2b9-f8bbfe0e4b05/downloads/japifitakudisudupuweb.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466525/; classtype:trojan-activity;sid:84329625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b7519557-5091-4de7-b104-8e86c3953c5d/downloads/66697702965.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466527/; classtype:trojan-activity;sid:84329627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4d8863b-da23-437d-86ed-df2351a23265/downloads/sazodaxorega.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466528/; classtype:trojan-activity;sid:84329628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466512)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/36655168913.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466512/; classtype:trojan-activity;sid:84329612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wevularaboxurewugawe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466513/; classtype:trojan-activity;sid:84329613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466514)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/rubizegelolulagexarunup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466514/; classtype:trojan-activity;sid:84329614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466515)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/pipe_fittings_surface_area_chart.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466515/; classtype:trojan-activity;sid:84329615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/ludirov.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466517/; classtype:trojan-activity;sid:84329617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/jedibam.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466521/; classtype:trojan-activity;sid:84329621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466522)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c2f5ec0b-52d8-40cb-8fa6-a66f6f891fa9/downloads/64630520522.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466522/; classtype:trojan-activity;sid:84329622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466507)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30963207670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466507/; classtype:trojan-activity;sid:84329607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466508)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/36202936872.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466508/; classtype:trojan-activity;sid:84329608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466509)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/738cd3ca-10f0-4f1e-865e-c0932904fbb2/downloads/28412734415.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466509/; classtype:trojan-activity;sid:84329609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466503)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atpco_fare_filing_manual_s.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466503/; classtype:trojan-activity;sid:84329603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466504)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gartner_magic_quadrant_ips.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466504/; classtype:trojan-activity;sid:84329604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466505)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/xawegifurixikinixi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466505/; classtype:trojan-activity;sid:84329605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nolovafitavire.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466501/; classtype:trojan-activity;sid:84329601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466495)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/mojijodexiv.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466495/; classtype:trojan-activity;sid:84329595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466497)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/xipefodefanotare.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466497/; classtype:trojan-activity;sid:84329597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466498)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gekulafemidafalijuw.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466498/; classtype:trojan-activity;sid:84329598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466489)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/types_of_lines_in_construction_drawings.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466489/; classtype:trojan-activity;sid:84329589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466492)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/libububodanusakamarad.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466492/; classtype:trojan-activity;sid:84329592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466480)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/41202776349.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466480/; classtype:trojan-activity;sid:84329580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466481)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dc583f51-62de-45fb-b9c6-f152dd4c2594/downloads/combining_like_terms_pyramid_worksheet_answers.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466481/; classtype:trojan-activity;sid:84329581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466482)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1dc2c198-09f6-4966-96bb-2e160c7d78e2/downloads/55840145977.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466482/; classtype:trojan-activity;sid:84329582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466484)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/puzenesariwalez.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466484/; classtype:trojan-activity;sid:84329584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466485)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0eb552d-3ccf-4b3e-a340-0e3717106147/downloads/kalozarisi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466485/; classtype:trojan-activity;sid:84329585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466486)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/wilikof.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466486/; classtype:trojan-activity;sid:84329586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466487)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/geruzirejexexani.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466487/; classtype:trojan-activity;sid:84329587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466488)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120151100if_/https://uploads.strikinglycdn.com/files/88fe4363-1198-45e6-9226-8b94f28355d4/biwuzu.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466488/; classtype:trojan-activity;sid:84329588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9d9f96-a289-4877-85d4-e6d2d4cc419c/downloads/minerva_t2000_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466476/; classtype:trojan-activity;sid:84329576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/siemens_pcs_7_full_training_manual.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466474/; classtype:trojan-activity;sid:84329574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sojawamiluredowad.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466472/; classtype:trojan-activity;sid:84329572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/add57eeb-0480-4d3e-871c-79d9b8fe2772/downloads/lozataroziwukurejigax.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466462/; classtype:trojan-activity;sid:84329562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/capacitor_bank_preventive_maintenance_checklist.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466463/; classtype:trojan-activity;sid:84329563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/jesafi.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466464/; classtype:trojan-activity;sid:84329564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wofewipawo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466465/; classtype:trojan-activity;sid:84329565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89849145142.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466469/; classtype:trojan-activity;sid:84329569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466460)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c26a93a-50bb-4104-895b-059e3fc9a02c/downloads/zoxinigexozojadidara.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466460/; classtype:trojan-activity;sid:84329560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/demande_d_allocation_chomage_pole_emploi.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466454/; classtype:trojan-activity;sid:84329554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tutorialspoint_sap_pp.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466459/; classtype:trojan-activity;sid:84329559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466449)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/lafebokoz.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466449/; classtype:trojan-activity;sid:84329549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466450)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/advance_payment_request_letter_format_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466450/; classtype:trojan-activity;sid:84329550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/boilermaker_drawings_and_developments.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466452/; classtype:trojan-activity;sid:84329552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/telcordia_sr_332_issue_4.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466444/; classtype:trojan-activity;sid:84329544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/stopaq_application_manual_2018.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466445/; classtype:trojan-activity;sid:84329545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466447)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3daad7b2-98c5-4dc1-b37a-5570afcba267/downloads/40472163846.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466447/; classtype:trojan-activity;sid:84329547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466439)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89247847196.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466439/; classtype:trojan-activity;sid:84329539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/72993487295.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466440/; classtype:trojan-activity;sid:84329540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466441)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9155fa-7173-4766-94c3-9e400d4aed58/downloads/def_stan_91-91.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466441/; classtype:trojan-activity;sid:84329541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/42d6a3b4-bbc0-47ab-bf86-c3ddb806b2ed/downloads/rafadaduveputev.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466443/; classtype:trojan-activity;sid:84329543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/woleb.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466417/; classtype:trojan-activity;sid:84329517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dururotilonid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466418/; classtype:trojan-activity;sid:84329518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466419)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/150_dialogues_en_francais.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466419/; classtype:trojan-activity;sid:84329519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466420)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/88031585580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466420/; classtype:trojan-activity;sid:84329520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/dollar_general_cbl_answers_robbery_prevention.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466423/; classtype:trojan-activity;sid:84329523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466424)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4e8158-a082-4b1f-960e-1d82a946a72b/downloads/76239393989.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466424/; classtype:trojan-activity;sid:84329524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466414)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51c1105d-a687-468d-b1aa-293ca9578a34/downloads/giwuroganapedokozijave.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466414/; classtype:trojan-activity;sid:84329514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466406)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50e5aae7-a15c-4d74-a4ed-a8edfca980c4/downloads/atividades_adaptadas_de_ingles_para_deficientes_intelectuais.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466406/; classtype:trojan-activity;sid:84329506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466407)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/24465842333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466407/; classtype:trojan-activity;sid:84329507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/12922543008.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466410/; classtype:trojan-activity;sid:84329510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/20643132370.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466412/; classtype:trojan-activity;sid:84329512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466413)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/95435099570.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466413/; classtype:trojan-activity;sid:84329513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2bb4e8cb-ec7e-44c1-a645-d94d4534f3a4/downloads/far_from_you_tess_sharpe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466401/; classtype:trojan-activity;sid:84329501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87076889980.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466403/; classtype:trojan-activity;sid:84329503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466395)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120151100/https://uploads.strikinglycdn.com/files/88fe4363-1198-45e6-9226-8b94f28355d4/biwuzu.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466395/; classtype:trojan-activity;sid:84329495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466396)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/40331451843.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466396/; classtype:trojan-activity;sid:84329496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/sumitomo_f50_compressor_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466397/; classtype:trojan-activity;sid:84329497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466398)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tusosexukitut.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466398/; classtype:trojan-activity;sid:84329498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466387)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466387/; classtype:trojan-activity;sid:84329487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d45c0d9d-8581-471d-bee0-51d1b9891f05/downloads/nisisot.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466389/; classtype:trojan-activity;sid:84329489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/16219919996.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466391/; classtype:trojan-activity;sid:84329491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/famous_athletes_banned_for_drug_use.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466392/; classtype:trojan-activity;sid:84329492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466393)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/31075581028.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466393/; classtype:trojan-activity;sid:84329493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466394)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/table_trigonometrique_complet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466394/; classtype:trojan-activity;sid:84329494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f20719e2-319c-4f10-aabc-5dffb4a98912/downloads/45233279752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466385/; classtype:trojan-activity;sid:84329485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466376)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/10e01255-b324-4a54-ae63-f4e28a319147/downloads/how_to_make_authorization_letter_to_claim_money_in_palawan.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466376/; classtype:trojan-activity;sid:84329476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466378)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/baropuzijavalerivotenujop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466378/; classtype:trojan-activity;sid:84329478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466379)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15135097712.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466379/; classtype:trojan-activity;sid:84329479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466366)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/demag_ac_350_dwg.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466366/; classtype:trojan-activity;sid:84329466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6479094-5bf7-4b46-9ced-d0f3d0d49751/downloads/63982701040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466370/; classtype:trojan-activity;sid:84329470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e35dded4-68df-49bc-a9b0-aad8c63628c2/downloads/polipuzikiwelines.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466371/; classtype:trojan-activity;sid:84329471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/jakirezimukixinirivuvizuw.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466372/; classtype:trojan-activity;sid:84329472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466373)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4bf44b4-a39c-49f8-89f5-4b487ef61751/downloads/safety_precautions_during_rainy_season_ppt.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466373/; classtype:trojan-activity;sid:84329473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gasanon.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466358/; classtype:trojan-activity;sid:84329458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87218120165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466359/; classtype:trojan-activity;sid:84329459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/2687436544.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466355/; classtype:trojan-activity;sid:84329455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466356)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/astonishment_report_example_template_free.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466356/; classtype:trojan-activity;sid:84329456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4454ad30-3f6f-488a-b5e6-19e7bcca2146/downloads/duzinijilufixikedaluw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466353/; classtype:trojan-activity;sid:84329453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47a03532-4838-4d3f-b185-a29c87fa882c/downloads/24511080679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466340/; classtype:trojan-activity;sid:84329440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466341)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/35512569741.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466341/; classtype:trojan-activity;sid:84329441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/fiselarodinolapin.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466344/; classtype:trojan-activity;sid:84329444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/fonuferin.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466348/; classtype:trojan-activity;sid:84329448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466349)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/59681288373.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466349/; classtype:trojan-activity;sid:84329449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9db526fb-d62a-447a-9766-8665158ad47a/downloads/skf_linear_bearing_catalogue.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466350/; classtype:trojan-activity;sid:84329450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466336)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98a1791f-f3a9-4ef2-ac34-41b3393c3d1d/downloads/original_documents_handover_letter_format.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466336/; classtype:trojan-activity;sid:84329436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/60272662631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466337/; classtype:trojan-activity;sid:84329437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466338)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa44ab49-4d64-4d64-8bfd-2dfce545052f/downloads/limitations_act_2004_nigeria.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466338/; classtype:trojan-activity;sid:84329438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466331)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72cc53f9-3bf4-447c-963a-353f48ad8500/downloads/puwutokok.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466331/; classtype:trojan-activity;sid:84329431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466333)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/emdr_cognitive_interweaves.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466333/; classtype:trojan-activity;sid:84329433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466325)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/15715958975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466325/; classtype:trojan-activity;sid:84329425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sanugesijeviwo.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466326/; classtype:trojan-activity;sid:84329426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466327)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/167862b3-31e9-4984-90e5-30766e3a7fa8/downloads/20740408467.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466327/; classtype:trojan-activity;sid:84329427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466316)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/22914289512.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466316/; classtype:trojan-activity;sid:84329416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f842cd9f-c67c-4749-ba01-22d7c1ea502c/downloads/93070455772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466317/; classtype:trojan-activity;sid:84329417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466319)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/61240910211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466319/; classtype:trojan-activity;sid:84329419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/33251318472.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466320/; classtype:trojan-activity;sid:84329420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/84098559127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466321/; classtype:trojan-activity;sid:84329421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466322)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kaxajopisojurivo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466322/; classtype:trojan-activity;sid:84329422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466324)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vehicle_sale_agreement_format_in_word_kerala_online_applicat.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466324/; classtype:trojan-activity;sid:84329424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/everstart_750_amp_jump_starter_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466312/; classtype:trojan-activity;sid:84329412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/manual_ppap_4_edicao.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466313/; classtype:trojan-activity;sid:84329413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/3703775959.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466314/; classtype:trojan-activity;sid:84329414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/womirojepu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466305/; classtype:trojan-activity;sid:84329405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/lord_of_the_flies_script.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466307/; classtype:trojan-activity;sid:84329407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466309)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/38102271043.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466309/; classtype:trojan-activity;sid:84329409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/depo_provera_osteoporosis_guidelines.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466304/; classtype:trojan-activity;sid:84329404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/397fbc33-145f-44ec-a774-e1fa1b866d82/downloads/fekesijurada.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466301/; classtype:trojan-activity;sid:84329401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466293)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/78299826683.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466293/; classtype:trojan-activity;sid:84329393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/billetes_didacticos_mexicanos_para_imprimir.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466283/; classtype:trojan-activity;sid:84329383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466284)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/xutodorimalibavexididoson.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466284/; classtype:trojan-activity;sid:84329384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466285)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/vatalikuxigepiwu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466285/; classtype:trojan-activity;sid:84329385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2fda8269-9b7e-4008-b093-ed7dc0bde9d7/downloads/zinivegosejuriwevagowu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466286/; classtype:trojan-activity;sid:84329386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466288)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/dotuxomolomorapitome.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466288/; classtype:trojan-activity;sid:84329388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466289)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/541a1d8b-7a21-4c1f-8013-03406bd1a8ad/downloads/mevuxurike.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466289/; classtype:trojan-activity;sid:84329389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466291)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/jubomumifekomu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466291/; classtype:trojan-activity;sid:84329391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa25c895-a966-4265-aeb1-bc094284554e/downloads/jifig.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466279/; classtype:trojan-activity;sid:84329379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/90378982159.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466280/; classtype:trojan-activity;sid:84329380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466282)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jodegemotekuseve.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466282/; classtype:trojan-activity;sid:84329382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466268)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/46578941429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466268/; classtype:trojan-activity;sid:84329368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/elenco_corsi_vam_viterbo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466269/; classtype:trojan-activity;sid:84329369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/17714436684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466259/; classtype:trojan-activity;sid:84329359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/planet_fitness_membership_cancellation_letter.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466260/; classtype:trojan-activity;sid:84329360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466261)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/61105974714.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466261/; classtype:trojan-activity;sid:84329361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/933c3405-1572-4648-b39e-d98567eb5bee/downloads/for_your_kind_perusal_and_necessary_action_meaning.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466266/; classtype:trojan-activity;sid:84329366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466267)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/scrubber_design_calculation_excel.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466267/; classtype:trojan-activity;sid:84329367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6787db73-833d-4393-867e-1b786eb5e101/downloads/60859753638.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466249/; classtype:trojan-activity;sid:84329349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466252)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/why_is_annexure_d_required_for_minor_passport.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466252/; classtype:trojan-activity;sid:84329352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466253)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/574284889.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466253/; classtype:trojan-activity;sid:84329353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/xikapataxofako.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466254/; classtype:trojan-activity;sid:84329354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466255)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lobigexapi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466255/; classtype:trojan-activity;sid:84329355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466256)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2470d53e-fef7-4646-9c8b-919894e66d18/downloads/72646482584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466256/; classtype:trojan-activity;sid:84329356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466245)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7153ec40-cd7f-411a-a08b-66d173a33455/downloads/standards_australia_handbook_197.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466245/; classtype:trojan-activity;sid:84329345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466247)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/55745505506.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466247/; classtype:trojan-activity;sid:84329347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/43311556781.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466241/; classtype:trojan-activity;sid:84329341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466244)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/80691091889.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466244/; classtype:trojan-activity;sid:84329344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466238)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sewuxazomuwara.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466238/; classtype:trojan-activity;sid:84329338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ce549e8-3051-428a-a71b-b48f204ac3cd/downloads/rapid_router_level_43_solution.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466231/; classtype:trojan-activity;sid:84329331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466232)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0620bed2-a9d8-4f06-ab8c-173ea1a60a70/downloads/jijegarazomimubusawogam.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466232/; classtype:trojan-activity;sid:84329332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466233)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/matunekuv.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466233/; classtype:trojan-activity;sid:84329333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/statsafe_3000_msds.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466230/; classtype:trojan-activity;sid:84329330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/82647770508.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466221/; classtype:trojan-activity;sid:84329321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466222)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee3e2894-0337-41f6-9371-caecf7034a22/downloads/26991821255.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466222/; classtype:trojan-activity;sid:84329322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/gesuzodekutiz.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466226/; classtype:trojan-activity;sid:84329326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466227)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/how_to_register_in_upstox.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466227/; classtype:trojan-activity;sid:84329327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/exercises_for_trigger_thumb.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466228/; classtype:trojan-activity;sid:84329328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466229)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/132d13c5-3f89-41bf-85b4-d1a24ddcf61c/downloads/nosiwevixina.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466229/; classtype:trojan-activity;sid:84329329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a56a106f-21b9-46c2-b5bc-12461919334c/downloads/vurarufa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466215/; classtype:trojan-activity;sid:84329315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466217)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_get_a_wire_transfer_receipt_chase.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466217/; classtype:trojan-activity;sid:84329317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/3175972790.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466219/; classtype:trojan-activity;sid:84329319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/apex_sl_vibration_controller_manual.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466213/; classtype:trojan-activity;sid:84329313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nakozixuwelafi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466214/; classtype:trojan-activity;sid:84329314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mobesapovasag.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466205/; classtype:trojan-activity;sid:84329305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/imperial_vernier_caliper_worksheet.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466206/; classtype:trojan-activity;sid:84329306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/62228929609.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466208/; classtype:trojan-activity;sid:84329308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/91a706e9-d066-47d7-89af-69535d865c3d/downloads/carteirinha_de_estudante_falsa_em.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466209/; classtype:trojan-activity;sid:84329309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/35740879646.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466196/; classtype:trojan-activity;sid:84329296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466201)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/zeneliginuboripiriza.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466201/; classtype:trojan-activity;sid:84329301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6bb5c8cf-e89d-49c0-aeeb-7278d39f6b32/downloads/fiche_grcf_bts_gpme.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466202/; classtype:trojan-activity;sid:84329302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/77724997403.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466193/; classtype:trojan-activity;sid:84329293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/xinunivigaxelifujukedo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466181/; classtype:trojan-activity;sid:84329281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466182)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/pidipaxiworoguvosifap.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466182/; classtype:trojan-activity;sid:84329282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466183)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rent_receipt_format_in_ms_word.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466183/; classtype:trojan-activity;sid:84329283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nipipuk.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466184/; classtype:trojan-activity;sid:84329284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466185)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/67271829455.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466185/; classtype:trojan-activity;sid:84329285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/57390845107.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466186/; classtype:trojan-activity;sid:84329286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/45659404876.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466187/; classtype:trojan-activity;sid:84329287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466189)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/80200009732.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466189/; classtype:trojan-activity;sid:84329289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a657e0c-a872-4028-94b8-811aea249c49/downloads/shl_general_ability_test_answers_reddit.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466190/; classtype:trojan-activity;sid:84329290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06823f9b-45c4-43cb-a44f-1f9f645cebcf/downloads/32406777299.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466175/; classtype:trojan-activity;sid:84329275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/7694747911.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466177/; classtype:trojan-activity;sid:84329277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466178)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/danokubiwen.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466178/; classtype:trojan-activity;sid:84329278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466179)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/xibuvajuxaluvotom.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466179/; classtype:trojan-activity;sid:84329279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/8393439781.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466180/; classtype:trojan-activity;sid:84329280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_cancel_print_job_on_zebra_gk420d.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466172/; classtype:trojan-activity;sid:84329272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466169)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b83dcfc0-bbe6-4498-b356-e365ec2ed396/downloads/zofafiba.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466169/; classtype:trojan-activity;sid:84329269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466161)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/les_jours_de_la_semaine_exercices.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466161/; classtype:trojan-activity;sid:84329261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466162)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/90213521835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466162/; classtype:trojan-activity;sid:84329262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/28725733968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466154/; classtype:trojan-activity;sid:84329254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7aa15cc-b2d1-4fef-8a47-8d7810090a9c/downloads/jenuwegipujodunoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466149/; classtype:trojan-activity;sid:84329249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dowuvibatekijutajuvavu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466151/; classtype:trojan-activity;sid:84329251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/14196656823.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466152/; classtype:trojan-activity;sid:84329252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466153)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44a9091e-2134-47ec-8037-250483142ad3/downloads/kenmore_elite_665.12783_k311_service_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466153/; classtype:trojan-activity;sid:84329253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466145)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/navy_uic_code_list.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466145/; classtype:trojan-activity;sid:84329245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f2acd38-413e-47a5-ac42-d6305581bfab/downloads/logerafanekox.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466147/; classtype:trojan-activity;sid:84329247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466140)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/zakojamoderuvovu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466140/; classtype:trojan-activity;sid:84329240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/successfactors_recruiting_implementation_guide.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466133/; classtype:trojan-activity;sid:84329233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466134)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/97474238027.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466134/; classtype:trojan-activity;sid:84329234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddcbbbab-f8a6-4067-a450-a2f971a66e79/downloads/daikin_ac_remote_control_guide.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466135/; classtype:trojan-activity;sid:84329235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/lebuk.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466138/; classtype:trojan-activity;sid:84329238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466139)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/71642361311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466139/; classtype:trojan-activity;sid:84329239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466128)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kumujadirifokekikivexe.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466128/; classtype:trojan-activity;sid:84329228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466130)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/2818265442.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466130/; classtype:trojan-activity;sid:84329230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/examenes_psicometricos_pruebas_psicometricas_gratis_para_imp.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466132/; classtype:trojan-activity;sid:84329232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466122)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4252a31f-7a57-4ac8-a31e-ee71b2361194/downloads/61162239689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466122/; classtype:trojan-activity;sid:84329222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/43b3ecff-25d4-4371-99a8-6df485cf4fd5/downloads/amoeba_sisters_classification_worksheet.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466125/; classtype:trojan-activity;sid:84329225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/fundamentals_of_power_supply_design_book.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466115/; classtype:trojan-activity;sid:84329215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466116/; classtype:trojan-activity;sid:84329216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15938565950.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466117/; classtype:trojan-activity;sid:84329217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466107)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5271715-d4c2-447f-bd8c-804dbc17722c/downloads/experience_certificate_format_for_quality_control_engineer.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466107/; classtype:trojan-activity;sid:84329207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b7f80b5-fb34-497d-8072-447feb44da09/downloads/lewamagoromizesa.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466109/; classtype:trojan-activity;sid:84329209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/courier_declaration_format.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466110/; classtype:trojan-activity;sid:84329210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466104)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruripumefenezalizaf.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466104/; classtype:trojan-activity;sid:84329204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/32a18e69-8d9d-488c-b50f-45023ca24343/downloads/87353354077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466101/; classtype:trojan-activity;sid:84329201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20305303180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466092/; classtype:trojan-activity;sid:84329192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/kutapodisub.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466099/; classtype:trojan-activity;sid:84329199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0919b7e4-2541-44dd-b945-9d5e6d22eaf1/downloads/xibegakibojonabawaz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466100/; classtype:trojan-activity;sid:84329200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/doxuwiponubagexotabos.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466083/; classtype:trojan-activity;sid:84329183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466084)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/54308720858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466084/; classtype:trojan-activity;sid:84329184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/gomanelakog.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466085/; classtype:trojan-activity;sid:84329185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466088)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120190836if_/https://uploads.strikinglycdn.com/files/b0540ac5-815e-4909-8298-84c9806edce8/9652748319.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466088/; classtype:trojan-activity;sid:84329188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466089)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/nx_nastran_element_library_reference_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466089/; classtype:trojan-activity;sid:84329189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/collibra_expert_i_certification_answers_sheet_download_2017.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466074/; classtype:trojan-activity;sid:84329174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4ec11559-69c0-4903-84a6-3240babfcfe7/downloads/lapagikevipewijumodoru.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466075/; classtype:trojan-activity;sid:84329175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466076)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/formulaire_virement_international_banque_postale.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466076/; classtype:trojan-activity;sid:84329176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/96273346643.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466078/; classtype:trojan-activity;sid:84329178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1feaf4a2-3a85-48bd-b975-ab8d5bcee640/downloads/30816276176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466079/; classtype:trojan-activity;sid:84329179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/rent_brokerage_receipt_format_word.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466070/; classtype:trojan-activity;sid:84329170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466071)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8439ca10-a5ac-4299-aa09-54ab615a2090/downloads/bozagororaxurivir.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466071/; classtype:trojan-activity;sid:84329171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/54016191818.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466072/; classtype:trojan-activity;sid:84329172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f0d27cad-ce96-47a4-a6b6-d00149677212/downloads/87562723190.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466073/; classtype:trojan-activity;sid:84329173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/swot_analysis_for_poultry_farming.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466066/; classtype:trojan-activity;sid:84329166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/bosokoxa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466067/; classtype:trojan-activity;sid:84329167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/69034861186.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466063/; classtype:trojan-activity;sid:84329163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/14962502915.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466065/; classtype:trojan-activity;sid:84329165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/42589334771.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466060/; classtype:trojan-activity;sid:84329160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/banksman_hand_signals.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466054/; classtype:trojan-activity;sid:84329154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/5985868832.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466055/; classtype:trojan-activity;sid:84329155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466056)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/voter_list_delhi_2018.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466056/; classtype:trojan-activity;sid:84329156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99737319160.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466058/; classtype:trojan-activity;sid:84329158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466045)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/71653623394.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466045/; classtype:trojan-activity;sid:84329145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466047)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/testing_and_commissioning_of_electrical_equipment.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466047/; classtype:trojan-activity;sid:84329147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466048)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ffc09a0-c9a4-4762-8145-43798f2fda71/downloads/back_to_work_from_maternity_leave_email.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466048/; classtype:trojan-activity;sid:84329148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/xepaxijaniwitofoxipoja.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466049/; classtype:trojan-activity;sid:84329149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de43da9e-bc77-4e56-a909-0e72ba746cf9/downloads/electricity_bill_name_change_noc_format.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466051/; classtype:trojan-activity;sid:84329151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/formulaire_ordre_de_virement_banque_postale.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466052/; classtype:trojan-activity;sid:84329152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/76135669664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466053/; classtype:trojan-activity;sid:84329153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466039)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23ec0b56-0ae7-4e41-8565-08e517b0b386/downloads/gatamalepuberik.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466039/; classtype:trojan-activity;sid:84329139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466040)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/97106569323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466040/; classtype:trojan-activity;sid:84329140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466041)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e3d230e-4918-4f4b-8a10-8ee933aabcaf/downloads/99772344048.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466041/; classtype:trojan-activity;sid:84329141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/wapurexep.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466037/; classtype:trojan-activity;sid:84329137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19668bf7-0111-4cbb-8050-06562ac08bba/downloads/steps_to_create_template_instance_in_tosca.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466032/; classtype:trojan-activity;sid:84329132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/bidoxefemoduxunirez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466033/; classtype:trojan-activity;sid:84329133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466034)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/88817028453.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466034/; classtype:trojan-activity;sid:84329134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/job_work_challan_format_in_excel.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466027/; classtype:trojan-activity;sid:84329127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466028)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34794329-fa5b-49f8-8f60-fb0720b1e556/downloads/14476765670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466028/; classtype:trojan-activity;sid:84329128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/14431999044.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466016/; classtype:trojan-activity;sid:84329116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466017)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/21303726077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466017/; classtype:trojan-activity;sid:84329117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/minupawuferogu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466018/; classtype:trojan-activity;sid:84329118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b071d266-376f-40c9-bb70-11ca77d8051b/downloads/36008974689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466020/; classtype:trojan-activity;sid:84329120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466021)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/60919645191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466021/; classtype:trojan-activity;sid:84329121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/audit_professional_clearance_letter_template.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466022/; classtype:trojan-activity;sid:84329122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30072850819.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466023/; classtype:trojan-activity;sid:84329123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/75213021290.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466024/; classtype:trojan-activity;sid:84329124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/law-making_process_in_zimbabwe.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466025/; classtype:trojan-activity;sid:84329125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/363b8b8c-bdd6-4ad7-ac6c-ba65cd60171b/downloads/abaqus_user_subroutine_reference_guide.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466011/; classtype:trojan-activity;sid:84329111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/85845004614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466014/; classtype:trojan-activity;sid:84329114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466005)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/genuwafazapibiwinowafal.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466005/; classtype:trojan-activity;sid:84329105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20322886839.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466006/; classtype:trojan-activity;sid:84329106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gagibipawuzepakan.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466008/; classtype:trojan-activity;sid:84329108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/sample_authorization_letter_to_get_psa_marriage_certificate.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466002/; classtype:trojan-activity;sid:84329102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/8517821794.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465993/; classtype:trojan-activity;sid:84329093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465994)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/padanad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465994/; classtype:trojan-activity;sid:84329094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465995)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9971747c-d991-46ae-b932-5ba73958e604/downloads/fojajexuretimototatoles.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465995/; classtype:trojan-activity;sid:84329095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mosodekasaxozebopajebibe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465996/; classtype:trojan-activity;sid:84329096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f264223f-22e7-47f1-947d-9e365a75e217/downloads/96358679127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465999/; classtype:trojan-activity;sid:84329099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f65856df-6ee2-426f-901a-fbcb5106e767/downloads/22057173676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466000/; classtype:trojan-activity;sid:84329100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/butterfly_roof_construction_detail.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465984/; classtype:trojan-activity;sid:84329084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/baxejatoxenidomixidedax.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465985/; classtype:trojan-activity;sid:84329085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/17465496427.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465986/; classtype:trojan-activity;sid:84329086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/zabefenakozevopesomewazi.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465989/; classtype:trojan-activity;sid:84329089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/jaladimurefasetuzukiwaxit.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465991/; classtype:trojan-activity;sid:84329091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wofalobomosotanavuze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465992/; classtype:trojan-activity;sid:84329092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465980)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0d21a9d5-01df-4a9e-9327-883996b2f71d/downloads/ansi_electrical_symbols_standards.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465980/; classtype:trojan-activity;sid:84329080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465974)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a435afa7-bc93-481f-8a35-ce503cc8a972/downloads/sri_rudram_namakam_chamakam_tamil.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465974/; classtype:trojan-activity;sid:84329074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/tumiwujuluxuwaxi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465975/; classtype:trojan-activity;sid:84329075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465977)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/denutetoraditut.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465977/; classtype:trojan-activity;sid:84329077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465961)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/bifidetogatovotuwideki.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465961/; classtype:trojan-activity;sid:84329061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465962)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/baroque_guitar_tab.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465962/; classtype:trojan-activity;sid:84329062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465963)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7f34267e-2563-449a-82e3-60f19988c45d/downloads/lic_jeevan_saral_plan_165_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465963/; classtype:trojan-activity;sid:84329063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465965)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/69187265192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465965/; classtype:trojan-activity;sid:84329065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d551812a-3c47-48f1-bc1d-3ac42c3f246c/downloads/rigumudusogepivana.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465968/; classtype:trojan-activity;sid:84329068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/5528845131.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465969/; classtype:trojan-activity;sid:84329069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/74129229699.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465971/; classtype:trojan-activity;sid:84329071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/historietas_del_medio_ambiente_largas.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465957/; classtype:trojan-activity;sid:84329057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465955)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/62049175170.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465955/; classtype:trojan-activity;sid:84329055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465949)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/10908647555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465949/; classtype:trojan-activity;sid:84329049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/maxabamuxixotabevifutiw.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465951/; classtype:trojan-activity;sid:84329051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465953)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/downgrade_oracle_database_from_19c_to_11g.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465953/; classtype:trojan-activity;sid:84329053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465945)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/individual_development_plan_powerpoint_template.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465945/; classtype:trojan-activity;sid:84329045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/64954946228.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465946/; classtype:trojan-activity;sid:84329046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465939)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/bapozujipo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465939/; classtype:trojan-activity;sid:84329039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4872c6d8-aa46-4e32-b809-43d741337793/downloads/74841624584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465931/; classtype:trojan-activity;sid:84329031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465932)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a90d4c9-f215-49ec-8178-8e50febf5250/downloads/tedutogonisijetinikiw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465932/; classtype:trojan-activity;sid:84329032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/wipofuta.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465933/; classtype:trojan-activity;sid:84329033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4cb1e8a7-0f1a-4c3a-ae4d-65ac09f78b80/downloads/fenekipejivatoxeni.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465935/; classtype:trojan-activity;sid:84329035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/wolarodipuxusisug.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465937/; classtype:trojan-activity;sid:84329037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c3be0091-4534-4191-a72e-570acc745d3e/downloads/attestation_de_prise_en_charge_tlscontact.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465938/; classtype:trojan-activity;sid:84329038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa4295b9-8c98-4187-bbf8-91c9d7ce5f9e/downloads/89606848887.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465924/; classtype:trojan-activity;sid:84329024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465926)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44d0963d-ba71-4620-abdb-e3c6631b392b/downloads/balance_confirmation_letter_format_in_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465926/; classtype:trojan-activity;sid:84329026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/rollo_tomassi_the_rational_male_turkce.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465912/; classtype:trojan-activity;sid:84329012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465914)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800bda9c-ed1b-45a1-a7d5-702e4e14f980/downloads/pmp_42_processes_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465914/; classtype:trojan-activity;sid:84329014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/86917927693.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465915/; classtype:trojan-activity;sid:84329015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/methodologie_du_commentaire_compose_francais.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465916/; classtype:trojan-activity;sid:84329016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gauss_elimination_method_example_with_solution.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465919/; classtype:trojan-activity;sid:84329019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5f03ee03-a319-4a1e-a052-a99710c59365/downloads/bujulodipesotixugakujup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465910/; classtype:trojan-activity;sid:84329010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465906)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/hsbc_bank_statement.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465906/; classtype:trojan-activity;sid:84329006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/94e1955e-c7d2-4e11-a6ac-7a5ec652d6cd/downloads/suzuki_dt4_owners_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465909/; classtype:trojan-activity;sid:84329009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f5eeb54-04ec-4a30-bb55-41e413d1f3ed/downloads/open_pit_mine_planning_and_design.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465903/; classtype:trojan-activity;sid:84329003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ceb9a026-f6c4-4e26-a968-d8e0e8d06aaa/downloads/tevedowopalugafaxoro.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465904/; classtype:trojan-activity;sid:84329004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adb32098-1c7a-4519-9e53-ced990fc5d88/downloads/kuniwuzujujurejovewo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465905/; classtype:trojan-activity;sid:84329005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465896)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/76236294804.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465896/; classtype:trojan-activity;sid:84328996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/pamolitix.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465897/; classtype:trojan-activity;sid:84328997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/42508658220.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465898/; classtype:trojan-activity;sid:84328998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sotax_at_xtend_user_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465885/; classtype:trojan-activity;sid:84328985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465886)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/wovivesapo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465886/; classtype:trojan-activity;sid:84328986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465888)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sample_consent_letter_from_husband_for_wife_to_travel.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465888/; classtype:trojan-activity;sid:84328988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465889)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/formulaire_renouvellement_titre_de_sejour_yvelines.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465889/; classtype:trojan-activity;sid:84328989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465891)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/98599689697.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465891/; classtype:trojan-activity;sid:84328991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465892)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/92007305293.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465892/; classtype:trojan-activity;sid:84328992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9213334f-b8c6-41b2-903d-dc8cc5791a0a/downloads/49429599069.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465881/; classtype:trojan-activity;sid:84328981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/22187922858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465882/; classtype:trojan-activity;sid:84328982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/nafexasu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465876/; classtype:trojan-activity;sid:84328976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465878)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99401481523.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465878/; classtype:trojan-activity;sid:84328978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465879)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/harry_potter_ea_camara_secreta_ilustrado.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465879/; classtype:trojan-activity;sid:84328979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/all_gujarati_magazine.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465870/; classtype:trojan-activity;sid:84328970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/nagpur_metro_phase_2_dpr.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465872/; classtype:trojan-activity;sid:84328972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/99406712648.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465873/; classtype:trojan-activity;sid:84328973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465874)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96d7062c-715f-4c9e-82c2-ac322bf04d1a/downloads/fawafep.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465874/; classtype:trojan-activity;sid:84328974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465865)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/renamotoxuxesike.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465865/; classtype:trojan-activity;sid:84328965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/wixutazavadupiruzani.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465866/; classtype:trojan-activity;sid:84328966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/vixodamev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465864/; classtype:trojan-activity;sid:84328964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pulse_secure_network_error_1329.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465852/; classtype:trojan-activity;sid:84328952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/cibse_psychrometric_chart.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465853/; classtype:trojan-activity;sid:84328953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465857)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/citrix_adc_vpx_datasheet.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465857/; classtype:trojan-activity;sid:84328957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cac64821-2205-4248-abd9-55e775312c94/downloads/rosigamosusen.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465847/; classtype:trojan-activity;sid:84328947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/fosofiboma.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465848/; classtype:trojan-activity;sid:84328948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465850)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/600b6853-9b14-40c4-b9d1-c0a10f9ad1eb/downloads/mathematics_core_topics_sl.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465850/; classtype:trojan-activity;sid:84328950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6e0acf5f-e652-447e-8a3a-90dcb81c48ee/downloads/loan_cancellation_letter.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465843/; classtype:trojan-activity;sid:84328943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465844)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/workplace_printable_hurt_feelings_report.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465844/; classtype:trojan-activity;sid:84328944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465845/; classtype:trojan-activity;sid:84328945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465835)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/one_of_us_is_lying_character_quotes.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465835/; classtype:trojan-activity;sid:84328935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/jewuzikilodejosowar.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465839/; classtype:trojan-activity;sid:84328939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465825)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72fc6eb8-20de-4439-bced-6bfc7eecaa8e/downloads/bogev.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465825/; classtype:trojan-activity;sid:84328925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465826)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58b13a51-176b-4b7e-ab1e-a0c84e7a5487/downloads/currency_market_mechanics_bmc_answers.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465826/; classtype:trojan-activity;sid:84328926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tifunakarexefeguwitoda.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465828/; classtype:trojan-activity;sid:84328928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c1bf3ae2-f6cc-4078-b639-2ff1ca0b62be/downloads/1172286111.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465831/; classtype:trojan-activity;sid:84328931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/euchre_score_sheets_for_16_players.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465832/; classtype:trojan-activity;sid:84328932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465820)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dungeon_crawl_classics.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465820/; classtype:trojan-activity;sid:84328920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465804)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/69904656893.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465804/; classtype:trojan-activity;sid:84328904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465806)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/emmaus_walk_letters_of_encouragement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465806/; classtype:trojan-activity;sid:84328906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465809)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fc635392-61de-40bc-86f0-c9844fcf30fd/downloads/gramatica_portugues_brasil.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465809/; classtype:trojan-activity;sid:84328909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465811)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20231202090504if_/https://img1.wsimg.com/blobby/go/26fc9bcf-ab3e-485a-9229-f4b5ff23d9d8/downloads/55556666332.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465811/; classtype:trojan-activity;sid:84328911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/647bfca3-c5f6-48a0-9ec3-35afde17c6e3/downloads/gamokul.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465814/; classtype:trojan-activity;sid:84328914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465815)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa284320-69aa-45db-92e2-86468d4beaf0/downloads/53174458267.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465815/; classtype:trojan-activity;sid:84328915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465795)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/nike_employee_benefits.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465795/; classtype:trojan-activity;sid:84328895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/97767745983.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465798/; classtype:trojan-activity;sid:84328898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/country_of_origin_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465799/; classtype:trojan-activity;sid:84328899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/39834772333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465802/; classtype:trojan-activity;sid:84328902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rofaruzev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465790/; classtype:trojan-activity;sid:84328890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/verismo_701_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465791/; classtype:trojan-activity;sid:84328891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rodudiniruzawame.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465792/; classtype:trojan-activity;sid:84328892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465785)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3c8f7a45-f68c-4369-8f63-be6429599400/downloads/butulanimirovubeve.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465785/; classtype:trojan-activity;sid:84328885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/gisewonivikamadoliwozuv.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465786/; classtype:trojan-activity;sid:84328886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d1335ae9-6401-4997-a89d-ffce5d766eb7/downloads/44332900662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465787/; classtype:trojan-activity;sid:84328887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/nagano_keiki_km10.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465779/; classtype:trojan-activity;sid:84328879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/76488986948.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465781/; classtype:trojan-activity;sid:84328881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72445144906.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465772/; classtype:trojan-activity;sid:84328872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/wrightbus_streetlite_manual.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465773/; classtype:trojan-activity;sid:84328873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465776)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/waste_management_in_dubai.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465776/; classtype:trojan-activity;sid:84328876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/chevening_scholarship_reference_letter_sample.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465777/; classtype:trojan-activity;sid:84328877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/14409296375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465778/; classtype:trojan-activity;sid:84328878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465766)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/unit_conversion_practice_problems.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465766/; classtype:trojan-activity;sid:84328866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/11197801286.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465768/; classtype:trojan-activity;sid:84328868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465769)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/41229957036.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465769/; classtype:trojan-activity;sid:84328869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/konujidav.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465771/; classtype:trojan-activity;sid:84328871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465760)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/burijuterapudupelirebi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465760/; classtype:trojan-activity;sid:84328860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a85f54ee-11f7-4ab3-9970-dabd8f52d583/downloads/vowivovabafases.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465761/; classtype:trojan-activity;sid:84328861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/acb19439-02ad-48ae-a6e4-8c3bfce04694/downloads/32470708569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465762/; classtype:trojan-activity;sid:84328862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xikesoxabafubuwepof.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465763/; classtype:trojan-activity;sid:84328863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/2251478862.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465764/; classtype:trojan-activity;sid:84328864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465765)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9d0d7648-4006-4e9a-bf4e-cd4f5c534844/downloads/socomec_ups_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465765/; classtype:trojan-activity;sid:84328865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465757)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6098867423.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465757/; classtype:trojan-activity;sid:84328857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_write_an_introduction_letter_to_an_embassy.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465758/; classtype:trojan-activity;sid:84328858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/38265042738.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465755/; classtype:trojan-activity;sid:84328855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/183feb73-c001-4172-a9c4-8aedcbb9c085/downloads/nosasasoxanuxoxazefuz.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465747/; classtype:trojan-activity;sid:84328847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465749)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gibekewelodi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465749/; classtype:trojan-activity;sid:84328849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465752)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/16395777837.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465752/; classtype:trojan-activity;sid:84328852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/jspdf_autotable_x_position.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465753/; classtype:trojan-activity;sid:84328853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465739)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/cerere_demisie_fara_preaviz.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465739/; classtype:trojan-activity;sid:84328839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0fde6049-38a2-402e-8604-5a56fc977486/downloads/request_letter_for_construction_bond_refund.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465740/; classtype:trojan-activity;sid:84328840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/molecular_mass_of_elements_list.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465742/; classtype:trojan-activity;sid:84328842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465744)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/69278806631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465744/; classtype:trojan-activity;sid:84328844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465735)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/nonisenokedevesuxumuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465735/; classtype:trojan-activity;sid:84328835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/mesoduwegotujowokikurixo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465729/; classtype:trojan-activity;sid:84328829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_fill_up_deed_of_sale_of_motor_vehicle.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465731/; classtype:trojan-activity;sid:84328831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33d2c907-2bf6-4426-875f-30dcfdd2ea6c/downloads/takeshi_amemiya_advanced_econometrics.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465724/; classtype:trojan-activity;sid:84328824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465725)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/paxakuvenu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465725/; classtype:trojan-activity;sid:84328825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/16407212514.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465716/; classtype:trojan-activity;sid:84328816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/mewivisonixapolivifit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465717/; classtype:trojan-activity;sid:84328817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465718)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5778216d-14df-4dd7-ac4c-aefbb7c07c24/downloads/kugaduvekujewotaz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465718/; classtype:trojan-activity;sid:84328818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tafanavevimewom.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465719/; classtype:trojan-activity;sid:84328819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465722)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5add4dbc-ec7d-4010-9077-0d95eef82ba1/downloads/64293794102.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465722/; classtype:trojan-activity;sid:84328822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465723)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a7c970be-6487-407b-ae67-0318aa6bed96/downloads/19932307165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465723/; classtype:trojan-activity;sid:84328823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/19999334835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465710/; classtype:trojan-activity;sid:84328810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/921a43a6-1495-4d95-bdb1-69b79162b826/downloads/13397059696.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465711/; classtype:trojan-activity;sid:84328811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465714)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b3cb2fd2-80cf-4497-9966-46f7699e136d/downloads/kovajive.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465714/; classtype:trojan-activity;sid:84328814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465707)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/49bbfdeb-576f-4f20-b756-96ff9c705013/downloads/96422280236.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465707/; classtype:trojan-activity;sid:84328807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/imo_dangerous_goods_declaration_example.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465708/; classtype:trojan-activity;sid:84328808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465703)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/88847399269.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465703/; classtype:trojan-activity;sid:84328803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465704)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdb9e382-acbe-48dd-9722-c531572d81a1/downloads/pugalisamelifakebage.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465704/; classtype:trojan-activity;sid:84328804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/89463890604.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465697/; classtype:trojan-activity;sid:84328797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465699)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/lotumajufinunixine.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465699/; classtype:trojan-activity;sid:84328799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465701)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9951c46-77aa-4ac5-b843-be02d4be2067/downloads/50826134191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465701/; classtype:trojan-activity;sid:84328801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kasupobuwomubafujos.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465702/; classtype:trojan-activity;sid:84328802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465688)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20230531145313if_/http://img1.wsimg.com/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465688/; classtype:trojan-activity;sid:84328788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/jotepebuzixulelomizo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465691/; classtype:trojan-activity;sid:84328791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465692)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/83320615193.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465692/; classtype:trojan-activity;sid:84328792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465693)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/radix_temperature_controller_x_48_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465693/; classtype:trojan-activity;sid:84328793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/24a9af23-a9c8-45b6-80f8-335651f17510/downloads/96094090900.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465694/; classtype:trojan-activity;sid:84328794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/22a15b49-22b8-4edf-a855-4e76194b4aaf/downloads/97812412729.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465695/; classtype:trojan-activity;sid:84328795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465685)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/lizaputasu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465685/; classtype:trojan-activity;sid:84328785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/boxikijefedajexufesibul.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465679/; classtype:trojan-activity;sid:84328779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465680)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11012613986.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465680/; classtype:trojan-activity;sid:84328780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bucharest_grill_nutrition_information.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465682/; classtype:trojan-activity;sid:84328782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465683)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3844a76d-a274-4a3a-ad7f-2943a29e37b3/downloads/lezopidigusaraten.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465683/; classtype:trojan-activity;sid:84328783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465675)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/guia_para_ingresar_al_bachillerato_conamat.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465675/; classtype:trojan-activity;sid:84328775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465678)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/robaziromumeborumapix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465678/; classtype:trojan-activity;sid:84328778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/5252998215.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465671/; classtype:trojan-activity;sid:84328771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465672)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/36758652154.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465672/; classtype:trojan-activity;sid:84328772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465673)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/73577237968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465673/; classtype:trojan-activity;sid:84328773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465657)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/louison_et_monsieur_moliere_resume.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465657/; classtype:trojan-activity;sid:84328757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465660)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a03fd264-622c-49da-819e-92c49cdd5e2b/downloads/xovifubakuforij.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465660/; classtype:trojan-activity;sid:84328760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rupesiduvunimekesozo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465663/; classtype:trojan-activity;sid:84328763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/special_forces_knife_techniques.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465664/; classtype:trojan-activity;sid:84328764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465665)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/90645579432.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465665/; classtype:trojan-activity;sid:84328765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/6130931006.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465666/; classtype:trojan-activity;sid:84328766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/camp_green_lake.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465667/; classtype:trojan-activity;sid:84328767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465668)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/478a916a-56a8-445d-9eb0-b1a280ba537b/downloads/27628335796.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465668/; classtype:trojan-activity;sid:84328768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465655)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/eating_questionnaire-_a_ede-a_scoring.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465655/; classtype:trojan-activity;sid:84328755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465647)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/jorejujavupu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465647/; classtype:trojan-activity;sid:84328747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41fa09f3-79bd-43c0-909a-d1a20c3cb7f6/downloads/attestation_sur_l_honneur_de_non_ressources.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465648/; classtype:trojan-activity;sid:84328748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465649)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb7f2f0c-e896-4e47-abeb-a05a47b6dcff/downloads/37569138292.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465649/; classtype:trojan-activity;sid:84328749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465630)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/98482064700.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465630/; classtype:trojan-activity;sid:84328730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465631)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/83364999300.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465631/; classtype:trojan-activity;sid:84328731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/records_of_declaration_disbursements_division.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465632/; classtype:trojan-activity;sid:84328732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6084bd9-50ce-4d5f-82c5-bb685cd57a0d/downloads/mdsap_audit_checklist.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465633/; classtype:trojan-activity;sid:84328733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/jaziz.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465635/; classtype:trojan-activity;sid:84328735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465636)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a74441e7-424c-4454-9bc5-28c3682f6c16/downloads/jupifevaperoziput.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465636/; classtype:trojan-activity;sid:84328736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465637)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f778edfd-e481-47d7-9553-9364d433dcaf/downloads/morningstar_andex_chart_2022.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465637/; classtype:trojan-activity;sid:84328737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465638)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cabcb3ce-a861-487f-a172-56f4b47cbc63/downloads/nilefovidigutozezosanuz.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465638/; classtype:trojan-activity;sid:84328738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/39892598323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465640/; classtype:trojan-activity;sid:84328740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00810c7d-a901-42bd-b2e3-20945a4ad8cb/downloads/wimorawezabizu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465641/; classtype:trojan-activity;sid:84328741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/viduwe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465642/; classtype:trojan-activity;sid:84328742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465643)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a1b48068-f219-4487-b633-0ea4f25dfa5f/downloads/57025089155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465643/; classtype:trojan-activity;sid:84328743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00490ec0-0f24-4e25-91e3-8e5bedec5e60/downloads/woxudinawonetunogidubi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465625/; classtype:trojan-activity;sid:84328725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/16984198490.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465626/; classtype:trojan-activity;sid:84328726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33bb6cfc-294d-4317-8afb-5d34ed60ffe6/downloads/20222176664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465622/; classtype:trojan-activity;sid:84328722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465618)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/72454635563.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465618/; classtype:trojan-activity;sid:84328718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465621)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pisaxafubavofi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465621/; classtype:trojan-activity;sid:84328721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/catastrophic_disaster_area_property_inspection_report.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465613/; classtype:trojan-activity;sid:84328713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465615)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/citadel_document_solutions_lawsuit.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465615/; classtype:trojan-activity;sid:84328715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fumaxogufav.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465607/; classtype:trojan-activity;sid:84328707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kigepobesewizijipakusafal.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465610/; classtype:trojan-activity;sid:84328710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tabuas_sumerias_traduzidas.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465600/; classtype:trojan-activity;sid:84328700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/17054728623.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465603/; classtype:trojan-activity;sid:84328703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/678cd2ef-32fa-4621-9c35-e4f34096b4ea/downloads/airbus_cml.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465604/; classtype:trojan-activity;sid:84328704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/3730146334.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465605/; classtype:trojan-activity;sid:84328705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36770579775.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465606/; classtype:trojan-activity;sid:84328706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/luxodebapiruwuneragomugef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465594/; classtype:trojan-activity;sid:84328694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/87554570559.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465598/; classtype:trojan-activity;sid:84328698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465599)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fff11fc4-91ee-4c26-ab94-6b71630d2bb1/downloads/resignation_letter_sample_for_bpo_company.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465599/; classtype:trojan-activity;sid:84328699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465586)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/84675915071.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465586/; classtype:trojan-activity;sid:84328686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465588)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17a8127f-1a20-4f1c-a234-ba1b1a8873f5/downloads/90572854820.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465588/; classtype:trojan-activity;sid:84328688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465589)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/78534035283.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465589/; classtype:trojan-activity;sid:84328689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465590)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wudofe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465590/; classtype:trojan-activity;sid:84328690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465592)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/glassman_high_voltage_series_eq_manual.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465592/; classtype:trojan-activity;sid:84328692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/57653563602.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465593/; classtype:trojan-activity;sid:84328693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/343166b6-b38d-45a3-a768-806295759a1d/downloads/vatemunubiserotogurozem.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465585/; classtype:trojan-activity;sid:84328685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465582)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/simamutozudolejezeze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465582/; classtype:trojan-activity;sid:84328682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a8a7b266-73df-492a-af50-f7d9f90e0e6d/downloads/salesforce_community_developer_guide.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465583/; classtype:trojan-activity;sid:84328683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/zepojekowokevi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465572/; classtype:trojan-activity;sid:84328672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465573)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2cd8ef37-3f02-4d83-b132-5400b0b21173/downloads/can_sins_be_forgiven_in_hinduism.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465573/; classtype:trojan-activity;sid:84328673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465574)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9390f2de-e8f5-48e5-8f1b-3aa5affb2913/downloads/ra_to_surface_finish.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465574/; classtype:trojan-activity;sid:84328674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465577)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/holman_enterprises_annual_report.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465577/; classtype:trojan-activity;sid:84328677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7913e2d4-0776-44f0-af91-53eb35e22f50/downloads/broken_sous_ta_peau_2_ekladata.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465552/; classtype:trojan-activity;sid:84328652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/lujipipatemajipurozurile.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465553/; classtype:trojan-activity;sid:84328653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465554)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/sottoindicato_o_sotto_indicato_treccani.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465554/; classtype:trojan-activity;sid:84328654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465555)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62fde782-5483-4905-a6da-12e04ab1250b/downloads/38559734752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465555/; classtype:trojan-activity;sid:84328655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dfa50dfd-b675-4866-b542-d79684ac1045/downloads/28769720040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465556/; classtype:trojan-activity;sid:84328656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adfd48e6-08dc-41dd-a2a1-45489e329c75/downloads/attestation_de_non_affiliation_cnas.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465558/; classtype:trojan-activity;sid:84328658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465560)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/how_to_factory_reset_verifone_mx915.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465560/; classtype:trojan-activity;sid:84328660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/frm_part_2_schweser_quicksheet.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465561/; classtype:trojan-activity;sid:84328661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/incucyte_s3_user_guide.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465562/; classtype:trojan-activity;sid:84328662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/lean_visual_management_board_examples.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465563/; classtype:trojan-activity;sid:84328663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/1567746722.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465564/; classtype:trojan-activity;sid:84328664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/xujudodavudejeb.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465565/; classtype:trojan-activity;sid:84328665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/situation_denonciation_coupe_ou_ancre_exercices_corriges.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465566/; classtype:trojan-activity;sid:84328666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wikuzidip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465567/; classtype:trojan-activity;sid:84328667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/87185669225.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465568/; classtype:trojan-activity;sid:84328668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/likibixeve.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465569/; classtype:trojan-activity;sid:84328669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465570)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/exsilentia_4._0_user_guide.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465570/; classtype:trojan-activity;sid:84328670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/586b3ef6-c9db-4d1a-a9eb-303f942e21fa/downloads/55359157176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465571/; classtype:trojan-activity;sid:84328671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465210)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kjjvh1muhjrkrzbajjlzjfawyi0zvxc1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465210/; classtype:trojan-activity;sid:84328310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464706)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wupiao.3987.com.rar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"forspeed.onlinedown.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464706/; classtype:trojan-activity;sid:84327806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.52.36.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463546/; classtype:trojan-activity;sid:84326646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463509)"; flow:established,from_client; content:"GET"; http_method; content:"/up/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blessdayservices.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463509/; classtype:trojan-activity;sid:84326609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463480)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"admin.gestroom.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463480/; classtype:trojan-activity;sid:84326580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463481)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"test.peperoncinochepassione.it"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463481/; classtype:trojan-activity;sid:84326581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463482)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"first-security-verden.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463482/; classtype:trojan-activity;sid:84326582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463470)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.first-security-verden.de"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463470/; classtype:trojan-activity;sid:84326570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463472)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"zamilgroups.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463472/; classtype:trojan-activity;sid:84326572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463459)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.website.mypetapp.co.za"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463459/; classtype:trojan-activity;sid:84326559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463446)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.bratusferramentas.grupomoltz.com.br"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463446/; classtype:trojan-activity;sid:84326546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463437)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"website.mypetapp.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463437/; classtype:trojan-activity;sid:84326537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bmdcompany.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463426/; classtype:trojan-activity;sid:84326526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463430)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.zamilgroups.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463430/; classtype:trojan-activity;sid:84326530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463422)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.test.peperoncinochepassione.it"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463422/; classtype:trojan-activity;sid:84326522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463367)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.146.62.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463367/; classtype:trojan-activity;sid:84326467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463364)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.146.62.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463364/; classtype:trojan-activity;sid:84326464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64n32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462395/; classtype:trojan-activity;sid:84325495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce500mc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462396/; classtype:trojan-activity;sid:84325496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc440fp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462398/; classtype:trojan-activity;sid:84325498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arclehs38"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462402/; classtype:trojan-activity;sid:84325502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv32"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462404/; classtype:trojan-activity;sid:84325504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64power8"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462405/; classtype:trojan-activity;sid:84325505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64lepower8"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462406/; classtype:trojan-activity;sid:84325506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462407/; classtype:trojan-activity;sid:84325507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462408/; classtype:trojan-activity;sid:84325508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462409/; classtype:trojan-activity;sid:84325509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462410/; classtype:trojan-activity;sid:84325510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462411)"; flow:established,from_client; content:"GET"; http_method; content:"/dl1001"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462411/; classtype:trojan-activity;sid:84325511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462412/; classtype:trojan-activity;sid:84325512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462414/; classtype:trojan-activity;sid:84325514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64be"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462416/; classtype:trojan-activity;sid:84325516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64len32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462417/; classtype:trojan-activity;sid:84325517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462418/; classtype:trojan-activity;sid:84325518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462419/; classtype:trojan-activity;sid:84325519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461771)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461771/; classtype:trojan-activity;sid:84324871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461769)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461769/; classtype:trojan-activity;sid:84324869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461770)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461770/; classtype:trojan-activity;sid:84324870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461768)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461768/; classtype:trojan-activity;sid:84324868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461767)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461767/; classtype:trojan-activity;sid:84324867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461763)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461763/; classtype:trojan-activity;sid:84324863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461663)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/zip/refs/heads/master"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461663/; classtype:trojan-activity;sid:84324763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461661)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/archive/refs/heads/master.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461661/; classtype:trojan-activity;sid:84324761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461597)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461597/; classtype:trojan-activity;sid:84324697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461595)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461595/; classtype:trojan-activity;sid:84324695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461596)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461596/; classtype:trojan-activity;sid:84324696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461591)"; flow:established,from_client; content:"GET"; http_method; content:"/x/pty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461591/; classtype:trojan-activity;sid:84324691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461592)"; flow:established,from_client; content:"GET"; http_method; content:"/x/1sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461592/; classtype:trojan-activity;sid:84324692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3461342/; classtype:trojan-activity;sid:84324442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460000)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uxmu02r04iaslsrsh9quahzfsvq3tozm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460000/; classtype:trojan-activity;sid:84323100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459513)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"8.217.202.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459513/; classtype:trojan-activity;sid:84322613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451985)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/a147182cc7fab317ca1d96d380f536cb/skidmore1987.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451985/; classtype:trojan-activity;sid:84315085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.132.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_24; reference:url, urlhaus.abuse.ch/url/3451116/; classtype:trojan-activity;sid:84314216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450176)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/putty.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"book.rollingvideogames.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450176/; classtype:trojan-activity;sid:84313276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450147)"; flow:established,from_client; content:"GET"; http_method; content:"/loveryajenja/lwafmwoafmw11/raw/refs/heads/main/install.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450147/; classtype:trojan-activity;sid:84313247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449986/; classtype:trojan-activity;sid:84313086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449955)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.162.206.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449955/; classtype:trojan-activity;sid:84313055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448167)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/a4a27c4e516fb1d80cd91f413c7599f3/soravit2012.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448167/; classtype:trojan-activity;sid:84311267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64le"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447679/; classtype:trojan-activity;sid:84310779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64_be"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447671/; classtype:trojan-activity;sid:84310771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447673/; classtype:trojan-activity;sid:84310773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mipsle"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447674/; classtype:trojan-activity;sid:84310774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.x64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447677/; classtype:trojan-activity;sid:84310777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447466)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/36b18f37163aaa04654bd21e98d1b842/raw/dca82ba88fae8788a48ffb529f9610a0cc209781/x"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447466/; classtype:trojan-activity;sid:84310566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447458)"; flow:established,from_client; content:"GET"; http_method; content:"/sena1.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447458/; classtype:trojan-activity;sid:84310558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447456)"; flow:established,from_client; content:"GET"; http_method; content:"/manga1.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447456/; classtype:trojan-activity;sid:84310556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447457)"; flow:established,from_client; content:"GET"; http_method; content:"/colheita1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447457/; classtype:trojan-activity;sid:84310557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446661)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446661/; classtype:trojan-activity;sid:84309761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446653)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446653/; classtype:trojan-activity;sid:84309753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446649)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446649/; classtype:trojan-activity;sid:84309749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446449)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.206.188.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446449/; classtype:trojan-activity;sid:84309549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.44.75.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446416/; classtype:trojan-activity;sid:84309516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445854)"; flow:established,from_client; content:"GET"; http_method; content:"/coracion1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vaamsmgfreocmroe-1342087530.cos.sa-saopaulo.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3445854/; classtype:trojan-activity;sid:84308954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445431)"; flow:established,from_client; content:"GET"; http_method; content:"/data/df4a3196-accc-423a-a43b-6768f1aafd3e.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445431/; classtype:trojan-activity;sid:84308531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445438)"; flow:established,from_client; content:"GET"; http_method; content:"/data/f6416fd0-71f3-45de-8c79-3d0e7281f124.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445438/; classtype:trojan-activity;sid:84308538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445423)"; flow:established,from_client; content:"GET"; http_method; content:"/documento.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"detail-booking.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445423/; classtype:trojan-activity;sid:84308523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444509)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444509/; classtype:trojan-activity;sid:84307609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444510)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444510/; classtype:trojan-activity;sid:84307610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444511)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444511/; classtype:trojan-activity;sid:84307611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444512)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444512/; classtype:trojan-activity;sid:84307612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444513)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444513/; classtype:trojan-activity;sid:84307613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444515)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444515/; classtype:trojan-activity;sid:84307615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444516)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444516/; classtype:trojan-activity;sid:84307616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444518)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444518/; classtype:trojan-activity;sid:84307618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444508)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444508/; classtype:trojan-activity;sid:84307608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444506)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444506/; classtype:trojan-activity;sid:84307606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444507)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/refs/heads/main/d.msi"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444507/; classtype:trojan-activity;sid:84307607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444326)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444326/; classtype:trojan-activity;sid:84307426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444279)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.206.188.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444279/; classtype:trojan-activity;sid:84307379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444267)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/d.msi"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444267/; classtype:trojan-activity;sid:84307367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443831)"; flow:established,from_client; content:"GET"; http_method; content:"/okfgjrg5d8gt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443831/; classtype:trojan-activity;sid:84306931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443410)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/down.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443410/; classtype:trojan-activity;sid:84306510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443408)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/tasloginbase.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443408/; classtype:trojan-activity;sid:84306508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443355/; classtype:trojan-activity;sid:84306455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443354/; classtype:trojan-activity;sid:84306454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99-118-215-24.lightspeed.irvnca.sbcglobal.net"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443353/; classtype:trojan-activity;sid:84306453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443350)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"host-95-230-215-65.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443350/; classtype:trojan-activity;sid:84306450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443193)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.250.238.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443193/; classtype:trojan-activity;sid:84306293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442712)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabalmain.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442712/; classtype:trojan-activity;sid:84305812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442703)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/update.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442703/; classtype:trojan-activity;sid:84305803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442701)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabal.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442701/; classtype:trojan-activity;sid:84305801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442616)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabalmain.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442616/; classtype:trojan-activity;sid:84305716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442259)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"123.56.43.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442259/; classtype:trojan-activity;sid:84305359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442232)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442232/; classtype:trojan-activity;sid:84305332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442233)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442233/; classtype:trojan-activity;sid:84305333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442198)"; flow:established,from_client; content:"GET"; http_method; content:"/xxxx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442198/; classtype:trojan-activity;sid:84305298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442196)"; flow:established,from_client; content:"GET"; http_method; content:"/ffff"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442196/; classtype:trojan-activity;sid:84305296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442091)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/c8ab945ac1a0ab1d3c22616f6babff1a/sorahan1984.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442091/; classtype:trojan-activity;sid:84305191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.122.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441890/; classtype:trojan-activity;sid:84304990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.194.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441869/; classtype:trojan-activity;sid:84304969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441864/; classtype:trojan-activity;sid:84304964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441724)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabal.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441724/; classtype:trojan-activity;sid:84304824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.140.113.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439965/; classtype:trojan-activity;sid:84303065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439088)"; flow:established,from_client; content:"GET"; http_method; content:"/6107/8404c3d00d8aee946bdf1c140c904799/sorandaru2016.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439088/; classtype:trojan-activity;sid:84302188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438594)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438594/; classtype:trojan-activity;sid:84301694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.208.104.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438570/; classtype:trojan-activity;sid:84301670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.44.174.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437561/; classtype:trojan-activity;sid:84300661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437118)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/pure_adonis"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437118/; classtype:trojan-activity;sid:84300218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437119)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/pure_jnd"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437119/; classtype:trojan-activity;sid:84300219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437116)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/all_adonis"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437116/; classtype:trojan-activity;sid:84300216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437117)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437117/; classtype:trojan-activity;sid:84300217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437115)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437115/; classtype:trojan-activity;sid:84300215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437114)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/jnd_all"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437114/; classtype:trojan-activity;sid:84300214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435167)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/refs/heads/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435167/; classtype:trojan-activity;sid:84298267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435170)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435170/; classtype:trojan-activity;sid:84298270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435143)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"101.32.40.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435143/; classtype:trojan-activity;sid:84298243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435084/; classtype:trojan-activity;sid:84298184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.141.244.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435087/; classtype:trojan-activity;sid:84298187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.101.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433345/; classtype:trojan-activity;sid:84296445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432311)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432311/; classtype:trojan-activity;sid:84295411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432127/; classtype:trojan-activity;sid:84295227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431851)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431851/; classtype:trojan-activity;sid:84294951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431850)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431850/; classtype:trojan-activity;sid:84294950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431687)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431687/; classtype:trojan-activity;sid:84294787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431686)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431686/; classtype:trojan-activity;sid:84294786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431452)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.201.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431452/; classtype:trojan-activity;sid:84294552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431386)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.236.175.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431386/; classtype:trojan-activity;sid:84294486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.94.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431377/; classtype:trojan-activity;sid:84294477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431378/; classtype:trojan-activity;sid:84294478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431249)"; flow:established,from_client; content:"GET"; http_method; content:"/14f84bb67680c89d.js"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"secure.sexducks.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431249/; classtype:trojan-activity;sid:84294349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.54.47.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430225/; classtype:trojan-activity;sid:84293325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429885)"; flow:established,from_client; content:"GET"; http_method; content:"/1/test.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ofice365.github.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429885/; classtype:trojan-activity;sid:84292985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429793)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d2314eac.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429793/; classtype:trojan-activity;sid:84292893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429404)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429404/; classtype:trojan-activity;sid:84292504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429406)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429406/; classtype:trojan-activity;sid:84292506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429402)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429402/; classtype:trojan-activity;sid:84292502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429403)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429403/; classtype:trojan-activity;sid:84292503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429398)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429398/; classtype:trojan-activity;sid:84292498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429399)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429399/; classtype:trojan-activity;sid:84292499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429390)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/empsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429390/; classtype:trojan-activity;sid:84292490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429392)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429392/; classtype:trojan-activity;sid:84292492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429397)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429397/; classtype:trojan-activity;sid:84292497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429388)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429388/; classtype:trojan-activity;sid:84292488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.100.115.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425847/; classtype:trojan-activity;sid:84288947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.41.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423102/; classtype:trojan-activity;sid:84286202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.19.149.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423092/; classtype:trojan-activity;sid:84286192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421183)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/xsh.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421183/; classtype:trojan-activity;sid:84284283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421027)"; flow:established,from_client; content:"GET"; http_method; content:"/sigmaplus/4.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421027/; classtype:trojan-activity;sid:84284127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421026)"; flow:established,from_client; content:"GET"; http_method; content:"/tylermt99/zzzaaa/refs/heads/main/built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421026/; classtype:trojan-activity;sid:84284126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421014)"; flow:established,from_client; content:"GET"; http_method; content:"/assignment.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421014/; classtype:trojan-activity;sid:84284114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421020)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/emmetprod.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.147.43.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421020/; classtype:trojan-activity;sid:84284120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419575)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419575/; classtype:trojan-activity;sid:84282675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419559)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419559/; classtype:trojan-activity;sid:84282659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419560)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419560/; classtype:trojan-activity;sid:84282660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419566)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419566/; classtype:trojan-activity;sid:84282666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419494)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419494/; classtype:trojan-activity;sid:84282594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419485)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419485/; classtype:trojan-activity;sid:84282585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419487)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419487/; classtype:trojan-activity;sid:84282587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419474)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419474/; classtype:trojan-activity;sid:84282574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419477)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419477/; classtype:trojan-activity;sid:84282577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419464)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419464/; classtype:trojan-activity;sid:84282564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419368)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419368/; classtype:trojan-activity;sid:84282468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418042)"; flow:established,from_client; content:"GET"; http_method; content:"/cab/launcherloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.newkey.co.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418042/; classtype:trojan-activity;sid:84281142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417826)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.250.173.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417826/; classtype:trojan-activity;sid:84280926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417095)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t9mwfr1azhmksosp19tomch5dyi3hb2n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417095/; classtype:trojan-activity;sid:84280195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417085)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417085/; classtype:trojan-activity;sid:84280185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416671/; classtype:trojan-activity;sid:84279771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416672/; classtype:trojan-activity;sid:84279772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416673/; classtype:trojan-activity;sid:84279773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.31.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416676/; classtype:trojan-activity;sid:84279776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415308/; classtype:trojan-activity;sid:84278408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415209)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415209/; classtype:trojan-activity;sid:84278309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415207)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat4.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415207/; classtype:trojan-activity;sid:84278307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415206)"; flow:established,from_client; content:"GET"; http_method; content:"/gmex.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415206/; classtype:trojan-activity;sid:84278306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414047/; classtype:trojan-activity;sid:84277147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.206.216.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412918/; classtype:trojan-activity;sid:84276018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.166.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411900/; classtype:trojan-activity;sid:84275000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.39.139.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411863/; classtype:trojan-activity;sid:84274963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410868)"; flow:established,from_client; content:"GET"; http_method; content:"/helps/helphelp1207/helps.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"tests.yjzj.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410868/; classtype:trojan-activity;sid:84273968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410864)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/blob/master/access.exe|3f|raw=true"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410864/; classtype:trojan-activity;sid:84273964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410865)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/raw/refs/heads/master/access.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410865/; classtype:trojan-activity;sid:84273965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410718)"; flow:established,from_client; content:"GET"; http_method; content:"/cos"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ah-scanning.oss-cn-hongkong.aliyuncs.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410718/; classtype:trojan-activity;sid:84273818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410375/; classtype:trojan-activity;sid:84273475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409838)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/refs/heads/master/access.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409838/; classtype:trojan-activity;sid:84272938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.196.45.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407395/; classtype:trojan-activity;sid:84270495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.167.209.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407374/; classtype:trojan-activity;sid:84270474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406818)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%a7%ac%ec%9b%a8%ec%96%b4.hta"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406818/; classtype:trojan-activity;sid:84269918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406822)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%b9%8c%ec%96%b4%20%eb%a8%b9%ec%9d%84.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406822/; classtype:trojan-activity;sid:84269922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406468)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/30343922aca0fb8e53340406c2d9339d/sora2012.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406468/; classtype:trojan-activity;sid:84269568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405423)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.141.166.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_19; reference:url, urlhaus.abuse.ch/url/3405423/; classtype:trojan-activity;sid:84268523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405341)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"14.29.160.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405341/; classtype:trojan-activity;sid:84268441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405320)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405320/; classtype:trojan-activity;sid:84268420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405329)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.54.96.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405329/; classtype:trojan-activity;sid:84268429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405319)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405319/; classtype:trojan-activity;sid:84268419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405187)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405187/; classtype:trojan-activity;sid:84268287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405172)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.24.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405172/; classtype:trojan-activity;sid:84268272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405120)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.20.19.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405120/; classtype:trojan-activity;sid:84268220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403380)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/refs/heads/main/payload.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403380/; classtype:trojan-activity;sid:84266480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402741)"; flow:established,from_client; content:"GET"; http_method; content:"/adobepdf-reader/pdf-reader/raw/refs/heads/main/pdf%20reader.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402741/; classtype:trojan-activity;sid:84265841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402177)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.90.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402177/; classtype:trojan-activity;sid:84265277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.6.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402154/; classtype:trojan-activity;sid:84265254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.70.156.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402149/; classtype:trojan-activity;sid:84265249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401644)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/wpr-addons/forms/code1.png"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"107.180.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401644/; classtype:trojan-activity;sid:84264744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399425)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.5.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399425/; classtype:trojan-activity;sid:84262525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.178.100.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399396/; classtype:trojan-activity;sid:84262496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398629)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/1.sh"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398629/; classtype:trojan-activity;sid:84261729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.18.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397528/; classtype:trojan-activity;sid:84260628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.11.121.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397523/; classtype:trojan-activity;sid:84260623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396427/; classtype:trojan-activity;sid:84259527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396413/; classtype:trojan-activity;sid:84259513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395055)"; flow:established,from_client; content:"GET"; http_method; content:"/arvendrachhonkar/todo/releases/download/macosandwindows/install_setup_v1.2.0.dmg"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395055/; classtype:trojan-activity;sid:84258155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394507)"; flow:established,from_client; content:"GET"; http_method; content:"/trismagi/daemon/raw/main/watchdog"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394507/; classtype:trojan-activity;sid:84257607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394121/; classtype:trojan-activity;sid:84257221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394115)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394115/; classtype:trojan-activity;sid:84257215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393662)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/ud/refs/heads/main/ud.bat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393662/; classtype:trojan-activity;sid:84256762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393596)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393596/; classtype:trojan-activity;sid:84256696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393047)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393047/; classtype:trojan-activity;sid:84256147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393048)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393048/; classtype:trojan-activity;sid:84256148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.240.163.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393007/; classtype:trojan-activity;sid:84256107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.40.185.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393010/; classtype:trojan-activity;sid:84256110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392686)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher/upload/test.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"test.aionclassic.pro"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392686/; classtype:trojan-activity;sid:84255786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391678/; classtype:trojan-activity;sid:84254778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391455)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391455/; classtype:trojan-activity;sid:84254555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391429)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391429/; classtype:trojan-activity;sid:84254529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389403)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/raw/main/ctc64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389403/; classtype:trojan-activity;sid:84252503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389404)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/main/ctc64.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389404/; classtype:trojan-activity;sid:84252504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389259)"; flow:established,from_client; content:"GET"; http_method; content:"/test/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389259/; classtype:trojan-activity;sid:84252359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389237)"; flow:established,from_client; content:"GET"; http_method; content:"/test/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389237/; classtype:trojan-activity;sid:84252337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389239)"; flow:established,from_client; content:"GET"; http_method; content:"/test/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389239/; classtype:trojan-activity;sid:84252339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389229)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/fwutlkid.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389229/; classtype:trojan-activity;sid:84252329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389228)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/gch3x3lk.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389228/; classtype:trojan-activity;sid:84252328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389227)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/9nkwk7nh.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389227/; classtype:trojan-activity;sid:84252327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389226)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/wl3gtvgq.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389226/; classtype:trojan-activity;sid:84252326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389225)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/ujp4jdmy.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389225/; classtype:trojan-activity;sid:84252325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389224)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8rh4s7pl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389224/; classtype:trojan-activity;sid:84252324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389222)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/jdym53nl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389222/; classtype:trojan-activity;sid:84252322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389221)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/e9ffa5da.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389221/; classtype:trojan-activity;sid:84252321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389220)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8zg9faz4.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389220/; classtype:trojan-activity;sid:84252320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389218)"; flow:established,from_client; content:"GET"; http_method; content:"/free"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389218/; classtype:trojan-activity;sid:84252318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389142)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.181.70.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389142/; classtype:trojan-activity;sid:84252242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388878/; classtype:trojan-activity;sid:84251978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.174"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388874/; classtype:trojan-activity;sid:84251974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388858)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/solara.dir.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388858/; classtype:trojan-activity;sid:84251958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388859)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388859/; classtype:trojan-activity;sid:84251959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387830)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.140.239.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387830/; classtype:trojan-activity;sid:84250930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.220.229.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387777/; classtype:trojan-activity;sid:84250877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387720)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387720/; classtype:trojan-activity;sid:84250820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387708)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387708/; classtype:trojan-activity;sid:84250808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387702)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387702/; classtype:trojan-activity;sid:84250802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387697)"; flow:established,from_client; content:"GET"; http_method; content:"/intput.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"101.201.227.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387697/; classtype:trojan-activity;sid:84250797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386798)"; flow:established,from_client; content:"GET"; http_method; content:"/proceedings-article/55a07147594fae1312e55be4d77971e1/skidmore2008.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3386798/; classtype:trojan-activity;sid:84249898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386507)"; flow:established,from_client; content:"GET"; http_method; content:"/file-32bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386507/; classtype:trojan-activity;sid:84249607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386508)"; flow:established,from_client; content:"GET"; http_method; content:"/file.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386508/; classtype:trojan-activity;sid:84249608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386509)"; flow:established,from_client; content:"GET"; http_method; content:"/file-arm.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386509/; classtype:trojan-activity;sid:84249609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386510)"; flow:established,from_client; content:"GET"; http_method; content:"/file-64bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386510/; classtype:trojan-activity;sid:84249610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386210)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost-opbr/test/refs/heads/main/adobepdfreader.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386210/; classtype:trojan-activity;sid:84249310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385583/; classtype:trojan-activity;sid:84248683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385579/; classtype:trojan-activity;sid:84248679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385331)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"m-global.hksty.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385331/; classtype:trojan-activity;sid:84248431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385167)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/ultravnc.ini"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385167/; classtype:trojan-activity;sid:84248267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385032)"; flow:established,from_client; content:"GET"; http_method; content:"/5fr5gthkjdg71"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385032/; classtype:trojan-activity;sid:84248132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384038)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/refs/heads/main/diskutil.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384038/; classtype:trojan-activity;sid:84247138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384025)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384025/; classtype:trojan-activity;sid:84247125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380950/; classtype:trojan-activity;sid:84244050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380949/; classtype:trojan-activity;sid:84244049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380924/; classtype:trojan-activity;sid:84244024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378993/; classtype:trojan-activity;sid:84242093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378991/; classtype:trojan-activity;sid:84242091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378977/; classtype:trojan-activity;sid:84242077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378964/; classtype:trojan-activity;sid:84242064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.114.218.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378965/; classtype:trojan-activity;sid:84242065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.108.227.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378966/; classtype:trojan-activity;sid:84242066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.142.63.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378974/; classtype:trojan-activity;sid:84242074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378954/; classtype:trojan-activity;sid:84242054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378016)"; flow:established,from_client; content:"GET"; http_method; content:"/fdiuioijofgrg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378016/; classtype:trojan-activity;sid:84241116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377988)"; flow:established,from_client; content:"GET"; http_method; content:"/nvcommander2/allgens/refs/heads/main/msgde.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377988/; classtype:trojan-activity;sid:84241088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377969)"; flow:established,from_client; content:"GET"; http_method; content:"/win/checking.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"qlqd5zqefmkcr34a.onion.sh"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377969/; classtype:trojan-activity;sid:84241069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377935)"; flow:established,from_client; content:"GET"; http_method; content:"/ryycheats/ezfn-cheats-v2/refs/heads/main/ezfn%20op%20cheats.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377935/; classtype:trojan-activity;sid:84241035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373499)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373499/; classtype:trojan-activity;sid:84236599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373504)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.0.204.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373504/; classtype:trojan-activity;sid:84236604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373487/; classtype:trojan-activity;sid:84236587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373492/; classtype:trojan-activity;sid:84236592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.193.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373094/; classtype:trojan-activity;sid:84236194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373087/; classtype:trojan-activity;sid:84236187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373074/; classtype:trojan-activity;sid:84236174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.109.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373080/; classtype:trojan-activity;sid:84236180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373053/; classtype:trojan-activity;sid:84236153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.135.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373057/; classtype:trojan-activity;sid:84236157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373063/; classtype:trojan-activity;sid:84236163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373048/; classtype:trojan-activity;sid:84236148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373036/; classtype:trojan-activity;sid:84236136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373017/; classtype:trojan-activity;sid:84236117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.245.244.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373024/; classtype:trojan-activity;sid:84236124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373026/; classtype:trojan-activity;sid:84236126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373009/; classtype:trojan-activity;sid:84236109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.204.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373001/; classtype:trojan-activity;sid:84236101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.158.158.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372986/; classtype:trojan-activity;sid:84236086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.15.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372989/; classtype:trojan-activity;sid:84236089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.27.224.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372992/; classtype:trojan-activity;sid:84236092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372994/; classtype:trojan-activity;sid:84236094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372968/; classtype:trojan-activity;sid:84236068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.177.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372956/; classtype:trojan-activity;sid:84236056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.178.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372940/; classtype:trojan-activity;sid:84236040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372941/; classtype:trojan-activity;sid:84236041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372946/; classtype:trojan-activity;sid:84236046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372931/; classtype:trojan-activity;sid:84236031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.19.227.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372922/; classtype:trojan-activity;sid:84236022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372903)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.74.21.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372903/; classtype:trojan-activity;sid:84236003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372902/; classtype:trojan-activity;sid:84236002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372891)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372891/; classtype:trojan-activity;sid:84235991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372892/; classtype:trojan-activity;sid:84235992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372896/; classtype:trojan-activity;sid:84235996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372898/; classtype:trojan-activity;sid:84235998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372881)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372881/; classtype:trojan-activity;sid:84235981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372883)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372883/; classtype:trojan-activity;sid:84235983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372886/; classtype:trojan-activity;sid:84235986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372890/; classtype:trojan-activity;sid:84235990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372877)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.247.47.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372877/; classtype:trojan-activity;sid:84235977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372880)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372880/; classtype:trojan-activity;sid:84235980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372691)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.101.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372691/; classtype:trojan-activity;sid:84235791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372688)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"133.106.109.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372688/; classtype:trojan-activity;sid:84235788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372657/; classtype:trojan-activity;sid:84235757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372658)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372658/; classtype:trojan-activity;sid:84235758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372644)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.125.7.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372644/; classtype:trojan-activity;sid:84235744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372645/; classtype:trojan-activity;sid:84235745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372625/; classtype:trojan-activity;sid:84235725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.115"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372627/; classtype:trojan-activity;sid:84235727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372636)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372636/; classtype:trojan-activity;sid:84235736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372639)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372639/; classtype:trojan-activity;sid:84235739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372642/; classtype:trojan-activity;sid:84235742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.109.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372621/; classtype:trojan-activity;sid:84235721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366263/; classtype:trojan-activity;sid:84229363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.160.146.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366245/; classtype:trojan-activity;sid:84229345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.21.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356934/; classtype:trojan-activity;sid:84220034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356912)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356912/; classtype:trojan-activity;sid:84220012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356911)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/skifterne.sea"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356911/; classtype:trojan-activity;sid:84220011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356909)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.astenterprises.com.pk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356909/; classtype:trojan-activity;sid:84220009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356803)"; flow:established,from_client; content:"GET"; http_method; content:"/yn5og-40i6-9gu-9hjf.html"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bj5y6-0f-9h4-9fgg4-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356803/; classtype:trojan-activity;sid:84219903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356783)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356783/; classtype:trojan-activity;sid:84219883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356779)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356779/; classtype:trojan-activity;sid:84219879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356778)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356778/; classtype:trojan-activity;sid:84219878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356776)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/090cc5c1a5dc444dbeb0099f36f74657.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356776/; classtype:trojan-activity;sid:84219876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356775)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356775/; classtype:trojan-activity;sid:84219875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356773)"; flow:established,from_client; content:"GET"; http_method; content:"/in/1229.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356773/; classtype:trojan-activity;sid:84219873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356774)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356774/; classtype:trojan-activity;sid:84219874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356762)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356762/; classtype:trojan-activity;sid:84219862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356765)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356765/; classtype:trojan-activity;sid:84219865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356767)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356767/; classtype:trojan-activity;sid:84219867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356768)"; flow:established,from_client; content:"GET"; http_method; content:"/futon"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356768/; classtype:trojan-activity;sid:84219868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356769)"; flow:established,from_client; content:"GET"; http_method; content:"/qq%e5%8d%8e%e5%a4%8f%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6/%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e8%be%85%e5%8a%a9%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"kuakuawenjian.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356769/; classtype:trojan-activity;sid:84219869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356771)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/b0b34b3375b144c680a0456ffdd639a0.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356771/; classtype:trojan-activity;sid:84219871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356761)"; flow:established,from_client; content:"GET"; http_method; content:"/smiple_4yue"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356761/; classtype:trojan-activity;sid:84219861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356754)"; flow:established,from_client; content:"GET"; http_method; content:"/documentations09.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"constrainthome080doc-1318069902.cos.ap-chengdu.myqcloud.com"; http_host; depth:59; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356754/; classtype:trojan-activity;sid:84219854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356755)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356755/; classtype:trojan-activity;sid:84219855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356758)"; flow:established,from_client; content:"GET"; http_method; content:"/36hg-04ik6-9j4-9h5.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f3i5-0g49bgn-3h95-1324992141.cos.ap-jakarta.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356758/; classtype:trojan-activity;sid:84219858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356748)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356748/; classtype:trojan-activity;sid:84219848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356750)"; flow:established,from_client; content:"GET"; http_method; content:"/35-0350gh9v-39yh5g.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"j-0-09g-9bh-h-ggf-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356750/; classtype:trojan-activity;sid:84219850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356751)"; flow:established,from_client; content:"GET"; http_method; content:"/simple"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356751/; classtype:trojan-activity;sid:84219851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356581)"; flow:established,from_client; content:"GET"; http_method; content:"/270/audi.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bruplong.oss-accelerate.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356581/; classtype:trojan-activity;sid:84219681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356165)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/refs/heads/main/amogus.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356165/; classtype:trojan-activity;sid:84219265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356162)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/refs/heads/main/critscript.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356162/; classtype:trojan-activity;sid:84219262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356156)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/refs/heads/main/svhost.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356156/; classtype:trojan-activity;sid:84219256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356145)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/refs/heads/main/fast%20download.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356145/; classtype:trojan-activity;sid:84219245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356146)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/refs/heads/main/sentil.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356146/; classtype:trojan-activity;sid:84219246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356134)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356134/; classtype:trojan-activity;sid:84219234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356133)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/refs/heads/main/444.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356133/; classtype:trojan-activity;sid:84219233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356129)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/refs/heads/main/server1.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356129/; classtype:trojan-activity;sid:84219229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356121)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356121/; classtype:trojan-activity;sid:84219221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356118)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/refs/heads/main/powerrat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356118/; classtype:trojan-activity;sid:84219218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353957)"; flow:established,from_client; content:"GET"; http_method; content:"/rookievip/xx/main/loader.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353957/; classtype:trojan-activity;sid:84217057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353403)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/prueba.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353403/; classtype:trojan-activity;sid:84216503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353380)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/refs/heads/main/client-built.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353380/; classtype:trojan-activity;sid:84216480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353372)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/refs/heads/main/shellcode.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353372/; classtype:trojan-activity;sid:84216472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353348)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/raw/refs/heads/main/powerrat.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353348/; classtype:trojan-activity;sid:84216448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353345)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/raw/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353345/; classtype:trojan-activity;sid:84216445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353333)"; flow:established,from_client; content:"GET"; http_method; content:"/dlc_update.data"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353333/; classtype:trojan-activity;sid:84216433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353317)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/file3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353317/; classtype:trojan-activity;sid:84216417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353316)"; flow:established,from_client; content:"GET"; http_method; content:"/senju/senju_simple_vp.rar"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353316/; classtype:trojan-activity;sid:84216416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353315)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353315/; classtype:trojan-activity;sid:84216415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353310)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/simple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353310/; classtype:trojan-activity;sid:84216410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353309)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353309/; classtype:trojan-activity;sid:84216409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353307)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353307/; classtype:trojan-activity;sid:84216407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353301)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injeksimple3.mentah"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353301/; classtype:trojan-activity;sid:84216401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353296)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/file3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353296/; classtype:trojan-activity;sid:84216396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353297)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_hard_vp.rar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353297/; classtype:trojan-activity;sid:84216397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353298)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/simple3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353298/; classtype:trojan-activity;sid:84216398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353299)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353299/; classtype:trojan-activity;sid:84216399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353285)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/injek3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353285/; classtype:trojan-activity;sid:84216385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353286)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353286/; classtype:trojan-activity;sid:84216386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353287)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353287/; classtype:trojan-activity;sid:84216387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353288)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353288/; classtype:trojan-activity;sid:84216388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353289)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injek3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353289/; classtype:trojan-activity;sid:84216389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353290)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353290/; classtype:trojan-activity;sid:84216390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353291)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_simple_vp.rar"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353291/; classtype:trojan-activity;sid:84216391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353292)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/simple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353292/; classtype:trojan-activity;sid:84216392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353284)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353284/; classtype:trojan-activity;sid:84216384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353280)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353280/; classtype:trojan-activity;sid:84216380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353281)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353281/; classtype:trojan-activity;sid:84216381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353282)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injeksimple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353282/; classtype:trojan-activity;sid:84216382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353283)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353283/; classtype:trojan-activity;sid:84216383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353278)"; flow:established,from_client; content:"GET"; http_method; content:"/xnn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353278/; classtype:trojan-activity;sid:84216378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353275)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353275/; classtype:trojan-activity;sid:84216375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353271)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injeksimple3.mentah"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353271/; classtype:trojan-activity;sid:84216371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353266)"; flow:established,from_client; content:"GET"; http_method; content:"/chromedriver.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353266/; classtype:trojan-activity;sid:84216366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353265)"; flow:established,from_client; content:"GET"; http_method; content:"/libccc.zip.tar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353265/; classtype:trojan-activity;sid:84216365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353263)"; flow:established,from_client; content:"GET"; http_method; content:"/xc.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353263/; classtype:trojan-activity;sid:84216363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353262)"; flow:established,from_client; content:"GET"; http_method; content:"/vmpwn.7z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353262/; classtype:trojan-activity;sid:84216362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353261)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353261/; classtype:trojan-activity;sid:84216361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353260)"; flow:established,from_client; content:"GET"; http_method; content:"/tinynote.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353260/; classtype:trojan-activity;sid:84216360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353257)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353257/; classtype:trojan-activity;sid:84216357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353253)"; flow:established,from_client; content:"GET"; http_method; content:"/musl-dbgsym_1.2.2-1_amd64.ddeb"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353253/; classtype:trojan-activity;sid:84216353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353254)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353254/; classtype:trojan-activity;sid:84216354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353255)"; flow:established,from_client; content:"GET"; http_method; content:"/pig.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353255/; classtype:trojan-activity;sid:84216355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353256)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353256/; classtype:trojan-activity;sid:84216356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353250/; classtype:trojan-activity;sid:84216350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353251)"; flow:established,from_client; content:"GET"; http_method; content:"/master.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353251/; classtype:trojan-activity;sid:84216351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353242/; classtype:trojan-activity;sid:84216342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353243/; classtype:trojan-activity;sid:84216343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353244/; classtype:trojan-activity;sid:84216344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353246)"; flow:established,from_client; content:"GET"; http_method; content:"//google.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353246/; classtype:trojan-activity;sid:84216346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353238/; classtype:trojan-activity;sid:84216338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353234/; classtype:trojan-activity;sid:84216334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353235/; classtype:trojan-activity;sid:84216335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353227)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353227/; classtype:trojan-activity;sid:84216327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353216)"; flow:established,from_client; content:"GET"; http_method; content:"//chromesetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353216/; classtype:trojan-activity;sid:84216316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353204/; classtype:trojan-activity;sid:84216304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353206)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injek3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353206/; classtype:trojan-activity;sid:84216306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353189/; classtype:trojan-activity;sid:84216289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353190/; classtype:trojan-activity;sid:84216290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353192/; classtype:trojan-activity;sid:84216292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353178)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353178/; classtype:trojan-activity;sid:84216278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353175)"; flow:established,from_client; content:"GET"; http_method; content:"/2022%e7%bd%91%e9%bc%8e%e6%9d%af%e5%8d%8a%e5%86%b3%e8%b5%9b.7z"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353175/; classtype:trojan-activity;sid:84216275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353123)"; flow:established,from_client; content:"GET"; http_method; content:"/cqhack/ddos-script/refs/heads/master/cqhack.pl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353123/; classtype:trojan-activity;sid:84216223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352827)"; flow:established,from_client; content:"GET"; http_method; content:"/h3qq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352827/; classtype:trojan-activity;sid:84215927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352828)"; flow:established,from_client; content:"GET"; http_method; content:"/c9ul"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352828/; classtype:trojan-activity;sid:84215928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352830)"; flow:established,from_client; content:"GET"; http_method; content:"/f4nu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352830/; classtype:trojan-activity;sid:84215930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352831)"; flow:established,from_client; content:"GET"; http_method; content:"/qpc9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352831/; classtype:trojan-activity;sid:84215931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352821)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352821/; classtype:trojan-activity;sid:84215921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352586)"; flow:established,from_client; content:"GET"; http_method; content:"/comitheicon/volatus0.5/refs/heads/main/volatus0.5.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352586/; classtype:trojan-activity;sid:84215686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352459)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.244.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352459/; classtype:trojan-activity;sid:84215559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352356)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/exclude.ps1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352356/; classtype:trojan-activity;sid:84215456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352353)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/svhost.vbs"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352353/; classtype:trojan-activity;sid:84215453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352354)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/m.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352354/; classtype:trojan-activity;sid:84215454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352351)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/refs/heads/main/m.ps1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352351/; classtype:trojan-activity;sid:84215451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351932)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12jgde-soib4liipbdhs55vkz7ek8_ua6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351932/; classtype:trojan-activity;sid:84215032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351820)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351820/; classtype:trojan-activity;sid:84214920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351813)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/raw/refs/heads/main/amogus.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351813/; classtype:trojan-activity;sid:84214913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351478)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/raw/refs/heads/main/ifiinms.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351478/; classtype:trojan-activity;sid:84214578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351477)"; flow:established,from_client; content:"GET"; http_method; content:"/fsabxh/sfdawsdawdaw/raw/refs/heads/main/serials_checker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351477/; classtype:trojan-activity;sid:84214577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351462)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351462/; classtype:trojan-activity;sid:84214562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351458)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/raw/refs/heads/main/svhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351458/; classtype:trojan-activity;sid:84214558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351430)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351430/; classtype:trojan-activity;sid:84214530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351383)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351383/; classtype:trojan-activity;sid:84214483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351377)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351377/; classtype:trojan-activity;sid:84214477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351350)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/raw/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351350/; classtype:trojan-activity;sid:84214450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351320)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351320/; classtype:trojan-activity;sid:84214420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351297)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/raw/refs/heads/main/shellcode.bin"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351297/; classtype:trojan-activity;sid:84214397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351259)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/raw/refs/heads/main/shellcode.bin"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351259/; classtype:trojan-activity;sid:84214359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349063)"; flow:established,from_client; content:"GET"; http_method; content:"/dzakc3wag/raw/upload/v1734112417/uploaded_textfile"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349063/; classtype:trojan-activity;sid:84212163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348217)"; flow:established,from_client; content:"GET"; http_method; content:"/attatier/cloud/main/testexe.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348217/; classtype:trojan-activity;sid:84211317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347308)"; flow:established,from_client; content:"GET"; http_method; content:"/component/vc2005sp1redist_x86.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"windriversfiles.imeitools.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347308/; classtype:trojan-activity;sid:84210408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346530)"; flow:established,from_client; content:"GET"; http_method; content:"/whoafg/problemonfmech/refs/heads/main/client.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346530/; classtype:trojan-activity;sid:84209630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346031)"; flow:established,from_client; content:"GET"; http_method; content:"/templates1/js/mixitup.js"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"autoiwc.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346031/; classtype:trojan-activity;sid:84209131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/41a1111.hta"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346026/; classtype:trojan-activity;sid:84209126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346020)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/refs/heads/main/testingfile.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346020/; classtype:trojan-activity;sid:84209120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346000)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346000/; classtype:trojan-activity;sid:84209100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345089)"; flow:established,from_client; content:"GET"; http_method; content:"/n00b69/woasetup/releases/download/installers/dxwebsetup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345089/; classtype:trojan-activity;sid:84208189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345076)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345076/; classtype:trojan-activity;sid:84208176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345062)"; flow:established,from_client; content:"GET"; http_method; content:"/ys558pd/start.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"device.redirec.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345062/; classtype:trojan-activity;sid:84208162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344216)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344216/; classtype:trojan-activity;sid:84207316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344172)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344172/; classtype:trojan-activity;sid:84207272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344116)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344116/; classtype:trojan-activity;sid:84207216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344054)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344054/; classtype:trojan-activity;sid:84207154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343939)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343939/; classtype:trojan-activity;sid:84207039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343827)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343827/; classtype:trojan-activity;sid:84206927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343814)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343814/; classtype:trojan-activity;sid:84206914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340663)"; flow:established,from_client; content:"GET"; http_method; content:"/laz.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.230.23.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340663/; classtype:trojan-activity;sid:84203763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340611)"; flow:established,from_client; content:"GET"; http_method; content:"/kix32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.230.23.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340611/; classtype:trojan-activity;sid:84203711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340608)"; flow:established,from_client; content:"GET"; http_method; content:"/anydesk.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.230.23.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340608/; classtype:trojan-activity;sid:84203708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340606)"; flow:established,from_client; content:"GET"; http_method; content:"/advancedrun.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.230.23.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340606/; classtype:trojan-activity;sid:84203706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340600)"; flow:established,from_client; content:"GET"; http_method; content:"/6dismhost.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"195.230.23.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340600/; classtype:trojan-activity;sid:84203700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340580/; classtype:trojan-activity;sid:84203680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340573/; classtype:trojan-activity;sid:84203673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340574/; classtype:trojan-activity;sid:84203674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340575/; classtype:trojan-activity;sid:84203675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340576/; classtype:trojan-activity;sid:84203676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340440)"; flow:established,from_client; content:"GET"; http_method; content:"/dis3j/wagnerhook/releases/download/release/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340440/; classtype:trojan-activity;sid:84203540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340399)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest%20v1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340399/; classtype:trojan-activity;sid:84203499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340398)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/complexo%20v4.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340398/; classtype:trojan-activity;sid:84203498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340395)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/box3d.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340395/; classtype:trojan-activity;sid:84203495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340396)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/lkwan.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340396/; classtype:trojan-activity;sid:84203496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340397)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/flunix9.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340397/; classtype:trojan-activity;sid:84203497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340392)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/elzhas%20pannel.dll"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340392/; classtype:trojan-activity;sid:84203492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340393)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/morovip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340393/; classtype:trojan-activity;sid:84203493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340394)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/hazaxd.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340394/; classtype:trojan-activity;sid:84203494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340390)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/blue_and_white.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340390/; classtype:trojan-activity;sid:84203490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340363)"; flow:established,from_client; content:"GET"; http_method; content:"/huuuuggga/aaaaa1/refs/heads/main/srtware.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340363/; classtype:trojan-activity;sid:84203463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339252/; classtype:trojan-activity;sid:84202352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339238)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.245.244.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339238/; classtype:trojan-activity;sid:84202338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339229/; classtype:trojan-activity;sid:84202329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339230/; classtype:trojan-activity;sid:84202330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339206)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.148.48.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339206/; classtype:trojan-activity;sid:84202306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339182)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.208.104.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339182/; classtype:trojan-activity;sid:84202282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339171)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.57.125.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339171/; classtype:trojan-activity;sid:84202271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339133)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339133/; classtype:trojan-activity;sid:84202233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339114/; classtype:trojan-activity;sid:84202214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339111)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339111/; classtype:trojan-activity;sid:84202211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339106)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339106/; classtype:trojan-activity;sid:84202206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339109/; classtype:trojan-activity;sid:84202209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.103.184.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339096/; classtype:trojan-activity;sid:84202196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339099)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.233.95.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339099/; classtype:trojan-activity;sid:84202199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339082)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339082/; classtype:trojan-activity;sid:84202182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338856)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338856/; classtype:trojan-activity;sid:84201956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338712)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/game.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338712/; classtype:trojan-activity;sid:84201812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338655)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/autoupdate.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338655/; classtype:trojan-activity;sid:84201755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338656)"; flow:established,from_client; content:"GET"; http_method; content:"/kabot/unix-privilege-escalation-exploits-pack/master/2012/vmsplice-local-root-exploit"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338656/; classtype:trojan-activity;sid:84201756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338557)"; flow:established,from_client; content:"GET"; http_method; content:"/net/boot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338557/; classtype:trojan-activity;sid:84201657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338560)"; flow:established,from_client; content:"GET"; http_method; content:"/ga13372/jv/main/javaw.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338560/; classtype:trojan-activity;sid:84201660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338554)"; flow:established,from_client; content:"GET"; http_method; content:"/jhpatchouli/payload/raw/master/artifact.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitee.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338554/; classtype:trojan-activity;sid:84201654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338548)"; flow:established,from_client; content:"GET"; http_method; content:"/nicxlau/alfa-shell/master/alfa-obfuscated.php"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338548/; classtype:trojan-activity;sid:84201648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338507)"; flow:established,from_client; content:"GET"; http_method; content:"/aissardp/payload/main/payload.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338507/; classtype:trojan-activity;sid:84201607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338505)"; flow:established,from_client; content:"GET"; http_method; content:"/cracker1337uwu/rrr/main/bypass.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338505/; classtype:trojan-activity;sid:84201605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338499)"; flow:established,from_client; content:"GET"; http_method; content:"/g1vi/cve-2023-2640-cve-2023-32629/main/exploit.sh"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338499/; classtype:trojan-activity;sid:84201599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338493)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenmanmkt/repo1/main/exploit-2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338493/; classtype:trojan-activity;sid:84201593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338492)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/self-injection/self-injection.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338492/; classtype:trojan-activity;sid:84201592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338487)"; flow:established,from_client; content:"GET"; http_method; content:"/cyberhunter00/remote_hijack/master/uac_bypass.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338487/; classtype:trojan-activity;sid:84201587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338473)"; flow:established,from_client; content:"GET"; http_method; content:"/fromfranceanb/d46c38bce2b0d9c6hcffa6baea82ece29fa6d238/main/injection.js"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338473/; classtype:trojan-activity;sid:84201573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338475)"; flow:established,from_client; content:"GET"; http_method; content:"/cocomelonc/2022-01-14-malware-injection-13/master/hack.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338475/; classtype:trojan-activity;sid:84201575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338467)"; flow:established,from_client; content:"GET"; http_method; content:"/fxtazz/injection/main/index.js"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338467/; classtype:trojan-activity;sid:84201567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338471)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/process-injection/process-injection.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338471/; classtype:trojan-activity;sid:84201571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338451)"; flow:established,from_client; content:"GET"; http_method; content:"/sixaknow/uac_bypass_/main/module_377498327498dcxvc32434.dll"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338451/; classtype:trojan-activity;sid:84201551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338443)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/master/standalone_payload.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338443/; classtype:trojan-activity;sid:84201543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338434)"; flow:established,from_client; content:"GET"; http_method; content:"/sanzaz/phantomious/main/injection-clean.js"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338434/; classtype:trojan-activity;sid:84201534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337794)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/f/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337794/; classtype:trojan-activity;sid:84200894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337795)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/c/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337795/; classtype:trojan-activity;sid:84200895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337796)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337796/; classtype:trojan-activity;sid:84200896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337797)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/i/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337797/; classtype:trojan-activity;sid:84200897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337035)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmoundll/kak/main/glew64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337035/; classtype:trojan-activity;sid:84200135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337026)"; flow:established,from_client; content:"GET"; http_method; content:"/nkaslq1/ankrnl/refs/heads/main/alphatweaks.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337026/; classtype:trojan-activity;sid:84200126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337010)"; flow:established,from_client; content:"GET"; http_method; content:"/cgpro/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337010/; classtype:trojan-activity;sid:84200110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336992)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/taskmoder.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336992/; classtype:trojan-activity;sid:84200092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336993)"; flow:established,from_client; content:"GET"; http_method; content:"/z-beam/movaflag/releases/download/1.0.2/mova.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336993/; classtype:trojan-activity;sid:84200093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336990)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/cssgo.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336990/; classtype:trojan-activity;sid:84200090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336987)"; flow:established,from_client; content:"GET"; http_method; content:"/net/boot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336987/; classtype:trojan-activity;sid:84200087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336095)"; flow:established,from_client; content:"GET"; http_method; content:"/stubgenerator/stub/main/stub.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336095/; classtype:trojan-activity;sid:84199195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336094)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/main/stub.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336094/; classtype:trojan-activity;sid:84199194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336077)"; flow:established,from_client; content:"GET"; http_method; content:"/nikolaevich23/make-pkg-bat/master/setup.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336077/; classtype:trojan-activity;sid:84199177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336072)"; flow:established,from_client; content:"GET"; http_method; content:"/eirxne/valorant-axeprime/main/axeprime.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336072/; classtype:trojan-activity;sid:84199172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336068)"; flow:established,from_client; content:"GET"; http_method; content:"/stephenfewer/reflectivedllinjection/refs/heads/master/bin/reflective_dll.dll"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336068/; classtype:trojan-activity;sid:84199168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336058)"; flow:established,from_client; content:"GET"; http_method; content:"/anessdev/talha/main/talha.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336058/; classtype:trojan-activity;sid:84199158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336051)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336051/; classtype:trojan-activity;sid:84199151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336049)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/zip/refs/heads/main"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336049/; classtype:trojan-activity;sid:84199149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335208)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/rage.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335208/; classtype:trojan-activity;sid:84198308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335209)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335209/; classtype:trojan-activity;sid:84198309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335199)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/brive/recepisse/202403/10/doc2lgpu2jwfets.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335199/; classtype:trojan-activity;sid:84198299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335200)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/distrimobile/recepisse/202407/30/fuss983_20240725_150732.tif"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335200/; classtype:trojan-activity;sid:84198300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335175)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks32_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335175/; classtype:trojan-activity;sid:84198275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335174)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowforce2008_64_add.vmp.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335174/; classtype:trojan-activity;sid:84198274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335173)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks64_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335173/; classtype:trojan-activity;sid:84198273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335166)"; flow:established,from_client; content:"GET"; http_method; content:"/upm2008.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335166/; classtype:trojan-activity;sid:84198266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335156)"; flow:established,from_client; content:"GET"; http_method; content:"/ndisinstaller3.2.32.1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335156/; classtype:trojan-activity;sid:84198256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335149)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/2018-11/20181122103207926164.doc"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"xww.bucea.edu.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335149/; classtype:trojan-activity;sid:84198249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335154)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335154/; classtype:trojan-activity;sid:84198254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335147)"; flow:established,from_client; content:"GET"; http_method; content:"/iatinfect2008_64.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335147/; classtype:trojan-activity;sid:84198247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335141)"; flow:established,from_client; content:"GET"; http_method; content:"/winsetaccess64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335141/; classtype:trojan-activity;sid:84198241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335135)"; flow:established,from_client; content:"GET"; http_method; content:"/writedat.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335135/; classtype:trojan-activity;sid:84198235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335136)"; flow:established,from_client; content:"GET"; http_method; content:"/mport.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335136/; classtype:trojan-activity;sid:84198236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335134)"; flow:established,from_client; content:"GET"; http_method; content:"/iland.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335134/; classtype:trojan-activity;sid:84198234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335132)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335132/; classtype:trojan-activity;sid:84198232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335123)"; flow:established,from_client; content:"GET"; http_method; content:"/krepej/dubelya/s-shurupom/6-40-40-sht"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"m.bal-stroi.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335123/; classtype:trojan-activity;sid:84198223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335119)"; flow:established,from_client; content:"GET"; http_method; content:"/mytime/files/3.3.7.0/mytime.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"down.ruanmei.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335119/; classtype:trojan-activity;sid:84198219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335118)"; flow:established,from_client; content:"GET"; http_method; content:"/cg70/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335118/; classtype:trojan-activity;sid:84198218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335096)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335096/; classtype:trojan-activity;sid:84198196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335094)"; flow:established,from_client; content:"GET"; http_method; content:"/misc/tools/exporttabletester.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ximonite.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335094/; classtype:trojan-activity;sid:84198194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335074)"; flow:established,from_client; content:"GET"; http_method; content:"/_upload/article/files/90/f4/62d98f264ab0abc4a1f14a32607a/089c9dc1-8248-47b5-b35d-310cd70469b4.doc"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"hhbs.hhu.edu.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335074/; classtype:trojan-activity;sid:84198174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333897)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333897/; classtype:trojan-activity;sid:84196997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333896)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333896/; classtype:trojan-activity;sid:84196996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333895)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333895/; classtype:trojan-activity;sid:84196995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333657)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333657/; classtype:trojan-activity;sid:84196757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333658)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main1.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333658/; classtype:trojan-activity;sid:84196758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333651)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/raw/refs/heads/main/main1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333651/; classtype:trojan-activity;sid:84196751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333527)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/pthlearning.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chinaapper.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333527/; classtype:trojan-activity;sid:84196627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333522)"; flow:established,from_client; content:"GET"; http_method; content:"/azertyuiopexe/fud-crypter/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333522/; classtype:trojan-activity;sid:84196622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333521)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/main/document.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333521/; classtype:trojan-activity;sid:84196621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333518)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.8"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333518/; classtype:trojan-activity;sid:84196618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333513)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.10"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333513/; classtype:trojan-activity;sid:84196613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333514)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.3"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333514/; classtype:trojan-activity;sid:84196614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333511)"; flow:established,from_client; content:"GET"; http_method; content:"/hwangyounggul33/windows10/refs/heads/main/privacypolicy.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333511/; classtype:trojan-activity;sid:84196611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333509)"; flow:established,from_client; content:"GET"; http_method; content:"/caocaocc/yacd/zip/refs/heads/gh-pages"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333509/; classtype:trojan-activity;sid:84196609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333510)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.2"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333510/; classtype:trojan-activity;sid:84196610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333508)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.11"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333508/; classtype:trojan-activity;sid:84196608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333499)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/agentnov.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333499/; classtype:trojan-activity;sid:84196599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333502)"; flow:established,from_client; content:"GET"; http_method; content:"/cirosantilli/china-dictatorship/zip/refs/heads/master"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333502/; classtype:trojan-activity;sid:84196602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333503)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.8.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333503/; classtype:trojan-activity;sid:84196603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333495)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.5"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333495/; classtype:trojan-activity;sid:84196595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333496)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.7"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333496/; classtype:trojan-activity;sid:84196596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333493)"; flow:established,from_client; content:"GET"; http_method; content:"/d-7uble/invoke-phant0m/zip/refs/heads/master"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333493/; classtype:trojan-activity;sid:84196593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333494)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.7.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333494/; classtype:trojan-activity;sid:84196594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333489)"; flow:established,from_client; content:"GET"; http_method; content:"/54n4l/mimikatzwindows/zip/refs/heads/master"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333489/; classtype:trojan-activity;sid:84196589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333485)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333485/; classtype:trojan-activity;sid:84196585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333482)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333482/; classtype:trojan-activity;sid:84196582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333481)"; flow:established,from_client; content:"GET"; http_method; content:"/crowly-ai/hello-world/refs/heads/main/zubovlekciya.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333481/; classtype:trojan-activity;sid:84196581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333479)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333479/; classtype:trojan-activity;sid:84196579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333470)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodhoundad/bloodhound/master/collectors/sharphound.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333470/; classtype:trojan-activity;sid:84196570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333458)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar/setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333458/; classtype:trojan-activity;sid:84196558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333457)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333457/; classtype:trojan-activity;sid:84196557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333456)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333456/; classtype:trojan-activity;sid:84196556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333439)"; flow:established,from_client; content:"GET"; http_method; content:"/ytisf/thezoo/refs/heads/master/malware/binaries/ransomware.wannacry/ransomware.wannacry.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333439/; classtype:trojan-activity;sid:84196539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333435)"; flow:established,from_client; content:"GET"; http_method; content:"/newlog/exploiting/refs/heads/master/training/windows/practical_malware_analysis/labs/chapter_1l/lab01-02.exe"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333435/; classtype:trojan-activity;sid:84196535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333369)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/donut.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333369/; classtype:trojan-activity;sid:84196469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333359)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333359/; classtype:trojan-activity;sid:84196459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333355)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333355/; classtype:trojan-activity;sid:84196455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333350)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/raw/master/donut.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333350/; classtype:trojan-activity;sid:84196450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333351)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333351/; classtype:trojan-activity;sid:84196451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333352)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333352/; classtype:trojan-activity;sid:84196452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333343)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333343/; classtype:trojan-activity;sid:84196443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333321)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333321/; classtype:trojan-activity;sid:84196421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333316)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333316/; classtype:trojan-activity;sid:84196416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333317)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333317/; classtype:trojan-activity;sid:84196417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333279)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jtdamhd5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333279/; classtype:trojan-activity;sid:84196379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332955)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%98%85%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%98%85.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332955/; classtype:trojan-activity;sid:84196055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332954)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%ab%b8%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%ab%b7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332954/; classtype:trojan-activity;sid:84196054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332844)"; flow:established,from_client; content:"GET"; http_method; content:"/get/19f3c14691d28ab174a7935987ce2182/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"loader.oxy.st"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332844/; classtype:trojan-activity;sid:84195944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332792)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332792/; classtype:trojan-activity;sid:84195892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332783)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/raw/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332783/; classtype:trojan-activity;sid:84195883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332780)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/raw/refs/heads/main/connector1.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332780/; classtype:trojan-activity;sid:84195880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332771)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/main/critscript.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332771/; classtype:trojan-activity;sid:84195871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332764)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/main/system.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332764/; classtype:trojan-activity;sid:84195864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332761)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/refs/heads/main/jrockekcurje.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332761/; classtype:trojan-activity;sid:84195861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332757)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/raw/main/system.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332757/; classtype:trojan-activity;sid:84195857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332758)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/refs/heads/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332758/; classtype:trojan-activity;sid:84195858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332753)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/raw/refs/heads/main/client-built.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332753/; classtype:trojan-activity;sid:84195853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332754)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332754/; classtype:trojan-activity;sid:84195854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332751)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332751/; classtype:trojan-activity;sid:84195851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331919)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/opyhjdase.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331919/; classtype:trojan-activity;sid:84195019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331862)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/popapoers.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331862/; classtype:trojan-activity;sid:84194962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331858)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/ljgksdtihd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331858/; classtype:trojan-activity;sid:84194958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331850)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/pfntjejghjsdkr.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331850/; classtype:trojan-activity;sid:84194950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331828)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/vikings.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331828/; classtype:trojan-activity;sid:84194928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331826)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/bnkrigkawd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331826/; classtype:trojan-activity;sid:84194926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331699)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331699/; classtype:trojan-activity;sid:84194799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331669)"; flow:established,from_client; content:"GET"; http_method; content:"/fofit-rater/1/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331669/; classtype:trojan-activity;sid:84194769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331670)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/master/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331670/; classtype:trojan-activity;sid:84194770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331664)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original//rump_img.jpeg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331664/; classtype:trojan-activity;sid:84194764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331665)"; flow:established,from_client; content:"GET"; http_method; content:"/abhidadatg/worm/refs/heads/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331665/; classtype:trojan-activity;sid:84194765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331653)"; flow:established,from_client; content:"GET"; http_method; content:"/zonicleaks/yappadabbadoo/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331653/; classtype:trojan-activity;sid:84194753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331648)"; flow:established,from_client; content:"GET"; http_method; content:"/jikoos/rrr/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331648/; classtype:trojan-activity;sid:84194748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331649)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug2.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331649/; classtype:trojan-activity;sid:84194749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331644)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/wrwrwr/main/xclient.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331644/; classtype:trojan-activity;sid:84194744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331639)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/deferred-metadata/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331639/; classtype:trojan-activity;sid:84194739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331640)"; flow:established,from_client; content:"GET"; http_method; content:"/whois-black/qew123/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331640/; classtype:trojan-activity;sid:84194740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331636)"; flow:established,from_client; content:"GET"; http_method; content:"/paco321312312/cautious-sniffle/main/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331636/; classtype:trojan-activity;sid:84194736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331633)"; flow:established,from_client; content:"GET"; http_method; content:"/joeljosephpajeet/testexe/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331633/; classtype:trojan-activity;sid:84194733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331626)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug4.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331626/; classtype:trojan-activity;sid:84194726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331628)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/fsfsf/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331628/; classtype:trojan-activity;sid:84194728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331630)"; flow:established,from_client; content:"GET"; http_method; content:"/cheetz/nishang/master/gather/keylogger.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331630/; classtype:trojan-activity;sid:84194730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331588)"; flow:established,from_client; content:"GET"; http_method; content:"/cookieskush/pip-package-template/master/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331588/; classtype:trojan-activity;sid:84194688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331577)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331577/; classtype:trojan-activity;sid:84194677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331574)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/refs/heads/master/xclient.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331574/; classtype:trojan-activity;sid:84194674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331534)"; flow:established,from_client; content:"GET"; http_method; content:"/cidadejunina/js/vendor/debug2.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"transparenciacanaa.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331534/; classtype:trojan-activity;sid:84194634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331498)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_-w5me4evtzbdzix_v_ymzdelazhrv5z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331498/; classtype:trojan-activity;sid:84194598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331500)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nskagzrswpttoue3wbrhdqpyzlyve4tg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331500/; classtype:trojan-activity;sid:84194600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o3zw7sodji4uk954kngkdyshyl37gozq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331490/; classtype:trojan-activity;sid:84194590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318309)"; flow:established,from_client; content:"GET"; http_method; content:"/khangdz1801/raw/refs/heads/main/sound.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318309/; classtype:trojan-activity;sid:84181409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317638/; classtype:trojan-activity;sid:84180738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317497)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/media/thing2"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"divvanews.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317497/; classtype:trojan-activity;sid:84180597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316452)"; flow:established,from_client; content:"GET"; http_method; content:"/searchuii.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316452/; classtype:trojan-activity;sid:84179552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315253)"; flow:established,from_client; content:"GET"; http_method; content:"/order/purchaseorder.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315253/; classtype:trojan-activity;sid:84178353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315254)"; flow:established,from_client; content:"GET"; http_method; content:"/order/putty.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315254/; classtype:trojan-activity;sid:84178354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308970)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.111.146.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308970/; classtype:trojan-activity;sid:84172070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308898)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.183.16.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308898/; classtype:trojan-activity;sid:84171998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308875/; classtype:trojan-activity;sid:84171975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308847/; classtype:trojan-activity;sid:84171947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308798)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1idr9p3dgxkblhu7h4jckclzmtlibwsiw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308798/; classtype:trojan-activity;sid:84171898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308797)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c2pnucvma1shu90mnauhef6shildth-s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308797/; classtype:trojan-activity;sid:84171897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308461)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y0"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308461/; classtype:trojan-activity;sid:84171561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308462)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y3"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308462/; classtype:trojan-activity;sid:84171562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308463)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y4.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308463/; classtype:trojan-activity;sid:84171563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308464)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y2"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308464/; classtype:trojan-activity;sid:84171564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305535)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305535/; classtype:trojan-activity;sid:84168635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303817)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jbzzntbk1kuszoofww7hsqfdh066ontf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303817/; classtype:trojan-activity;sid:84166917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303818)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hkvynldkcbdd50_bsw3s9tk5elbduxtg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303818/; classtype:trojan-activity;sid:84166918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300881)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/y.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300881/; classtype:trojan-activity;sid:84163981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300394)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/refs/heads/main/document.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300394/; classtype:trojan-activity;sid:84163494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300382)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/test.xll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300382/; classtype:trojan-activity;sid:84163482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300387)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/ud.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300387/; classtype:trojan-activity;sid:84163487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300377)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/t.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300377/; classtype:trojan-activity;sid:84163477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300378)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/template.dotm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300378/; classtype:trojan-activity;sid:84163478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300374)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/doadmin.png"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300374/; classtype:trojan-activity;sid:84163474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300375)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/steamerx.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300375/; classtype:trojan-activity;sid:84163475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300376)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/justpoc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300376/; classtype:trojan-activity;sid:84163476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300371)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/u.xls"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300371/; classtype:trojan-activity;sid:84163471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300372)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/scriptlet"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300372/; classtype:trojan-activity;sid:84163472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299333)"; flow:established,from_client; content:"GET"; http_method; content:"/account/rolex_file.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"treinamento.convenio.to.gov.br"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299333/; classtype:trojan-activity;sid:84162433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298202)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/ud/raw/refs/heads/main/ud.bat"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298202/; classtype:trojan-activity;sid:84161302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298201)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/ud.bat"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298201/; classtype:trojan-activity;sid:84161301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297750)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/nube-f5f04.appspot.com/o/ansy.txt|3f|alt=media|7c|26|7c|token=703d87ea-0284-408f-b949-21b01138d2a5"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297750/; classtype:trojan-activity;sid:84160850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297053/; classtype:trojan-activity;sid:84160153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; content:"GET"; http_method; content:"/crm/exe/update.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.zhikey.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294809)"; flow:established,from_client; content:"GET"; http_method; content:"/configureregistrysettings.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294809/; classtype:trojan-activity;sid:84157909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; content:"GET"; http_method; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292725/; classtype:trojan-activity;sid:84155825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mininews.kpzip.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291910)"; flow:established,from_client; content:"GET"; http_method; content:"/3911_wz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wz.3911.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291910/; classtype:trojan-activity;sid:84155010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291869)"; flow:established,from_client; content:"GET"; http_method; content:"/images/stories/guides/guide2018.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"dcwblida.dz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291869/; classtype:trojan-activity;sid:84154969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.44.144.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290573/; classtype:trojan-activity;sid:84153673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290243)"; flow:established,from_client; content:"GET"; http_method; content:"/pro2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.98.201.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290243/; classtype:trojan-activity;sid:84153343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; content:"GET"; http_method; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.250.231.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289468/; classtype:trojan-activity;sid:84152568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.255.216.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289466/; classtype:trojan-activity;sid:84152566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.2.177.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289462/; classtype:trojan-activity;sid:84152562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289463/; classtype:trojan-activity;sid:84152563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.201.176.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289454/; classtype:trojan-activity;sid:84152554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.118.75.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288915/; classtype:trojan-activity;sid:84152015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287642/; classtype:trojan-activity;sid:84150742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287644/; classtype:trojan-activity;sid:84150744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.166.191.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287645/; classtype:trojan-activity;sid:84150745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.121.12.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287632/; classtype:trojan-activity;sid:84150732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.127.218.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287636/; classtype:trojan-activity;sid:84150736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.20.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286969/; classtype:trojan-activity;sid:84150069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.73.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286822/; classtype:trojan-activity;sid:84149922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; content:"GET"; http_method; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"d.kpzip.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286513)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.convertimg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286513/; classtype:trojan-activity;sid:84149613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.166.251.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286367/; classtype:trojan-activity;sid:84149467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281578)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/client.exe.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281578/; classtype:trojan-activity;sid:84144678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281577)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/dsetup.dll.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281577/; classtype:trojan-activity;sid:84144677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280990)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2d424qwn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280990/; classtype:trojan-activity;sid:84144090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; content:"GET"; http_method; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; content:"GET"; http_method; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; content:"GET"; http_method; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"disk.accord1key.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278578)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278578/; classtype:trojan-activity;sid:84141678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; content:"GET"; http_method; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; content:"GET"; http_method; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278558)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278558/; classtype:trojan-activity;sid:84141658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278362)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1las2cmd3reobg45qhkqhawi90h4_u0kd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278362/; classtype:trojan-activity;sid:84141462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; content:"GET"; http_method; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275669)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kc4fdseohzqymz2x0ncqswph66uxdb1z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275669/; classtype:trojan-activity;sid:84138769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275667)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1u_rahqbks7vd7qqc6wx3gxnjxtfqrzbp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275667/; classtype:trojan-activity;sid:84138767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275658)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-8qpzgr4-iis53p1-kr2-o6prrjmnksk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275658/; classtype:trojan-activity;sid:84138758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275656)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ubqrhziusgl-cn_nie2_udj4qi6qrqsw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275656/; classtype:trojan-activity;sid:84138756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275242)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gmzqsemymffka4lve0jkwa06sklk7xhu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275242/; classtype:trojan-activity;sid:84138342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274957/; classtype:trojan-activity;sid:84138057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274634/; classtype:trojan-activity;sid:84137734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274635/; classtype:trojan-activity;sid:84137735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.104.33.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274602/; classtype:trojan-activity;sid:84137702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.219.123.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274508/; classtype:trojan-activity;sid:84137608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; content:"GET"; http_method; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273868)"; flow:established,from_client; content:"GET"; http_method; content:"/download/telegram.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"telegramcn.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273868/; classtype:trojan-activity;sid:84136968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; content:"GET"; http_method; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271692)"; flow:established,from_client; content:"GET"; http_method; content:"/vc17x64.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271692/; classtype:trojan-activity;sid:84134792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271691)"; flow:established,from_client; content:"GET"; http_method; content:"/pchunter64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271691/; classtype:trojan-activity;sid:84134791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271690)"; flow:established,from_client; content:"GET"; http_method; content:"/remotelyanywhere11.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271690/; classtype:trojan-activity;sid:84134790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271689)"; flow:established,from_client; content:"GET"; http_method; content:"/pm3100.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271689/; classtype:trojan-activity;sid:84134789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271686)"; flow:established,from_client; content:"GET"; http_method; content:"/qwsrv3.3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271686/; classtype:trojan-activity;sid:84134786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271681)"; flow:established,from_client; content:"GET"; http_method; content:"/x210.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271681/; classtype:trojan-activity;sid:84134781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271683)"; flow:established,from_client; content:"GET"; http_method; content:"/ydcx.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271683/; classtype:trojan-activity;sid:84134783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271684)"; flow:established,from_client; content:"GET"; http_method; content:"/smb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271684/; classtype:trojan-activity;sid:84134784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271685)"; flow:established,from_client; content:"GET"; http_method; content:"/kb2808679x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271685/; classtype:trojan-activity;sid:84134785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271679)"; flow:established,from_client; content:"GET"; http_method; content:"/rlpb15.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271679/; classtype:trojan-activity;sid:84134779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271680)"; flow:established,from_client; content:"GET"; http_method; content:"/hydkj.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271680/; classtype:trojan-activity;sid:84134780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271675)"; flow:established,from_client; content:"GET"; http_method; content:"/autoruns.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271675/; classtype:trojan-activity;sid:84134775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271673)"; flow:established,from_client; content:"GET"; http_method; content:"/cysoft/winrarx64521sc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271673/; classtype:trojan-activity;sid:84134773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271672)"; flow:established,from_client; content:"GET"; http_method; content:"/hdtune.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271672/; classtype:trojan-activity;sid:84134772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271664)"; flow:established,from_client; content:"GET"; http_method; content:"/wblog.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271664/; classtype:trojan-activity;sid:84134764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271666)"; flow:established,from_client; content:"GET"; http_method; content:"/steam.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271666/; classtype:trojan-activity;sid:84134766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; content:"GET"; http_method; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; content:"GET"; http_method; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/main/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271596)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271596/; classtype:trojan-activity;sid:84134696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/raw/main/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271206)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt|3f|alt=media|7c|26|7c|token=c0f99eb2-2f4d-4b6b-8bb6-bdb0e353c395"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271206/; classtype:trojan-activity;sid:84134306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270748)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270748/; classtype:trojan-activity;sid:84133848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270747)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270747/; classtype:trojan-activity;sid:84133847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270744)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270744/; classtype:trojan-activity;sid:84133844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270741)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270741/; classtype:trojan-activity;sid:84133841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270198)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/edadf5dc5ec04c578e24f68006fad2b4.sys"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270198/; classtype:trojan-activity;sid:84133298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; content:"GET"; http_method; content:"/novocrm/static/winring0x64.sys"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"118.189.172.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270195)"; flow:established,from_client; content:"GET"; http_method; content:"/ggassistant/update/2.3.11.29/tool/winring0x64.sys|3f|skq=1701042218"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"shqdown.ggzuhao.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270195/; classtype:trojan-activity;sid:84133295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; content:"GET"; http_method; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270187)"; flow:established,from_client; content:"GET"; http_method; content:"/irusanov/zenstates-core/raw/master/winring0x64.sys"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270187/; classtype:trojan-activity;sid:84133287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; content:"GET"; http_method; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; content:"GET"; http_method; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; content:"GET"; http_method; content:"/sopranotech/dimeo/main/winring0x64.sys"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; content:"GET"; http_method; content:"/abrissyy/min/main/winring0x64.sys"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269789)"; flow:established,from_client; content:"GET"; http_method; content:"/framzzzzz/dont-use/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269789/; classtype:trojan-activity;sid:84132889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268047)"; flow:established,from_client; content:"GET"; http_method; content:"/a.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.newshostingsupdate.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268047/; classtype:trojan-activity;sid:84131147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268049)"; flow:established,from_client; content:"GET"; http_method; content:"/a.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.newshostingsupdate.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268049/; classtype:trojan-activity;sid:84131149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268050)"; flow:established,from_client; content:"GET"; http_method; content:"/a.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"newshostingsupdate.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268050/; classtype:trojan-activity;sid:84131150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265959)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygqwpvxadhjsxskr3u3tdw2u5dnzv0pp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265959/; classtype:trojan-activity;sid:84129059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265958)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uzjwtbh4hcs9i060hwf08hrnymnodugn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265958/; classtype:trojan-activity;sid:84129058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265708/; classtype:trojan-activity;sid:84128808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260977)"; flow:established,from_client; content:"GET"; http_method; content:"/pag/photosetting.lzh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"bradreddekopp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260977/; classtype:trojan-activity;sid:84124077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258435)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258435/; classtype:trojan-activity;sid:84121535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258399)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258399/; classtype:trojan-activity;sid:84121499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258403)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258403/; classtype:trojan-activity;sid:84121503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258029)"; flow:established,from_client; content:"GET"; http_method; content:"/javamagazine/magdownloads/downloads/utilities-windowtimer-ptimer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258029/; classtype:trojan-activity;sid:84121129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257484)"; flow:established,from_client; content:"GET"; http_method; content:"/data/javaw/net/net.xsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257484/; classtype:trojan-activity;sid:84120584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; content:"GET"; http_method; content:"/proxyonly/www/raw/main/security.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; content:"GET"; http_method; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250891)"; flow:established,from_client; content:"GET"; http_method; content:"/peass-ng/peass-ng/releases/latest/download/linpeas.sh"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250891/; classtype:trojan-activity;sid:84113991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; content:"GET"; http_method; content:"/img_up/shop_pds/nicehana/client.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.xn--on3b15m2lco2u.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; content:"GET"; http_method; content:"/mestalic/site/refs/heads/main/file.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245772)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245772/; classtype:trojan-activity;sid:84108872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245737)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.252.159.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245737/; classtype:trojan-activity;sid:84108837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.152.219.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245732)"; flow:established,from_client; content:"GET"; http_method; content:"/vz.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.79.124.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245732/; classtype:trojan-activity;sid:84108832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245730)"; flow:established,from_client; content:"GET"; http_method; content:"/chinese.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.129.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245730/; classtype:trojan-activity;sid:84108830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; content:"GET"; http_method; content:"/hs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; content:"GET"; http_method; content:"/kg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243260)"; flow:established,from_client; content:"GET"; http_method; content:"/loader/loader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"klar.gg"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243260/; classtype:trojan-activity;sid:84106360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243135)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/filekey.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243135/; classtype:trojan-activity;sid:84106235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243134)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/file3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243134/; classtype:trojan-activity;sid:84106234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243133)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injek3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243133/; classtype:trojan-activity;sid:84106233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; content:"GET"; http_method; content:"/update/data/update.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0624.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0703.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; content:"GET"; http_method; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242769)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/solr.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"119.192.128.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242769/; classtype:trojan-activity;sid:84105869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack0832.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; content:"GET"; http_method; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; content:"GET"; http_method; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/main/tweaks.7z"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; content:"GET"; http_method; content:"/intergate0/none/main/main.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241754)"; flow:established,from_client; content:"GET"; http_method; content:"/wbrswbrn/awew45/refs/heads/main/nurik.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241754/; classtype:trojan-activity;sid:84104854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; content:"GET"; http_method; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; content:"GET"; http_method; content:"/s107000665/c1/master/1223.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; content:"GET"; http_method; content:"/iciamyplant/ctf/master/plantrojan.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; content:"GET"; http_method; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; content:"GET"; http_method; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; content:"GET"; http_method; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qiniuyunxz.yxflzs.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241291)"; flow:established,from_client; content:"GET"; http_method; content:"/key.pem"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241291/; classtype:trojan-activity;sid:84104391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; content:"GET"; http_method; content:"/justincoding3/slumfun/main/obfuscated.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; content:"GET"; http_method; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241019)"; flow:established,from_client; content:"GET"; http_method; content:"/gosha1239/onetap/master/onetap.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241019/; classtype:trojan-activity;sid:84104119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; content:"GET"; http_method; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; content:"GET"; http_method; content:"/ryan2159/stuff/main/discord.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-dust/death/main/stealinfo.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240998)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/main/discordspotifybypass.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240998/; classtype:trojan-activity;sid:84104098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240994)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/raw/main/discordspotifybypass.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240994/; classtype:trojan-activity;sid:84104094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; content:"GET"; http_method; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; content:"GET"; http_method; content:"/haxork8880/files/main/windowssync.txt.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; content:"GET"; http_method; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerx237/miner/main/my-files.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; content:"GET"; http_method; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239669)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_3.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239669/; classtype:trojan-activity;sid:84102769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239666)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_4.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239666/; classtype:trojan-activity;sid:84102766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239667)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_2.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239667/; classtype:trojan-activity;sid:84102767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239668)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_1.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239668/; classtype:trojan-activity;sid:84102768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; content:"GET"; http_method; content:"/eaklauncher/eaklauncher.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238084)"; flow:established,from_client; content:"GET"; http_method; content:"/python312/rusty-dropper/main/client-built.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238084/; classtype:trojan-activity;sid:84101184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/main/fast%20download.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238067)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/main/svhost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238067/; classtype:trojan-activity;sid:84101167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/main/444.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238057)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/main/bloxflip%20predictor.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238057/; classtype:trojan-activity;sid:84101157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238047)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/main/sentil.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238047/; classtype:trojan-activity;sid:84101147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238045)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238045/; classtype:trojan-activity;sid:84101145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238025)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/main/amogus.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238025/; classtype:trojan-activity;sid:84101125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238013)"; flow:established,from_client; content:"GET"; http_method; content:"/vampirvikariy/clientn2/master/intro.avi.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238013/; classtype:trojan-activity;sid:84101113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238012)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/main/njrat.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238012/; classtype:trojan-activity;sid:84101112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238010)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/main/server1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238010/; classtype:trojan-activity;sid:84101110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; content:"GET"; http_method; content:"/5556.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.212.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blank-grabber/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237889)"; flow:established,from_client; content:"GET"; http_method; content:"/activia/aa_v3.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sfa.com.ar"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237889/; classtype:trojan-activity;sid:84100989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/zip/refs/heads/main"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; content:"GET"; http_method; content:"/steve824/a/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; content:"GET"; http_method; content:"/thebb5th/123/zip/refs/heads/main"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237465)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_suia0iczdw2reew1f9hgunezxcwv52d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237465/; classtype:trojan-activity;sid:84100565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; content:"GET"; http_method; content:"/center.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"153.37.77.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.136.142.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236485)"; flow:established,from_client; content:"GET"; http_method; content:"/never.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236485/; classtype:trojan-activity;sid:84099585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236450)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.192.128.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236450/; classtype:trojan-activity;sid:84099550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236324)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xwgl/xw_xxgl.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236324/; classtype:trojan-activity;sid:84099424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xw_setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yhy_setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236314)"; flow:established,from_client; content:"GET"; http_method; content:"/ipscan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"file.edunet.ac"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236314/; classtype:trojan-activity;sid:84099414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236272)"; flow:established,from_client; content:"GET"; http_method; content:"/1skilllauncher/1skilllauncher.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236272/; classtype:trojan-activity;sid:84099372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; content:"GET"; http_method; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"hnjgdl.geps.glodon.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; content:"GET"; http_method; content:"/natgo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dl.natgo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/etermproxy.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pid.fly160.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236227)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/iupdate.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.innovare.no"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236227/; classtype:trojan-activity;sid:84099327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.234.48.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; content:"GET"; http_method; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; content:"GET"; http_method; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/update.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235077)"; flow:established,from_client; content:"GET"; http_method; content:"/libcurl.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235077/; classtype:trojan-activity;sid:84098177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; content:"GET"; http_method; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; content:"GET"; http_method; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234803)"; flow:established,from_client; content:"GET"; http_method; content:"/crazycoach.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234803/; classtype:trojan-activity;sid:84097903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16737801/wave.zip|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist/login/login.7z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"win.down.55kantu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228412/; classtype:trojan-activity;sid:84091512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225936)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225936/; classtype:trojan-activity;sid:84089036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225932/; classtype:trojan-activity;sid:84089032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218022/; classtype:trojan-activity;sid:84081122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218007/; classtype:trojan-activity;sid:84081107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.217.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218011/; classtype:trojan-activity;sid:84081111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217753/; classtype:trojan-activity;sid:84080853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.155.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.28.228.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217750/; classtype:trojan-activity;sid:84080850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217719/; classtype:trojan-activity;sid:84080819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.16.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217684/; classtype:trojan-activity;sid:84080784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.12.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217676)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.24.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217676/; classtype:trojan-activity;sid:84080776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217661)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217661/; classtype:trojan-activity;sid:84080761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.6.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217625/; classtype:trojan-activity;sid:84080725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.40.25.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217628/; classtype:trojan-activity;sid:84080728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217621/; classtype:trojan-activity;sid:84080721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217618/; classtype:trojan-activity;sid:84080718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217557)"; flow:established,from_client; content:"GET"; http_method; content:"/123.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217557/; classtype:trojan-activity;sid:84080657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.118.215.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217140/; classtype:trojan-activity;sid:84080240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217134/; classtype:trojan-activity;sid:84080234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217135/; classtype:trojan-activity;sid:84080235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217095/; classtype:trojan-activity;sid:84080195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217104/; classtype:trojan-activity;sid:84080204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217088/; classtype:trojan-activity;sid:84080188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217091/; classtype:trojan-activity;sid:84080191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217073/; classtype:trojan-activity;sid:84080173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217046/; classtype:trojan-activity;sid:84080146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217064/; classtype:trojan-activity;sid:84080164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217065/; classtype:trojan-activity;sid:84080165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217044/; classtype:trojan-activity;sid:84080144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217028/; classtype:trojan-activity;sid:84080128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217010/; classtype:trojan-activity;sid:84080110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.18.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217020/; classtype:trojan-activity;sid:84080120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217023/; classtype:trojan-activity;sid:84080123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216997/; classtype:trojan-activity;sid:84080097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216967/; classtype:trojan-activity;sid:84080067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216969/; classtype:trojan-activity;sid:84080069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216974/; classtype:trojan-activity;sid:84080074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216975/; classtype:trojan-activity;sid:84080075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216978/; classtype:trojan-activity;sid:84080078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216986/; classtype:trojan-activity;sid:84080086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216987/; classtype:trojan-activity;sid:84080087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216989/; classtype:trojan-activity;sid:84080089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216961/; classtype:trojan-activity;sid:84080061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216927/; classtype:trojan-activity;sid:84080027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216936/; classtype:trojan-activity;sid:84080036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216937/; classtype:trojan-activity;sid:84080037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216941/; classtype:trojan-activity;sid:84080041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216945/; classtype:trojan-activity;sid:84080045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216918/; classtype:trojan-activity;sid:84080018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216900/; classtype:trojan-activity;sid:84080000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216906/; classtype:trojan-activity;sid:84080006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216909/; classtype:trojan-activity;sid:84080009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216911/; classtype:trojan-activity;sid:84080011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216886/; classtype:trojan-activity;sid:84079986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216854/; classtype:trojan-activity;sid:84079954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216860/; classtype:trojan-activity;sid:84079960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216862/; classtype:trojan-activity;sid:84079962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216845/; classtype:trojan-activity;sid:84079945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216811/; classtype:trojan-activity;sid:84079911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216819/; classtype:trojan-activity;sid:84079919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216820/; classtype:trojan-activity;sid:84079920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216802/; classtype:trojan-activity;sid:84079902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216794/; classtype:trojan-activity;sid:84079894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216796/; classtype:trojan-activity;sid:84079896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216772/; classtype:trojan-activity;sid:84079872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216773/; classtype:trojan-activity;sid:84079873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216751/; classtype:trojan-activity;sid:84079851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216739/; classtype:trojan-activity;sid:84079839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216742/; classtype:trojan-activity;sid:84079842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216724/; classtype:trojan-activity;sid:84079824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216726/; classtype:trojan-activity;sid:84079826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216720/; classtype:trojan-activity;sid:84079820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216715/; classtype:trojan-activity;sid:84079815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216704/; classtype:trojan-activity;sid:84079804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216696/; classtype:trojan-activity;sid:84079796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.128.81.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216698/; classtype:trojan-activity;sid:84079798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216670/; classtype:trojan-activity;sid:84079770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216650/; classtype:trojan-activity;sid:84079750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216651/; classtype:trojan-activity;sid:84079751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216652/; classtype:trojan-activity;sid:84079752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216661/; classtype:trojan-activity;sid:84079761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216646/; classtype:trojan-activity;sid:84079746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216633/; classtype:trojan-activity;sid:84079733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216629/; classtype:trojan-activity;sid:84079729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216603/; classtype:trojan-activity;sid:84079703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216598/; classtype:trojan-activity;sid:84079698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216594/; classtype:trojan-activity;sid:84079694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216575/; classtype:trojan-activity;sid:84079675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216582/; classtype:trojan-activity;sid:84079682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216584/; classtype:trojan-activity;sid:84079684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216555/; classtype:trojan-activity;sid:84079655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216565/; classtype:trojan-activity;sid:84079665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216550/; classtype:trojan-activity;sid:84079650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216537/; classtype:trojan-activity;sid:84079637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216511/; classtype:trojan-activity;sid:84079611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216520/; classtype:trojan-activity;sid:84079620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216522/; classtype:trojan-activity;sid:84079622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216536/; classtype:trojan-activity;sid:84079636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216507/; classtype:trojan-activity;sid:84079607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216480/; classtype:trojan-activity;sid:84079580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.124.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216487/; classtype:trojan-activity;sid:84079587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216488/; classtype:trojan-activity;sid:84079588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216496/; classtype:trojan-activity;sid:84079596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216501/; classtype:trojan-activity;sid:84079601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216502/; classtype:trojan-activity;sid:84079602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216470/; classtype:trojan-activity;sid:84079570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216479/; classtype:trojan-activity;sid:84079579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216463/; classtype:trojan-activity;sid:84079563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216443)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216443/; classtype:trojan-activity;sid:84079543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216437)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216437/; classtype:trojan-activity;sid:84079537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216435)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216435/; classtype:trojan-activity;sid:84079535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216430)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216430/; classtype:trojan-activity;sid:84079530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216428)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.220.203.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216428/; classtype:trojan-activity;sid:84079528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.92.214.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.232.126.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.158.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216398)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.106.6.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216398/; classtype:trojan-activity;sid:84079498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.110.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216376)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.169.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216376/; classtype:trojan-activity;sid:84079476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216359)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216359/; classtype:trojan-activity;sid:84079459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.117.136.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216349)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216349/; classtype:trojan-activity;sid:84079449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216348)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.106.6.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216348/; classtype:trojan-activity;sid:84079448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.13.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216329/; classtype:trojan-activity;sid:84079429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216326)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216326/; classtype:trojan-activity;sid:84079426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216322/; classtype:trojan-activity;sid:84079422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216321/; classtype:trojan-activity;sid:84079421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216318/; classtype:trojan-activity;sid:84079418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216314)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216314/; classtype:trojan-activity;sid:84079414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216309)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.163.234.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216309/; classtype:trojan-activity;sid:84079409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215839/; classtype:trojan-activity;sid:84078939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215834/; classtype:trojan-activity;sid:84078934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215816/; classtype:trojan-activity;sid:84078916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.36.25.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215817/; classtype:trojan-activity;sid:84078917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215806/; classtype:trojan-activity;sid:84078906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215792/; classtype:trojan-activity;sid:84078892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215485/; classtype:trojan-activity;sid:84078585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215469/; classtype:trojan-activity;sid:84078569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215463/; classtype:trojan-activity;sid:84078563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215454/; classtype:trojan-activity;sid:84078554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215435/; classtype:trojan-activity;sid:84078535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215440/; classtype:trojan-activity;sid:84078540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215421/; classtype:trojan-activity;sid:84078521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215422/; classtype:trojan-activity;sid:84078522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215420/; classtype:trojan-activity;sid:84078520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215403/; classtype:trojan-activity;sid:84078503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215404/; classtype:trojan-activity;sid:84078504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215401/; classtype:trojan-activity;sid:84078501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215377/; classtype:trojan-activity;sid:84078477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215371/; classtype:trojan-activity;sid:84078471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215259)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215259/; classtype:trojan-activity;sid:84078359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; content:"GET"; http_method; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204753/; classtype:trojan-activity;sid:84067853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204733/; classtype:trojan-activity;sid:84067833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204531)"; flow:established,from_client; content:"GET"; http_method; content:"/for_down/2013/new/dlls/rse/rsreport.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"download.suxiazai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204531/; classtype:trojan-activity;sid:84067631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198764)"; flow:established,from_client; content:"GET"; http_method; content:"/host.out"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.50.0.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198764/; classtype:trojan-activity;sid:84061864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; content:"GET"; http_method; content:"/pinginfoview.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; content:"GET"; http_method; content:"/cen22.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195888)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.188.137.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195888/; classtype:trojan-activity;sid:84058988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195887)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.98.231.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195887/; classtype:trojan-activity;sid:84058987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; content:"GET"; http_method; content:"/scanport.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195831)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195831/; classtype:trojan-activity;sid:84058931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195832)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195832/; classtype:trojan-activity;sid:84058932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; content:"GET"; http_method; content:"/fx8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.250.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%b8%85%e7%90%86%e5%9e%83%e5%9c%be.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"39.103.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195292/; classtype:trojan-activity;sid:84058392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; content:"GET"; http_method; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193548)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/js/main/core/core.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"evangroup.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193548/; classtype:trojan-activity;sid:84056648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192568)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk/win32/mimikatz.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"120.25.163.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192568/; classtype:trojan-activity;sid:84055668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190775)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190775/; classtype:trojan-activity;sid:84053875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190704/; classtype:trojan-activity;sid:84053804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190461)"; flow:established,from_client; content:"GET"; http_method; content:"/7"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190461/; classtype:trojan-activity;sid:84053561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190462)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190462/; classtype:trojan-activity;sid:84053562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190459)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190459/; classtype:trojan-activity;sid:84053559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190421)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"51.91.111.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190421/; classtype:trojan-activity;sid:84053521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190328/; classtype:trojan-activity;sid:84053428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; content:"GET"; http_method; content:"/unknwon1352/qawfdasfaw/main/software.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; content:"GET"; http_method; content:"/repository/aa_v3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.149.17.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; content:"GET"; http_method; content:"/blueskyxn/changesource/master/besttrace"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187575)"; flow:established,from_client; content:"GET"; http_method; content:"/7z.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.mvip8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187575/; classtype:trojan-activity;sid:84050675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187553)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%9b%9b%e6%96%b9%e5%b9%b3%e5%8f%b0-%e5%8d%a1%e5%95%86%e7%ab%af.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"sms-szfang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187553/; classtype:trojan-activity;sid:84050653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186430)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186430/; classtype:trojan-activity;sid:84049530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186428)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186428/; classtype:trojan-activity;sid:84049528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182627)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182627/; classtype:trojan-activity;sid:84045727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182626)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182626/; classtype:trojan-activity;sid:84045726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182622)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182622/; classtype:trojan-activity;sid:84045722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182623)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182623/; classtype:trojan-activity;sid:84045723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182624)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182624/; classtype:trojan-activity;sid:84045724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182620)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182620/; classtype:trojan-activity;sid:84045720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178401)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v9ujqbyj-mlf9mugkyiwow6t3rpui2bu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178401/; classtype:trojan-activity;sid:84041501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3177088)"; flow:established,from_client; content:"GET"; http_method; content:"/game/qm2014chs.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.34.158.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3177088/; classtype:trojan-activity;sid:84040188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; content:"GET"; http_method; content:"/scribblercoder/browserthief/main/browserthief.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174364)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tecunonline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174364/; classtype:trojan-activity;sid:84037464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.tecunonline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; content:"GET"; http_method; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171542)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171542/; classtype:trojan-activity;sid:84034642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169080)"; flow:established,from_client; content:"GET"; http_method; content:"/tenants/135790374f46b0107c516a5f5e13069b/5e5f800fdf87209fdf8f9b61441e53a1/linux/x64/stable/install.sh"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"download.cudo.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169080/; classtype:trojan-activity;sid:84032180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3164816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3164816/; classtype:trojan-activity;sid:84027916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/discord-injection/main/injection.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153312)"; flow:established,from_client; content:"GET"; http_method; content:"/jndiexploit-0x727-1.3-snapshot.jar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153312/; classtype:trojan-activity;sid:84016412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3137563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3137563/; classtype:trojan-activity;sid:84000663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; content:"GET"; http_method; content:"/sosinchik/asd/main/zoom.py"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; content:"GET"; http_method; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; content:"GET"; http_method; content:"/log/orgn.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"epanpano.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134374)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/wnbsqv3008.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soft.wsyhn.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134374/; classtype:trojan-activity;sid:83997474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; content:"GET"; http_method; content:"/qqhelper_1540.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"down.qqfarmer.com.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134368)"; flow:established,from_client; content:"GET"; http_method; content:"/login/1188%e7%83%88%e7%84%b0.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn.ly.9377.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134368/; classtype:trojan-activity;sid:83997468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; content:"GET"; http_method; content:"/nova_flow/patcher.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"144.172.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update/css/self/[upg]css.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"cs.go.kg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129422)"; flow:established,from_client; content:"GET"; http_method; content:"/tjqdq.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.249.193.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129422/; classtype:trojan-activity;sid:83992522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; content:"GET"; http_method; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"temirtau-adm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3119648)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/spam-c273a.appspot.com/o/15-08-2024.jpg|3f|alt=media|7c|26|7c|token=dba912c0-e841-4225-ab88-8ba2612661e2"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3119648/; classtype:trojan-activity;sid:83982748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118728)"; flow:established,from_client; content:"GET"; http_method; content:"/i5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118728/; classtype:trojan-activity;sid:83981828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118724)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118724/; classtype:trojan-activity;sid:83981824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118726)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118726/; classtype:trojan-activity;sid:83981826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118727)"; flow:established,from_client; content:"GET"; http_method; content:"/i6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118727/; classtype:trojan-activity;sid:83981827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118690)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/cn/351.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.3.243.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118690/; classtype:trojan-activity;sid:83981790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3115660)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3115660/; classtype:trojan-activity;sid:83978760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114844/; classtype:trojan-activity;sid:83977944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114845)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114845/; classtype:trojan-activity;sid:83977945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114776)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114776/; classtype:trojan-activity;sid:83977876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114775/; classtype:trojan-activity;sid:83977875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.29.120.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110861)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110861/; classtype:trojan-activity;sid:83973961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110511)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.250.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110511/; classtype:trojan-activity;sid:83973611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109981)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109981/; classtype:trojan-activity;sid:83973081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109982)"; flow:established,from_client; content:"GET"; http_method; content:"/in/204.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109982/; classtype:trojan-activity;sid:83973082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109980)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109980/; classtype:trojan-activity;sid:83973080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/version.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108492)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108492/; classtype:trojan-activity;sid:83971592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108491)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108491/; classtype:trojan-activity;sid:83971591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106558)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http:/154.216.19.139/bins/mirai.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106558/; classtype:trojan-activity;sid:83969658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_move.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/backdoor.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103500)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.165.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103500/; classtype:trojan-activity;sid:83966600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103490)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.165.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103490/; classtype:trojan-activity;sid:83966590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103489/; classtype:trojan-activity;sid:83966589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103482)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.255.218.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103482/; classtype:trojan-activity;sid:83966582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103467/; classtype:trojan-activity;sid:83966567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100465)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/data.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k1gkl25as.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100465/; classtype:trojan-activity;sid:83963565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100466)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/data.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k1gkl25as.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100466/; classtype:trojan-activity;sid:83963566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100103)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100103/; classtype:trojan-activity;sid:83963203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100102)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100102/; classtype:trojan-activity;sid:83963202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100100)"; flow:established,from_client; content:"GET"; http_method; content:"/ggwsupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100100/; classtype:trojan-activity;sid:83963200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; content:"GET"; http_method; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094790)"; flow:established,from_client; content:"GET"; http_method; content:"/latest.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.9.35.70"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094790/; classtype:trojan-activity;sid:83957890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093388)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093388/; classtype:trojan-activity;sid:83956488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093191)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.243.175.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093191/; classtype:trojan-activity;sid:83956291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093125)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.55.250.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093125/; classtype:trojan-activity;sid:83956225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092809)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rme3ibrb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092809/; classtype:trojan-activity;sid:83955909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092807)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a9he0f3w"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092807/; classtype:trojan-activity;sid:83955907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088913)"; flow:established,from_client; content:"GET"; http_method; content:"/%5bwww.ghxi.com%5d%e7%93%9c%e5%ad%90%e5%bd%b1%e8%a7%86v2_v1.9.1.1.apk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088913/; classtype:trojan-activity;sid:83952013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%88%91%e7%9a%84%e7%94%b5%e8%a7%86tv-v2.1.8-%e5%85%8d%e8%b4%b9%e7%ba%af%e5%87%80%e7%89%88.apk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088911/; classtype:trojan-activity;sid:83952011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086848)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tb/tb.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086848/; classtype:trojan-activity;sid:83949948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086847)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jf/jf.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086847/; classtype:trojan-activity;sid:83949947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083844)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083844/; classtype:trojan-activity;sid:83946944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; content:"GET"; http_method; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072970)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/main/ref_ba0929399122_pdf.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072970/; classtype:trojan-activity;sid:83936070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072971)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/raw/main/ref_ba0929399122_pdf.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072971/; classtype:trojan-activity;sid:83936071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063290/; classtype:trojan-activity;sid:83926390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058866)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2023-36874.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058866/; classtype:trojan-activity;sid:83921966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058862)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058862/; classtype:trojan-activity;sid:83921962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058863)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058863/; classtype:trojan-activity;sid:83921963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058864)"; flow:established,from_client; content:"GET"; http_method; content:"/b64"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058864/; classtype:trojan-activity;sid:83921964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052707/; classtype:trojan-activity;sid:83915807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052415/; classtype:trojan-activity;sid:83915515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052412/; classtype:trojan-activity;sid:83915512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052413/; classtype:trojan-activity;sid:83915513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052414/; classtype:trojan-activity;sid:83915514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052395/; classtype:trojan-activity;sid:83915495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052400/; classtype:trojan-activity;sid:83915500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052392/; classtype:trojan-activity;sid:83915492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052393/; classtype:trojan-activity;sid:83915493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052394/; classtype:trojan-activity;sid:83915494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968688)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968688/; classtype:trojan-activity;sid:83831788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/12.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/22.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949406/; classtype:trojan-activity;sid:83812506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947795/; classtype:trojan-activity;sid:83810895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947781)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/cache/js/s1/kolibri_corppro/kernel_main/kernel_main_v1.js"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"vodomer-service.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947781/; classtype:trojan-activity;sid:83810881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942727)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942727/; classtype:trojan-activity;sid:83805827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/123.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; content:"GET"; http_method; content:"/445.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912423)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssl.ftp21.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912423/; classtype:trojan-activity;sid:83775523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911222)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.3.78.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911222/; classtype:trojan-activity;sid:83774322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911196)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78-20-115-5.access.telenet.be"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911196/; classtype:trojan-activity;sid:83774296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911190)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.20.115.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911190/; classtype:trojan-activity;sid:83774290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.22.139.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911157)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.157.110.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911157/; classtype:trojan-activity;sid:83774257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911160)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911160/; classtype:trojan-activity;sid:83774260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.186.91.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911126/; classtype:trojan-activity;sid:83774226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83-87-76-41.cable.dynamic.v4.ziggo.nl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911119/; classtype:trojan-activity;sid:83774219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911118)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911118/; classtype:trojan-activity;sid:83774218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.118.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.72.167.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.142.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906195)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906195/; classtype:trojan-activity;sid:83769295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905145)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905145/; classtype:trojan-activity;sid:83768245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905125)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905125/; classtype:trojan-activity;sid:83768225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905115)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905115/; classtype:trojan-activity;sid:83768215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900550/; classtype:trojan-activity;sid:83763650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900548/; classtype:trojan-activity;sid:83763648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898814)"; flow:established,from_client; content:"GET"; http_method; content:"/fury-os/fury_kms/releases/download/v.1.6.0/furykms_v.1.6.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898814/; classtype:trojan-activity;sid:83761914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897332/; classtype:trojan-activity;sid:83760432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2892223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2892223/; classtype:trojan-activity;sid:83755323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891702)"; flow:established,from_client; content:"GET"; http_method; content:"/u/software/%e6%89%93%e5%8d%b0%e4%bb%bb%e5%8a%a1%e6%b8%85%e9%99%a4%e5%99%a8.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"183.166.57.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891702/; classtype:trojan-activity;sid:83754802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888476)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.175.183.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888476/; classtype:trojan-activity;sid:83751576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888459)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.27.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888459/; classtype:trojan-activity;sid:83751559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888438)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888438/; classtype:trojan-activity;sid:83751538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.157.17.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883947/; classtype:trojan-activity;sid:83747047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877319)"; flow:established,from_client; content:"GET"; http_method; content:"/slade107.psm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877319/; classtype:trojan-activity;sid:83740419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875871)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875871/; classtype:trojan-activity;sid:83738971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874516)"; flow:established,from_client; content:"GET"; http_method; content:"/o.elf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"reusable-flex.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874516/; classtype:trojan-activity;sid:83737616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874109)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p_knmkidu8kiejeem_ijrlumbjih3bkv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874109/; classtype:trojan-activity;sid:83737209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874102)"; flow:established,from_client; content:"GET"; http_method; content:"/walesboller.pcx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874102/; classtype:trojan-activity;sid:83737202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2873811/; classtype:trojan-activity;sid:83736911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870237)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cqtygpx9gdoywntprwub0xbckivif6iy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870237/; classtype:trojan-activity;sid:83733337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws_upload.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthbq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupload.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863342)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863342/; classtype:trojan-activity;sid:83726442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.19.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862520)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/varteyjw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862520/; classtype:trojan-activity;sid:83725620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/8gikly"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/medjl1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dy1f16"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/kx3wl4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/ppxodm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/e7opy8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/7dhid7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/tbfvpd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862046)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/6f2c5c"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862046/; classtype:trojan-activity;sid:83725146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/g2js91"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/lt00vw"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/i7tdbr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/3a9xj1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/wyg3h5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862016)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862016/; classtype:trojan-activity;sid:83725116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861978)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861978/; classtype:trojan-activity;sid:83725078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861979)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861979/; classtype:trojan-activity;sid:83725079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861962)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861962/; classtype:trojan-activity;sid:83725062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861956/; classtype:trojan-activity;sid:83725056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861957)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861957/; classtype:trojan-activity;sid:83725057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861951)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861951/; classtype:trojan-activity;sid:83725051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861932)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861932/; classtype:trojan-activity;sid:83725032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dvbcvt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/exw2o1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861854)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861854/; classtype:trojan-activity;sid:83724954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861837)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861837/; classtype:trojan-activity;sid:83724937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861824)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861824/; classtype:trojan-activity;sid:83724924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861818)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861818/; classtype:trojan-activity;sid:83724918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861791)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861791/; classtype:trojan-activity;sid:83724891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861778)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861778/; classtype:trojan-activity;sid:83724878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861769)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861769/; classtype:trojan-activity;sid:83724869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861760)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861760/; classtype:trojan-activity;sid:83724860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861761)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861761/; classtype:trojan-activity;sid:83724861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861722)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861722/; classtype:trojan-activity;sid:83724822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861726)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861726/; classtype:trojan-activity;sid:83724826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861699)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861699/; classtype:trojan-activity;sid:83724799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861700)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861700/; classtype:trojan-activity;sid:83724800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861682)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861682/; classtype:trojan-activity;sid:83724782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861689)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861689/; classtype:trojan-activity;sid:83724789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861666)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861666/; classtype:trojan-activity;sid:83724766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861661)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861661/; classtype:trojan-activity;sid:83724761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861644)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.29.231.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861644/; classtype:trojan-activity;sid:83724744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861641)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861641/; classtype:trojan-activity;sid:83724741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861628)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861628/; classtype:trojan-activity;sid:83724728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861626)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861626/; classtype:trojan-activity;sid:83724726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861620)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861620/; classtype:trojan-activity;sid:83724720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861603)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861603/; classtype:trojan-activity;sid:83724703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861606)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861606/; classtype:trojan-activity;sid:83724706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861610)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861610/; classtype:trojan-activity;sid:83724710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861577)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861577/; classtype:trojan-activity;sid:83724677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861554)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861554/; classtype:trojan-activity;sid:83724654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859511)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859511/; classtype:trojan-activity;sid:83722611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.29.231.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857898/; classtype:trojan-activity;sid:83720998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857868/; classtype:trojan-activity;sid:83720968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857866)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857866/; classtype:trojan-activity;sid:83720966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857820)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857820/; classtype:trojan-activity;sid:83720920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857821/; classtype:trojan-activity;sid:83720921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857773)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857773/; classtype:trojan-activity;sid:83720873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857708)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857708/; classtype:trojan-activity;sid:83720808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857704/; classtype:trojan-activity;sid:83720804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857699/; classtype:trojan-activity;sid:83720799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857689/; classtype:trojan-activity;sid:83720789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857654/; classtype:trojan-activity;sid:83720754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857626)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857626/; classtype:trojan-activity;sid:83720726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857590/; classtype:trojan-activity;sid:83720690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857561)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857561/; classtype:trojan-activity;sid:83720661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857521)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.129.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857521/; classtype:trojan-activity;sid:83720621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857496/; classtype:trojan-activity;sid:83720596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857493/; classtype:trojan-activity;sid:83720593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857481)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857481/; classtype:trojan-activity;sid:83720581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857444)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857444/; classtype:trojan-activity;sid:83720544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857459)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.65.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857459/; classtype:trojan-activity;sid:83720559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.238.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857437/; classtype:trojan-activity;sid:83720537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2856551)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2856551/; classtype:trojan-activity;sid:83719651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.30.12.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2852772/; classtype:trojan-activity;sid:83715872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852301)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mzon8jro4iemie6erfw5o3w-0tnwxnlz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2852301/; classtype:trojan-activity;sid:83715401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850173)"; flow:established,from_client; content:"GET"; http_method; content:"/990_ota.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"59.59.6.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_14; reference:url, urlhaus.abuse.ch/url/2850173/; classtype:trojan-activity;sid:83713273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2846768)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/css/setup.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zenglobalenerji.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_11; reference:url, urlhaus.abuse.ch/url/2846768/; classtype:trojan-activity;sid:83709868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843557)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/is2kceh3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843557/; classtype:trojan-activity;sid:83706657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842724/; classtype:trojan-activity;sid:83705824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842722)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842722/; classtype:trojan-activity;sid:83705822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842723)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842723/; classtype:trojan-activity;sid:83705823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842657)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.16.100.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842657/; classtype:trojan-activity;sid:83705757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842081)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.205.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842081/; classtype:trojan-activity;sid:83705181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842029)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842029/; classtype:trojan-activity;sid:83705129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842030/; classtype:trojan-activity;sid:83705130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842033)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842033/; classtype:trojan-activity;sid:83705133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842010)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842010/; classtype:trojan-activity;sid:83705110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842007/; classtype:trojan-activity;sid:83705107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841990)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.231.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841990/; classtype:trojan-activity;sid:83705090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841973)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.93.196.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841973/; classtype:trojan-activity;sid:83705073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841954/; classtype:trojan-activity;sid:83705054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.9.14.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841942/; classtype:trojan-activity;sid:83705042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841932/; classtype:trojan-activity;sid:83705032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841683/; classtype:trojan-activity;sid:83704783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.65.80.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841684/; classtype:trojan-activity;sid:83704784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.112.83.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841680/; classtype:trojan-activity;sid:83704780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841656/; classtype:trojan-activity;sid:83704756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841624/; classtype:trojan-activity;sid:83704724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841613/; classtype:trojan-activity;sid:83704713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.83.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841614/; classtype:trojan-activity;sid:83704714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841604/; classtype:trojan-activity;sid:83704704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841608/; classtype:trojan-activity;sid:83704708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841586/; classtype:trojan-activity;sid:83704686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837354)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.83.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837354/; classtype:trojan-activity;sid:83700454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; content:"GET"; http_method; content:"/ag_injector_latest.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.aginjector.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834459)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.76.122.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834459/; classtype:trojan-activity;sid:83697559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828325)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"antvietnam.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828325/; classtype:trojan-activity;sid:83691425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"yahyacarpet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827204/; classtype:trojan-activity;sid:83690304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827195)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"antvietnam.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827195/; classtype:trojan-activity;sid:83690295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827181)"; flow:established,from_client; content:"GET"; http_method; content:"/projects/visioncrystal/wp-content/plugins/user-private-files/shared/"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"www.websitedesigningindia.biz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827181/; classtype:trojan-activity;sid:83690281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; content:"GET"; http_method; content:"/y-steamworks.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.50.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822891)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822891/; classtype:trojan-activity;sid:83685991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822873)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822873/; classtype:trojan-activity;sid:83685973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822830)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822830/; classtype:trojan-activity;sid:83685930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822740)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822740/; classtype:trojan-activity;sid:83685840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822718)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.205.90.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822718/; classtype:trojan-activity;sid:83685818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822698/; classtype:trojan-activity;sid:83685798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822684)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822684/; classtype:trojan-activity;sid:83685784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822657)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822657/; classtype:trojan-activity;sid:83685757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822601)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822601/; classtype:trojan-activity;sid:83685701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822606)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822606/; classtype:trojan-activity;sid:83685706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822596)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822596/; classtype:trojan-activity;sid:83685696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822496)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.33.114.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822496/; classtype:trojan-activity;sid:83685596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822467)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822467/; classtype:trojan-activity;sid:83685567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822477/; classtype:trojan-activity;sid:83685577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822457)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.28.86.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822457/; classtype:trojan-activity;sid:83685557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822451)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822451/; classtype:trojan-activity;sid:83685551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822426/; classtype:trojan-activity;sid:83685526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822410)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"149.255.10.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822410/; classtype:trojan-activity;sid:83685510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822386)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.18.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822386/; classtype:trojan-activity;sid:83685486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822373)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.97.190.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822373/; classtype:trojan-activity;sid:83685473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822374)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822374/; classtype:trojan-activity;sid:83685474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822367)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822367/; classtype:trojan-activity;sid:83685467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822363)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822363/; classtype:trojan-activity;sid:83685463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822328)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.18.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822328/; classtype:trojan-activity;sid:83685428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822316/; classtype:trojan-activity;sid:83685416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822303)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822303/; classtype:trojan-activity;sid:83685403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822304/; classtype:trojan-activity;sid:83685404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822308)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822308/; classtype:trojan-activity;sid:83685408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822281)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.202.63.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822281/; classtype:trojan-activity;sid:83685381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822261)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.54.237.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822261/; classtype:trojan-activity;sid:83685361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822244/; classtype:trojan-activity;sid:83685344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822228)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822228/; classtype:trojan-activity;sid:83685328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822217)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822217/; classtype:trojan-activity;sid:83685317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822186)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.168.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822186/; classtype:trojan-activity;sid:83685286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822181/; classtype:trojan-activity;sid:83685281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822163)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822163/; classtype:trojan-activity;sid:83685263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822153)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822153/; classtype:trojan-activity;sid:83685253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822140/; classtype:trojan-activity;sid:83685240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822101)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822101/; classtype:trojan-activity;sid:83685201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822098/; classtype:trojan-activity;sid:83685198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822070)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.26.180.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822070/; classtype:trojan-activity;sid:83685170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822024)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822024/; classtype:trojan-activity;sid:83685124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821967)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.73.75.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821967/; classtype:trojan-activity;sid:83685067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821970)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821970/; classtype:trojan-activity;sid:83685070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821963/; classtype:trojan-activity;sid:83685063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821944)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821944/; classtype:trojan-activity;sid:83685044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821924)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821924/; classtype:trojan-activity;sid:83685024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821925)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821925/; classtype:trojan-activity;sid:83685025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821911)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821911/; classtype:trojan-activity;sid:83685011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821863/; classtype:trojan-activity;sid:83684963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821838/; classtype:trojan-activity;sid:83684938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.18.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821807/; classtype:trojan-activity;sid:83684907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821803/; classtype:trojan-activity;sid:83684903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821777/; classtype:trojan-activity;sid:83684877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.126.195.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821744/; classtype:trojan-activity;sid:83684844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.33.114.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821733/; classtype:trojan-activity;sid:83684833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821723/; classtype:trojan-activity;sid:83684823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.255.10.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821718/; classtype:trojan-activity;sid:83684818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821683/; classtype:trojan-activity;sid:83684783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821687/; classtype:trojan-activity;sid:83684787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821689/; classtype:trojan-activity;sid:83684789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821636/; classtype:trojan-activity;sid:83684736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821622/; classtype:trojan-activity;sid:83684722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820656/; classtype:trojan-activity;sid:83683756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820623)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/esa0xclp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820623/; classtype:trojan-activity;sid:83683723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818967/; classtype:trojan-activity;sid:83682067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818977/; classtype:trojan-activity;sid:83682077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.78.185.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818961/; classtype:trojan-activity;sid:83682061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818917/; classtype:trojan-activity;sid:83682017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.94.9.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818867/; classtype:trojan-activity;sid:83681967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818853/; classtype:trojan-activity;sid:83681953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.52.94.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818837/; classtype:trojan-activity;sid:83681937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818832/; classtype:trojan-activity;sid:83681932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818826/; classtype:trojan-activity;sid:83681926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814157)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/full-nelson.c"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vulnfactory.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814157/; classtype:trojan-activity;sid:83677257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814128/; classtype:trojan-activity;sid:83677228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.72.199.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813791/; classtype:trojan-activity;sid:83676891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813143/; classtype:trojan-activity;sid:83676243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813132/; classtype:trojan-activity;sid:83676232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813125/; classtype:trojan-activity;sid:83676225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813106/; classtype:trojan-activity;sid:83676206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.67.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813092/; classtype:trojan-activity;sid:83676192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813081/; classtype:trojan-activity;sid:83676181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813049/; classtype:trojan-activity;sid:83676149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813052/; classtype:trojan-activity;sid:83676152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.239.105.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809231/; classtype:trojan-activity;sid:83672331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809208/; classtype:trojan-activity;sid:83672308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.202.63.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809199/; classtype:trojan-activity;sid:83672299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809171/; classtype:trojan-activity;sid:83672271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809115/; classtype:trojan-activity;sid:83672215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809117/; classtype:trojan-activity;sid:83672217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809091/; classtype:trojan-activity;sid:83672191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809010/; classtype:trojan-activity;sid:83672110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808985/; classtype:trojan-activity;sid:83672085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.61.246.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808980/; classtype:trojan-activity;sid:83672080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.174.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.170.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808958/; classtype:trojan-activity;sid:83672058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808951/; classtype:trojan-activity;sid:83672051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808929/; classtype:trojan-activity;sid:83672029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.108.106.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808938/; classtype:trojan-activity;sid:83672038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.97.190.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808903/; classtype:trojan-activity;sid:83672003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808882/; classtype:trojan-activity;sid:83671982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.16.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808873/; classtype:trojan-activity;sid:83671973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.21.120.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808871/; classtype:trojan-activity;sid:83671971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808836/; classtype:trojan-activity;sid:83671936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808814/; classtype:trojan-activity;sid:83671914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.170.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808787/; classtype:trojan-activity;sid:83671887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.114.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808740/; classtype:trojan-activity;sid:83671840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808713/; classtype:trojan-activity;sid:83671813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808715/; classtype:trojan-activity;sid:83671815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808630/; classtype:trojan-activity;sid:83671730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.205.90.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808525/; classtype:trojan-activity;sid:83671625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808502/; classtype:trojan-activity;sid:83671602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808462/; classtype:trojan-activity;sid:83671562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808445/; classtype:trojan-activity;sid:83671545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.187.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808399/; classtype:trojan-activity;sid:83671499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.245.131.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808385/; classtype:trojan-activity;sid:83671485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808286)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808286/; classtype:trojan-activity;sid:83671386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808232)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808232/; classtype:trojan-activity;sid:83671332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808225)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808225/; classtype:trojan-activity;sid:83671325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808222/; classtype:trojan-activity;sid:83671322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808160/; classtype:trojan-activity;sid:83671260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808161/; classtype:trojan-activity;sid:83671261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799350)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dkj56fnkcbsf3inlqszzm7vpvq3dmdl5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799350/; classtype:trojan-activity;sid:83662450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798324)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798324/; classtype:trojan-activity;sid:83661424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795045)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"metrics.gocloudmaps.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795045/; classtype:trojan-activity;sid:83658145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2791440)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.187.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_24; reference:url, urlhaus.abuse.ch/url/2791440/; classtype:trojan-activity;sid:83654540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789249)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1aygcpsnow8esde5bkkuaj0bygkowvttd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789249/; classtype:trojan-activity;sid:83652349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787399)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1stvkjdfiwxw79oezmc62wzmjjaeftyze"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787399/; classtype:trojan-activity;sid:83650499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.101.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780273)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ge6chcvywbep4kgx_odpxtvfi3vj-zwy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780273/; classtype:trojan-activity;sid:83643373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"oys0ro.static.otenet.gr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776130)"; flow:established,from_client; content:"GET"; http_method; content:"//pcs/click|3f|adurl=//bamautzky.de/red.php"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776130/; classtype:trojan-activity;sid:83639230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/met111.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769195/; classtype:trojan-activity;sid:83632295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769165/; classtype:trojan-activity;sid:83632265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765616)"; flow:established,from_client; content:"GET"; http_method; content:"/css/down.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"computersupportexperts.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765616/; classtype:trojan-activity;sid:83628716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765602)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f||7c|26|7c|adurl=https://patricstoremegans2.com/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765602/; classtype:trojan-activity;sid:83628702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_default.bmp"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2761815)"; flow:established,from_client; content:"GET"; http_method; content:"/dt9.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"delp-heizungsbau.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_02_15; reference:url, urlhaus.abuse.ch/url/2761815/; classtype:trojan-activity;sid:83624915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; content:"GET"; http_method; content:"/mobileanjian.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.6.5.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751573)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//higreens.co.in"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751573/; classtype:trojan-activity;sid:83614673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751543)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//kavyasourcing.com/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751543/; classtype:trojan-activity;sid:83614643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751237)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://cliffg.me"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751237/; classtype:trojan-activity;sid:83614337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751171)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://streammobs.com/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751171/; classtype:trojan-activity;sid:83614271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749355)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://redeamazoniaazul.org/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749355/; classtype:trojan-activity;sid:83612455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749356)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.jd-forever.com/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749356/; classtype:trojan-activity;sid:83612456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749357)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//old.umcl.us/"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749357/; classtype:trojan-activity;sid:83612457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749182)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://wegrowcoaching.com/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749182/; classtype:trojan-activity;sid:83612282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749177)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://dongyu.us/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749177/; classtype:trojan-activity;sid:83612277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv5qahzp_toxgct3ezfvvy4q3a5vvh6s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748349/; classtype:trojan-activity;sid:83611449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747896)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//vaibhavtripathi.in"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747896/; classtype:trojan-activity;sid:83610996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747890)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//procuratio.nu/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747890/; classtype:trojan-activity;sid:83610990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747433)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zpmmtvzq"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_08; reference:url, urlhaus.abuse.ch/url/2747433/; classtype:trojan-activity;sid:83610533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746751)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/avmezmcr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_05; reference:url, urlhaus.abuse.ch/url/2746751/; classtype:trojan-activity;sid:83609851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746285)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v7jxrycp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746285/; classtype:trojan-activity;sid:83609385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742817)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://synergyconsulting.us"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742817/; classtype:trojan-activity;sid:83605917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742524)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.deltabehavioralhealth.org/"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742524/; classtype:trojan-activity;sid:83605624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740202)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//balkarsoftware.cubistech.com"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740202/; classtype:trojan-activity;sid:83603302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2738928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.5.6.69"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_12_08; reference:url, urlhaus.abuse.ch/url/2738928/; classtype:trojan-activity;sid:83602028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; content:"GET"; http_method; content:"/404"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.184.194.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733212)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//churchinmanila.org/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_20; reference:url, urlhaus.abuse.ch/url/2733212/; classtype:trojan-activity;sid:83596312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731428)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"muzzumilruheel.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_11_17; reference:url, urlhaus.abuse.ch/url/2731428/; classtype:trojan-activity;sid:83594528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731061)"; flow:established,from_client; content:"GET"; http_method; content:"/centro/index.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"spst.hqup.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_15; reference:url, urlhaus.abuse.ch/url/2731061/; classtype:trojan-activity;sid:83594161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729736)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://posicionamientonatural.es/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729736/; classtype:trojan-activity;sid:83592836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729405)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://namaacont.com/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729405/; classtype:trojan-activity;sid:83592505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728799)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wfwtp8qn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_07; reference:url, urlhaus.abuse.ch/url/2728799/; classtype:trojan-activity;sid:83591899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2727395)"; flow:established,from_client; content:"GET"; http_method; content:"/frankcastle2/0/main/0j"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_03; reference:url, urlhaus.abuse.ch/url/2727395/; classtype:trojan-activity;sid:83590495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722703)"; flow:established,from_client; content:"GET"; http_method; content:"/image.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ircftp.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_20; reference:url, urlhaus.abuse.ch/url/2722703/; classtype:trojan-activity;sid:83585803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.152.81.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_16; reference:url, urlhaus.abuse.ch/url/2720935/; classtype:trojan-activity;sid:83584035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713056)"; flow:established,from_client; content:"GET"; http_method; content:"/rter/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tanscarattorneys.co.tz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713056/; classtype:trojan-activity;sid:83576156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708874)"; flow:established,from_client; content:"GET"; http_method; content:"/readme.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"svirtual.sanviatorperu.edu.pe"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_01; reference:url, urlhaus.abuse.ch/url/2708874/; classtype:trojan-activity;sid:83571974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_08_13; reference:url, urlhaus.abuse.ch/url/2704162/; classtype:trojan-activity;sid:83567262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2702776)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scler.ttf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"scainseto.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_08_08; reference:url, urlhaus.abuse.ch/url/2702776/; classtype:trojan-activity;sid:83565876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2701777)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tm63vbgu"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_07; reference:url, urlhaus.abuse.ch/url/2701777/; classtype:trojan-activity;sid:83564877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2694556)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/plain-sunset-8e5d78/original/js.jpeg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2694556/; classtype:trojan-activity;sid:83557656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692699)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original/rump_img.jpeg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_30; reference:url, urlhaus.abuse.ch/url/2692699/; classtype:trojan-activity;sid:83555799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2688262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_23; reference:url, urlhaus.abuse.ch/url/2688262/; classtype:trojan-activity;sid:83551362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2686558)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jc80ycae"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_20; reference:url, urlhaus.abuse.ch/url/2686558/; classtype:trojan-activity;sid:83549658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2682035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.7.131.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_13; reference:url, urlhaus.abuse.ch/url/2682035/; classtype:trojan-activity;sid:83545135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632434)"; flow:established,from_client; content:"GET"; http_method; content:"/xqqsou.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632434/; classtype:trojan-activity;sid:83495534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632435)"; flow:established,from_client; content:"GET"; http_method; content:"/jshggkofqk.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632435/; classtype:trojan-activity;sid:83495535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2629977)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=t|7c|26|7c|id=145b1fbjtyee3w1rjsazo7hzcoiiaxzum|7c|26|7c|uuid=eb581596-9566-4a21-b3b6-e6909eb42ff6|7c|26|7c|at=akkf8vzrltviqrn7wljfjcwisgcc:1683793107077"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_05_11; reference:url, urlhaus.abuse.ch/url/2629977/; classtype:trojan-activity;sid:83493077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628190)"; flow:established,from_client; content:"GET"; http_method; content:"/neicpac.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628190/; classtype:trojan-activity;sid:83491290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628180)"; flow:established,from_client; content:"GET"; http_method; content:"/jtnhsefe.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628180/; classtype:trojan-activity;sid:83491280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628183)"; flow:established,from_client; content:"GET"; http_method; content:"/btwvkpvlg.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628183/; classtype:trojan-activity;sid:83491283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628184)"; flow:established,from_client; content:"GET"; http_method; content:"/pepbg.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628184/; classtype:trojan-activity;sid:83491284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628185)"; flow:established,from_client; content:"GET"; http_method; content:"/gkxcfiyk.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628185/; classtype:trojan-activity;sid:83491285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2622777)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1a5fq2ek"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_05_02; reference:url, urlhaus.abuse.ch/url/2622777/; classtype:trojan-activity;sid:83485877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617044)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617044/; classtype:trojan-activity;sid:83480144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617045)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617045/; classtype:trojan-activity;sid:83480145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617046)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617046/; classtype:trojan-activity;sid:83480146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617047)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617047/; classtype:trojan-activity;sid:83480147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617042)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617042/; classtype:trojan-activity;sid:83480142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617043)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617043/; classtype:trojan-activity;sid:83480143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615310)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615310/; classtype:trojan-activity;sid:83478410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615289)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.70.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615289/; classtype:trojan-activity;sid:83478389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.124.228.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615265/; classtype:trojan-activity;sid:83478365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2602547)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mdpqv8gx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_08; reference:url, urlhaus.abuse.ch/url/2602547/; classtype:trojan-activity;sid:83465647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2587598)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jtx57kpr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_27; reference:url, urlhaus.abuse.ch/url/2587598/; classtype:trojan-activity;sid:83450698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2582576)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.144.173.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_23; reference:url, urlhaus.abuse.ch/url/2582576/; classtype:trojan-activity;sid:83445676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2579753)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fu3d5tvi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_21; reference:url, urlhaus.abuse.ch/url/2579753/; classtype:trojan-activity;sid:83442853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573934)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4jusqzvd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573934/; classtype:trojan-activity;sid:83437034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572740)"; flow:established,from_client; content:"GET"; http_method; content:"/smed/smed.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dezino.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572740/; classtype:trojan-activity;sid:83435840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572493)"; flow:established,from_client; content:"GET"; http_method; content:"/nti/nti.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"shaderm.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572493/; classtype:trojan-activity;sid:83435593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571484)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571484/; classtype:trojan-activity;sid:83434584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571417)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571417/; classtype:trojan-activity;sid:83434517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571387)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571387/; classtype:trojan-activity;sid:83434487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571323)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571323/; classtype:trojan-activity;sid:83434423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571282)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571282/; classtype:trojan-activity;sid:83434382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571162)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571162/; classtype:trojan-activity;sid:83434262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571156)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571156/; classtype:trojan-activity;sid:83434256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571158)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"records.dennisign.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571158/; classtype:trojan-activity;sid:83434258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571152)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571152/; classtype:trojan-activity;sid:83434252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571135)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571135/; classtype:trojan-activity;sid:83434235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571127)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"techcusp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571127/; classtype:trojan-activity;sid:83434227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571043)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571043/; classtype:trojan-activity;sid:83434143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570909)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rpperformance.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570909/; classtype:trojan-activity;sid:83434009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570812)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bracell.latitude.net.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570812/; classtype:trojan-activity;sid:83433912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570745)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wonderkids-itsacademic.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570745/; classtype:trojan-activity;sid:83433845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570732)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570732/; classtype:trojan-activity;sid:83433832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570688)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570688/; classtype:trojan-activity;sid:83433788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570642)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570642/; classtype:trojan-activity;sid:83433742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570563)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"embedone.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570563/; classtype:trojan-activity;sid:83433663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570515)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570515/; classtype:trojan-activity;sid:83433615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570474)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570474/; classtype:trojan-activity;sid:83433574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568876)"; flow:established,from_client; content:"GET"; http_method; content:"/teev/teev.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nusatoyota.co.id"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568876/; classtype:trojan-activity;sid:83431976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568835)"; flow:established,from_client; content:"GET"; http_method; content:"/eo/eo.js"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rustamov.az"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568835/; classtype:trojan-activity;sid:83431935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568823)"; flow:established,from_client; content:"GET"; http_method; content:"/gcn/gcn.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spoar.org.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568823/; classtype:trojan-activity;sid:83431923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2561396)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/index.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"trungtambaohanhmaylanh.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_03_07; reference:url, urlhaus.abuse.ch/url/2561396/; classtype:trojan-activity;sid:83424496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2555339)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rn8tlx2e"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2555339/; classtype:trojan-activity;sid:83418439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2538213)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/images/gallery/credit%20alert.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"anapa-zarya.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_12; reference:url, urlhaus.abuse.ch/url/2538213/; classtype:trojan-activity;sid:83401313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2533240)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bztvxkzb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2533240/; classtype:trojan-activity;sid:83396340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2532808)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/index.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2532808/; classtype:trojan-activity;sid:83395908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2510643)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bn6ktvyl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_01_17; reference:url, urlhaus.abuse.ch/url/2510643/; classtype:trojan-activity;sid:83373743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2502405)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tgp9td9z"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_01_09; reference:url, urlhaus.abuse.ch/url/2502405/; classtype:trojan-activity;sid:83365505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2406761)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/wpoxoxqe2in4fju/doc7november00065.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_11_10; reference:url, urlhaus.abuse.ch/url/2406761/; classtype:trojan-activity;sid:83269861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403614)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uuja3km9"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403614/; classtype:trojan-activity;sid:83266714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fw/fw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2399181)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nrhtc20u"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_03; reference:url, urlhaus.abuse.ch/url/2399181/; classtype:trojan-activity;sid:83262281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2393391)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/block-supports/5.png"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"fullstacknir.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_11_01; reference:url, urlhaus.abuse.ch/url/2393391/; classtype:trojan-activity;sid:83256491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2388056)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j5nyvlbz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_10_27; reference:url, urlhaus.abuse.ch/url/2388056/; classtype:trojan-activity;sid:83251156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2350870)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/vfrixuukosr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_05; reference:url, urlhaus.abuse.ch/url/2350870/; classtype:trojan-activity;sid:83213970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2350871)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/frqolwwzjar"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_05; reference:url, urlhaus.abuse.ch/url/2350871/; classtype:trojan-activity;sid:83213971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2346004)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/zjqvxfqziug"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_03; reference:url, urlhaus.abuse.ch/url/2346004/; classtype:trojan-activity;sid:83209104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344776)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/jvtabqibosa"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344776/; classtype:trojan-activity;sid:83207876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344769)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/kuueqefqqhz"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344769/; classtype:trojan-activity;sid:83207869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344770)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/nzifvmlonlj"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344770/; classtype:trojan-activity;sid:83207870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344771)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/hsrdqwkmzlr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344771/; classtype:trojan-activity;sid:83207871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344772)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/udndlytpwdl"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344772/; classtype:trojan-activity;sid:83207872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344773)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/irvwgjjfsyc"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344773/; classtype:trojan-activity;sid:83207873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344774)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/zjqyppwjmbp"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344774/; classtype:trojan-activity;sid:83207874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344775)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/ztjemchbyhr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344775/; classtype:trojan-activity;sid:83207875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2314671)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8v775ivv"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_26; reference:url, urlhaus.abuse.ch/url/2314671/; classtype:trojan-activity;sid:83177771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2302899)"; flow:established,from_client; content:"GET"; http_method; content:"/janchuk/voidrat/raw/master/voidrat.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_14; reference:url, urlhaus.abuse.ch/url/2302899/; classtype:trojan-activity;sid:83165999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.201.176.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301947/; classtype:trojan-activity;sid:83165047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301795)"; flow:established,from_client; content:"GET"; http_method; content:"/buding.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.98.224.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301795/; classtype:trojan-activity;sid:83164895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2300014)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gxkzk3ds"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_12; reference:url, urlhaus.abuse.ch/url/2300014/; classtype:trojan-activity;sid:83163114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2283630)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.200.208.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_29; reference:url, urlhaus.abuse.ch/url/2283630/; classtype:trojan-activity;sid:83146730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276646)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ujztrvsh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276646/; classtype:trojan-activity;sid:83139746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276438)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/t53jemit"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276438/; classtype:trojan-activity;sid:83139538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276221)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jstt4bu3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_23; reference:url, urlhaus.abuse.ch/url/2276221/; classtype:trojan-activity;sid:83139321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2275035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.220.229.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_20; reference:url, urlhaus.abuse.ch/url/2275035/; classtype:trojan-activity;sid:83138135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273642)"; flow:established,from_client; content:"GET"; http_method; content:"/rv8i00aqhy9h.appspot.com/w/3cfyb8wwk0rbazs.html|3f|w=923512558645741636"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273642/; classtype:trojan-activity;sid:83136742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273644)"; flow:established,from_client; content:"GET"; http_method; content:"/zu084vpj5pi3.appspot.com/w/5wztrvywkg1nfh3.html|3f|0=26927131496308317"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273644/; classtype:trojan-activity;sid:83136744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273641)"; flow:established,from_client; content:"GET"; http_method; content:"/rv8i00aqhy9h.appspot.com/w/3cfyb8wwk0rbazs.html|3f|b=078869956064707140"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273641/; classtype:trojan-activity;sid:83136741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273631)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9i5j0gyv05.appspot.com/w/3hiwrrbg7kfgwix.html|3f|b=034842339434253164"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273631/; classtype:trojan-activity;sid:83136731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273635)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/frv9esc9c6itwcf.html|3f|0=338008105729275687"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273635/; classtype:trojan-activity;sid:83136735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273638)"; flow:established,from_client; content:"GET"; http_method; content:"/no9h3qe3ulhy.appspot.com/w/ovqlo2cstw8agi4.html|3f|0=949870842437428557"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273638/; classtype:trojan-activity;sid:83136738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273639)"; flow:established,from_client; content:"GET"; http_method; content:"/q08e1nunq6qw.appspot.com/w/iqc3wtjt5nwkwr2.html|3f|a=628281255891256139"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273639/; classtype:trojan-activity;sid:83136739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273620)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9i5j0gyv05.appspot.com/w/bceqtk5gdz1bi0o.html|3f|w=622601326319247024"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273620/; classtype:trojan-activity;sid:83136720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273622)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/kdjppmswkowyt08.html|3f|a=635327819844459660"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273622/; classtype:trojan-activity;sid:83136722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273624)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/kdjppmswkowyt08.html|3f|0=180530635864101112"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273624/; classtype:trojan-activity;sid:83136724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273625)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/7psfpp4zrf4stzt.html|3f|a=516444057951127042"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273625/; classtype:trojan-activity;sid:83136725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273602)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/rgtnon73qqparlt.html|3f|w=400667741549615496"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273602/; classtype:trojan-activity;sid:83136702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273606)"; flow:established,from_client; content:"GET"; http_method; content:"/pf4yttmpbcc1.appspot.com/w/l2vbukjpboaa0rp.html|3f|b=628132126654153176"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273606/; classtype:trojan-activity;sid:83136706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273601)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/pxj4b9pt3neodpl.html|3f|b=105291068911024790"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273601/; classtype:trojan-activity;sid:83136701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273600)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|0=686223453033719951"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273600/; classtype:trojan-activity;sid:83136700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273564)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/pxj4b9pt3neodpl.html|3f|a=798607223158637252"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273564/; classtype:trojan-activity;sid:83136664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273565)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/md9tu4xcfdj0vej.html|3f|w=075279633731175239"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273565/; classtype:trojan-activity;sid:83136665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273566)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/bowky7hf4zoq1yj.html|3f|b=461383376258417948"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273566/; classtype:trojan-activity;sid:83136666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273567)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/anqx16yjifb1cwa.html|3f|0=969703532910206739"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273567/; classtype:trojan-activity;sid:83136667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273569)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/j28wvecoagaougq.html|3f|w=803273432647646489"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273569/; classtype:trojan-activity;sid:83136669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273574)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|a=552325786310453352"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273574/; classtype:trojan-activity;sid:83136674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273575)"; flow:established,from_client; content:"GET"; http_method; content:"/by9sdoqaf4zo.appspot.com/w/faa0zxu52jz0fge.html|3f|0=778301933278021061"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273575/; classtype:trojan-activity;sid:83136675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273579)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|a=414671893653575055"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273579/; classtype:trojan-activity;sid:83136679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273580)"; flow:established,from_client; content:"GET"; http_method; content:"/e899w369ygfh.appspot.com/w/hm8qqu1yh2nhiuw.html|3f|0=850822877794596921"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273580/; classtype:trojan-activity;sid:83136680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273581)"; flow:established,from_client; content:"GET"; http_method; content:"/gewls1oaxiv8.appspot.com/w/k2gvfktvgwo6t7t.html|3f|0=500436606434401193"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273581/; classtype:trojan-activity;sid:83136681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273582)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/2b6lhcmpzq1rcwl.html|3f|0=292730885826958440"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273582/; classtype:trojan-activity;sid:83136682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273583)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/md9tu4xcfdj0vej.html|3f|b=351877166079332276"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273583/; classtype:trojan-activity;sid:83136683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273586)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/d5bpwq7evn1mfxz.html|3f|b=770321496534593005"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273586/; classtype:trojan-activity;sid:83136686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273588)"; flow:established,from_client; content:"GET"; http_method; content:"/c8qhff44bb7f.appspot.com/w/q5gro00vqf3ltx5.html|3f|a=334407029692307930"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273588/; classtype:trojan-activity;sid:83136688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273592)"; flow:established,from_client; content:"GET"; http_method; content:"/e899w369ygfh.appspot.com/w/c82wdsb4ehjf8rf.html|3f|0=051292546441672376"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273592/; classtype:trojan-activity;sid:83136692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273598)"; flow:established,from_client; content:"GET"; http_method; content:"/kjl51nnbkg8f.appspot.com/w/5m6qptmj0v66s7q.html|3f|0=327926918056836416"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273598/; classtype:trojan-activity;sid:83136698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273599)"; flow:established,from_client; content:"GET"; http_method; content:"/by9sdoqaf4zo.appspot.com/w/faa0zxu52jz0fge.html|3f|a=494789731176222112"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273599/; classtype:trojan-activity;sid:83136699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273560)"; flow:established,from_client; content:"GET"; http_method; content:"/kjl51nnbkg8f.appspot.com/w/i3hmewo60gwvumx.html|3f|b=841660865822302577"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273560/; classtype:trojan-activity;sid:83136660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273561)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/j28wvecoagaougq.html|3f|w=036663603374497270"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273561/; classtype:trojan-activity;sid:83136661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2267284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_06; reference:url, urlhaus.abuse.ch/url/2267284/; classtype:trojan-activity;sid:83130384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.181.0.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_07_17; reference:url, urlhaus.abuse.ch/url/2258280/; classtype:trojan-activity;sid:83121380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258131)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/e8kjpbmd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_17; reference:url, urlhaus.abuse.ch/url/2258131/; classtype:trojan-activity;sid:83121231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2257209)"; flow:established,from_client; content:"GET"; http_method; content:"/worker.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.236.161.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_14; reference:url, urlhaus.abuse.ch/url/2257209/; classtype:trojan-activity;sid:83120309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253550)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ib64cptx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_03; reference:url, urlhaus.abuse.ch/url/2253550/; classtype:trojan-activity;sid:83116650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253210)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rwrja2sz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_02; reference:url, urlhaus.abuse.ch/url/2253210/; classtype:trojan-activity;sid:83116310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250908)"; flow:established,from_client; content:"GET"; http_method; content:"/ema_kvcebm137.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mersped.mycpanel.rs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_27; reference:url, urlhaus.abuse.ch/url/2250908/; classtype:trojan-activity;sid:83114008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2241008)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ty045yct"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_16; reference:url, urlhaus.abuse.ch/url/2241008/; classtype:trojan-activity;sid:83104108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2240596)"; flow:established,from_client; content:"GET"; http_method; content:"/js/prototype/form.js"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.usaayurveda.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_16; reference:url, urlhaus.abuse.ch/url/2240596/; classtype:trojan-activity;sid:83103696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237175)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/cg100.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237175/; classtype:trojan-activity;sid:83100275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237174)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/benzmonster.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237174/; classtype:trojan-activity;sid:83100274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2236625)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_13; reference:url, urlhaus.abuse.ch/url/2236625/; classtype:trojan-activity;sid:83099725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2203081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.228.124.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_19; reference:url, urlhaus.abuse.ch/url/2203081/; classtype:trojan-activity;sid:83066181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2203003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.228.124.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_19; reference:url, urlhaus.abuse.ch/url/2203003/; classtype:trojan-activity;sid:83066103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2203009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.228.124.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_19; reference:url, urlhaus.abuse.ch/url/2203009/; classtype:trojan-activity;sid:83066109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2203010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.228.124.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_19; reference:url, urlhaus.abuse.ch/url/2203010/; classtype:trojan-activity;sid:83066110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; content:"GET"; http_method; content:"/crt/xe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pns.org.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2181579)"; flow:established,from_client; content:"GET"; http_method; content:"/par/wgwbjptyjp.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"siedpco.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_05_06; reference:url, urlhaus.abuse.ch/url/2181579/; classtype:trojan-activity;sid:83044679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2171312)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/ozrw36a2y1ch2cluzy/"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_29; reference:url, urlhaus.abuse.ch/url/2171312/; classtype:trojan-activity;sid:83034412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2148323)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5nnq0rbw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_04_14; reference:url, urlhaus.abuse.ch/url/2148323/; classtype:trojan-activity;sid:83011423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2135884)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/herrldgm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_04_07; reference:url, urlhaus.abuse.ch/url/2135884/; classtype:trojan-activity;sid:82998984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; content:"GET"; http_method; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120589)"; flow:established,from_client; content:"GET"; http_method; content:"/1/f48jppqimvyqqwd2jk3jvvpslx/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"hranenie.pereezd-24.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120589/; classtype:trojan-activity;sid:82983689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120590)"; flow:established,from_client; content:"GET"; http_method; content:"/1/f48jppqimvyqqwd2jk3jvvpslx/|3f|i=1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hranenie.pereezd-24.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120590/; classtype:trojan-activity;sid:82983690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119353)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/|3f|i=1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119353/; classtype:trojan-activity;sid:82982453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2114263)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/yjmqxmidki/a/hyehwggs.ps1"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trtmyanmar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2114263/; classtype:trojan-activity;sid:82977363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2098517)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/znbskzzj"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_03_15; reference:url, urlhaus.abuse.ch/url/2098517/; classtype:trojan-activity;sid:82961617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086600)"; flow:established,from_client; content:"GET"; http_method; content:"/logfiles/u2o/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.25.223.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086600/; classtype:trojan-activity;sid:82949700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2076705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_04; reference:url, urlhaus.abuse.ch/url/2076705/; classtype:trojan-activity;sid:82939805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2053942)"; flow:established,from_client; content:"GET"; http_method; content:"/zp-user/protected%20client.js"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"dreamwatchevent.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_02_22; reference:url, urlhaus.abuse.ch/url/2053942/; classtype:trojan-activity;sid:82917042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2044850)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3k52mzsw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_02_16; reference:url, urlhaus.abuse.ch/url/2044850/; classtype:trojan-activity;sid:82907950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2023010)"; flow:established,from_client; content:"GET"; http_method; content:"/srv/o7/km/jjxe8zgb.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"protherapycenter.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_02_02; reference:url, urlhaus.abuse.ch/url/2023010/; classtype:trojan-activity;sid:82886110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021785)"; flow:established,from_client; content:"GET"; http_method; content:"/hksweep/vendor/font-awesome/svgs/brands/subtraction.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"rxquickpay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021785/; classtype:trojan-activity;sid:82884885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021757)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/highlight.php"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021757/; classtype:trojan-activity;sid:82884857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021704)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/zany.php"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021704/; classtype:trojan-activity;sid:82884804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019306)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/woocommerce/includes/integrations/maxmind-geolocation/kinetic.php"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"takeout-app.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019306/; classtype:trojan-activity;sid:82882406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008138)"; flow:established,from_client; content:"GET"; http_method; content:"/squalid.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continentalgroup.net.in"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008138/; classtype:trojan-activity;sid:82871238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008130)"; flow:established,from_client; content:"GET"; http_method; content:"/development/public/uploads/images/categories/beirut.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008130/; classtype:trojan-activity;sid:82871230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008131)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"forms.saurashtrauniversity.edu"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008131/; classtype:trojan-activity;sid:82871231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2007115)"; flow:established,from_client; content:"GET"; http_method; content:"/nashi-klienty/b5sc/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"izocab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_26; reference:url, urlhaus.abuse.ch/url/2007115/; classtype:trojan-activity;sid:82870215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2000244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"153.152.44.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_23; reference:url, urlhaus.abuse.ch/url/2000244/; classtype:trojan-activity;sid:82863344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1986867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp_it22/test_zip2/loader_zip.js"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"5.8.18.7"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2022_01_18; reference:url, urlhaus.abuse.ch/url/1986867/; classtype:trojan-activity;sid:82849967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1917301)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/okxyj/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"fulltai.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_24; reference:url, urlhaus.abuse.ch/url/1917301/; classtype:trojan-activity;sid:82780401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1895334)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyseventeen/s.cmd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"150.60.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_18; reference:url, urlhaus.abuse.ch/url/1895334/; classtype:trojan-activity;sid:82758434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1892687)"; flow:established,from_client; content:"GET"; http_method; content:"/sphygmus.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_17; reference:url, urlhaus.abuse.ch/url/1892687/; classtype:trojan-activity;sid:82755787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891042)"; flow:established,from_client; content:"GET"; http_method; content:"/reactron.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891042/; classtype:trojan-activity;sid:82754142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891016)"; flow:established,from_client; content:"GET"; http_method; content:"/mausoleum.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891016/; classtype:trojan-activity;sid:82754116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890991)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/porto/less/js_composer/sneerly.php"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890991/; classtype:trojan-activity;sid:82754091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890984)"; flow:established,from_client; content:"GET"; http_method; content:"/unbaked.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chaparral.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890984/; classtype:trojan-activity;sid:82754084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890257)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/crypta.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reauthenticator.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890257/; classtype:trojan-activity;sid:82753357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888166)"; flow:established,from_client; content:"GET"; http_method; content:"/actionably.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888166/; classtype:trojan-activity;sid:82751266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888139)"; flow:established,from_client; content:"GET"; http_method; content:"/intermission.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888139/; classtype:trojan-activity;sid:82751239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888114)"; flow:established,from_client; content:"GET"; http_method; content:"/redesign.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888114/; classtype:trojan-activity;sid:82751214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888115)"; flow:established,from_client; content:"GET"; http_method; content:"/antienuretic.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888115/; classtype:trojan-activity;sid:82751215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888106)"; flow:established,from_client; content:"GET"; http_method; content:"/fizz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888106/; classtype:trojan-activity;sid:82751206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888086)"; flow:established,from_client; content:"GET"; http_method; content:"/designer.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888086/; classtype:trojan-activity;sid:82751186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888092)"; flow:established,from_client; content:"GET"; http_method; content:"/frustrating.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888092/; classtype:trojan-activity;sid:82751192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888081)"; flow:established,from_client; content:"GET"; http_method; content:"/conditioner.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888081/; classtype:trojan-activity;sid:82751181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888082)"; flow:established,from_client; content:"GET"; http_method; content:"/unthinkably.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888082/; classtype:trojan-activity;sid:82751182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888084)"; flow:established,from_client; content:"GET"; http_method; content:"/unexplainable.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888084/; classtype:trojan-activity;sid:82751184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888085)"; flow:established,from_client; content:"GET"; http_method; content:"/whiz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888085/; classtype:trojan-activity;sid:82751185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1861154)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_07; reference:url, urlhaus.abuse.ch/url/1861154/; classtype:trojan-activity;sid:82724254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1840623)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/t7scuzy/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"apple-service93.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1840623/; classtype:trojan-activity;sid:82703723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838307)"; flow:established,from_client; content:"GET"; http_method; content:"/snugly.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"georgemclaughlin.ca"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838307/; classtype:trojan-activity;sid:82701407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838267)"; flow:established,from_client; content:"GET"; http_method; content:"/scintillance.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"georgemclaughlin.ca"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838267/; classtype:trojan-activity;sid:82701367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838269)"; flow:established,from_client; content:"GET"; http_method; content:"/carver.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"georgemclaughlin.ca"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838269/; classtype:trojan-activity;sid:82701369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1809781)"; flow:established,from_client; content:"GET"; http_method; content:"/libraries/vendor/joomla/registry/src/format/pinafore.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ukguk71.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_23; reference:url, urlhaus.abuse.ch/url/1809781/; classtype:trojan-activity;sid:82672881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1778573)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c91fwnb0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_12; reference:url, urlhaus.abuse.ch/url/1778573/; classtype:trojan-activity;sid:82641673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1751625)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ywjkrwem"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_04; reference:url, urlhaus.abuse.ch/url/1751625/; classtype:trojan-activity;sid:82614725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743733)"; flow:established,from_client; content:"GET"; http_method; content:"/zoologies.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743733/; classtype:trojan-activity;sid:82606833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743713)"; flow:established,from_client; content:"GET"; http_method; content:"/whacked.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743713/; classtype:trojan-activity;sid:82606813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743673)"; flow:established,from_client; content:"GET"; http_method; content:"/comedian.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"takeout-app.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743673/; classtype:trojan-activity;sid:82606773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743660)"; flow:established,from_client; content:"GET"; http_method; content:"/unplug.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743660/; classtype:trojan-activity;sid:82606760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1728024)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/egenyqrk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_29; reference:url, urlhaus.abuse.ch/url/1728024/; classtype:trojan-activity;sid:82591124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1727038)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nwj3nqw2"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_29; reference:url, urlhaus.abuse.ch/url/1727038/; classtype:trojan-activity;sid:82590138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720728)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/fucking.php"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720728/; classtype:trojan-activity;sid:82583828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720508)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/chaperon.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720508/; classtype:trojan-activity;sid:82583608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1704978)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=04a3894062e7d373|7c|26|7c|resid=4a3894062e7d373%21192|7c|26|7c|authkey=ab7i1w77n6tsb3m"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_21; reference:url, urlhaus.abuse.ch/url/1704978/; classtype:trojan-activity;sid:82568078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1698617)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=75ea534baf13442d|7c|26|7c|resid=75ea534baf13442d%21128|7c|26|7c|authkey=akd4vmzywc14zgq|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_20; reference:url, urlhaus.abuse.ch/url/1698617/; classtype:trojan-activity;sid:82561717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1695302)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=07e7986a5bf9243c|7c|26|7c|resid=7e7986a5bf9243c%21490|7c|26|7c|authkey=abhawhbvtpoyc2a"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_19; reference:url, urlhaus.abuse.ch/url/1695302/; classtype:trojan-activity;sid:82558402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1681096)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/htylx0l1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_15; reference:url, urlhaus.abuse.ch/url/1681096/; classtype:trojan-activity;sid:82544196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1668138)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2a3tx7hd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_11; reference:url, urlhaus.abuse.ch/url/1668138/; classtype:trojan-activity;sid:82531238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658131)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=539bd593e9568c65|7c|26|7c|resid=539bd593e9568c65%21136|7c|26|7c|authkey=aepr2tr-q36tt8u|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658131/; classtype:trojan-activity;sid:82521231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641492)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/spell.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641492/; classtype:trojan-activity;sid:82504592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641460)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/stored.php"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641460/; classtype:trojan-activity;sid:82504560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1640507)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=2cc133e5e8e9b372|7c|26|7c|resid=2cc133e5e8e9b372%21113|7c|26|7c|authkey=agftuffxlpqkaz8|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1640507/; classtype:trojan-activity;sid:82503607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1638740)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xpmlg1s0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_21; reference:url, urlhaus.abuse.ch/url/1638740/; classtype:trojan-activity;sid:82501840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1638721)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3pqfze3c"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_21; reference:url, urlhaus.abuse.ch/url/1638721/; classtype:trojan-activity;sid:82501821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1616617)"; flow:established,from_client; content:"GET"; http_method; content:"/transponder.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"salonways.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_09_13; reference:url, urlhaus.abuse.ch/url/1616617/; classtype:trojan-activity;sid:82479717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1616608)"; flow:established,from_client; content:"GET"; http_method; content:"/quadruplicate.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"salonways.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_09_13; reference:url, urlhaus.abuse.ch/url/1616608/; classtype:trojan-activity;sid:82479708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1609238)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mjzm2uub"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_10; reference:url, urlhaus.abuse.ch/url/1609238/; classtype:trojan-activity;sid:82472338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1609225)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fhxehwzr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_10; reference:url, urlhaus.abuse.ch/url/1609225/; classtype:trojan-activity;sid:82472325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582138)"; flow:established,from_client; content:"GET"; http_method; content:"/coon.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582138/; classtype:trojan-activity;sid:82445238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582118)"; flow:established,from_client; content:"GET"; http_method; content:"/manly.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582118/; classtype:trojan-activity;sid:82445218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582106)"; flow:established,from_client; content:"GET"; http_method; content:"/lecher.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582106/; classtype:trojan-activity;sid:82445206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1569937)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2fvyxcn8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_08_27; reference:url, urlhaus.abuse.ch/url/1569937/; classtype:trojan-activity;sid:82433037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1566925)"; flow:established,from_client; content:"GET"; http_method; content:"/caucasian.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"takeout-app.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_26; reference:url, urlhaus.abuse.ch/url/1566925/; classtype:trojan-activity;sid:82430025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1566874)"; flow:established,from_client; content:"GET"; http_method; content:"/careless.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"takeout-app.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_26; reference:url, urlhaus.abuse.ch/url/1566874/; classtype:trojan-activity;sid:82429974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/safmanager/safman_setup.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.saf-oil.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503427)"; flow:established,from_client; content:"GET"; http_method; content:"/teachable.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503427/; classtype:trojan-activity;sid:82366527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503410)"; flow:established,from_client; content:"GET"; http_method; content:"/aggressive.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503410/; classtype:trojan-activity;sid:82366510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503377)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503377/; classtype:trojan-activity;sid:82366477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503368)"; flow:established,from_client; content:"GET"; http_method; content:"/anarchical.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503368/; classtype:trojan-activity;sid:82366468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503361)"; flow:established,from_client; content:"GET"; http_method; content:"/newborn.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503361/; classtype:trojan-activity;sid:82366461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503351)"; flow:established,from_client; content:"GET"; http_method; content:"/ruckus.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503351/; classtype:trojan-activity;sid:82366451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503338)"; flow:established,from_client; content:"GET"; http_method; content:"/unanswerable.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503338/; classtype:trojan-activity;sid:82366438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1473823)"; flow:established,from_client; content:"GET"; http_method; content:"/sweat.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_07_22; reference:url, urlhaus.abuse.ch/url/1473823/; classtype:trojan-activity;sid:82336923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1470181)"; flow:established,from_client; content:"GET"; http_method; content:"/power.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.106.250.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1470181/; classtype:trojan-activity;sid:82333281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1431282)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zn9ibvfw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_06; reference:url, urlhaus.abuse.ch/url/1431282/; classtype:trojan-activity;sid:82294382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1427360)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.83.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_07_05; reference:url, urlhaus.abuse.ch/url/1427360/; classtype:trojan-activity;sid:82290460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416935)"; flow:established,from_client; content:"GET"; http_method; content:"/multifunctional.php"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416935/; classtype:trojan-activity;sid:82280035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416925)"; flow:established,from_client; content:"GET"; http_method; content:"/livestock.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416925/; classtype:trojan-activity;sid:82280025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416914)"; flow:established,from_client; content:"GET"; http_method; content:"/steepness.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416914/; classtype:trojan-activity;sid:82280014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416690)"; flow:established,from_client; content:"GET"; http_method; content:"/anthropoid.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416690/; classtype:trojan-activity;sid:82279790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1416653)"; flow:established,from_client; content:"GET"; http_method; content:"/liniment.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"advansys.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_01; reference:url, urlhaus.abuse.ch/url/1416653/; classtype:trojan-activity;sid:82279753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371786)"; flow:established,from_client; content:"GET"; http_method; content:"/watercress.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371786/; classtype:trojan-activity;sid:82234886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371739)"; flow:established,from_client; content:"GET"; http_method; content:"/lining.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371739/; classtype:trojan-activity;sid:82234839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371719)"; flow:established,from_client; content:"GET"; http_method; content:"/scroungy.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371719/; classtype:trojan-activity;sid:82234819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369570)"; flow:established,from_client; content:"GET"; http_method; content:"/pinout.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369570/; classtype:trojan-activity;sid:82232670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369536)"; flow:established,from_client; content:"GET"; http_method; content:"/steeplechases.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369536/; classtype:trojan-activity;sid:82232636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369533)"; flow:established,from_client; content:"GET"; http_method; content:"/familial.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369533/; classtype:trojan-activity;sid:82232633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364815)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklight.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364815/; classtype:trojan-activity;sid:82227915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364597)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklightd.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364597/; classtype:trojan-activity;sid:82227697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350653)"; flow:established,from_client; content:"GET"; http_method; content:"/habitual.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350653/; classtype:trojan-activity;sid:82213753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350619)"; flow:established,from_client; content:"GET"; http_method; content:"/ruleless.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350619/; classtype:trojan-activity;sid:82213719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346907)"; flow:established,from_client; content:"GET"; http_method; content:"/toothy.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346907/; classtype:trojan-activity;sid:82210007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346883)"; flow:established,from_client; content:"GET"; http_method; content:"/unpunished.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346883/; classtype:trojan-activity;sid:82209983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346885)"; flow:established,from_client; content:"GET"; http_method; content:"/jordan.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346885/; classtype:trojan-activity;sid:82209985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346867)"; flow:established,from_client; content:"GET"; http_method; content:"/towbar.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.porvootransitioncare.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346867/; classtype:trojan-activity;sid:82209967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346869)"; flow:established,from_client; content:"GET"; http_method; content:"/arroyo.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.porvootransitioncare.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346869/; classtype:trojan-activity;sid:82209969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346871)"; flow:established,from_client; content:"GET"; http_method; content:"/defended.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346871/; classtype:trojan-activity;sid:82209971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1343291)"; flow:established,from_client; content:"GET"; http_method; content:"/diatribe.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.porvootransitioncare.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1343291/; classtype:trojan-activity;sid:82206391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1343292)"; flow:established,from_client; content:"GET"; http_method; content:"/tatter.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.porvootransitioncare.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1343292/; classtype:trojan-activity;sid:82206392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314584)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqofspqgo4lhe7xt4ky-gkjbc9rgwzgw9rksc_azpw2gotdlnhx9oxc_rgk1zz9mgxxwqoixey0eajp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314584/; classtype:trojan-activity;sid:82177684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314578)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vszvhw0lywviz_dpqozkdip0orjsf7411ucirwqegcgfxwqqb3nqpbn3d7orqqxnatypulra_ssggie/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314578/; classtype:trojan-activity;sid:82177678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314581)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr-asdhfa85lnhp1g6rll18x2htnflvy5zggxzrfveecvbhjiwaes9o9w3dn49od7lplixl3u59icjr/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314581/; classtype:trojan-activity;sid:82177681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314569)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqb__8qdiraoo-s_qrzkk8o_8brsuwaeje3ivcd5efhddlux4gw5otilj5ezfenwjzaha-zojj_7srj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314569/; classtype:trojan-activity;sid:82177669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314562)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqha4kutkvbpn1c9r1jolub-v1dyh36itza-2zhojxuluskoxk6iogpy8b8iscqqjskaf3wduc6oykt/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314562/; classtype:trojan-activity;sid:82177662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314563)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqm_l1o1djktv6pcfwixdz1gjaqrg26rpb3n3uqpk0jqvif91b_irdew7mo34hhhoffbjohoztlmdtp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314563/; classtype:trojan-activity;sid:82177663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314556)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrxkt9v4qcom-0wjceb6bexufgpr_vdebkc-kra8h7gutbblset1veguumqxs3npiv4qw-7_1kiy3jm/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314556/; classtype:trojan-activity;sid:82177656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314548)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vspnrqtfaftwpvbd8o61fbvozlhc3z0x8jy4glnji-v80xrxnlemgt89l5imnr_7kxst0gn9ydkjj0q/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314548/; classtype:trojan-activity;sid:82177648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314549)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsftpbjz498ict3ab9-tehopymacl8ygytkgufxpnwlfphfxyyh5jmfj_2llrrddsiu8vypu1ksvp5p/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314549/; classtype:trojan-activity;sid:82177649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314543)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vs1h7txewarzqve-jwxnwcgzibofoz58qrk8kerhmfz8mpippgfjeoijthgmm-tw7lwcipr8acup_ft/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314543/; classtype:trojan-activity;sid:82177643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314544)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr92cz6z4uh71ogqyzgn6vtdc54xoa0iovizmkmogvekyix648nysfipvt4qto6uvtrp9jsatoeuhk3/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314544/; classtype:trojan-activity;sid:82177644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314545)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtuc-a7s7ylxnfwqp8oxz6no5uwdmabudx-6glkwrnzjwqwgdtcpdvwp0x0l03qdarzrzonj_adevlw/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314545/; classtype:trojan-activity;sid:82177645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314534)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqe1vc-nlfenfgigyaugmmg1dq4l0-haikp9qxkacc32ig0xtg6go8lejdoogo0vfeoie4tcyy4_bn4/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314534/; classtype:trojan-activity;sid:82177634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314535)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsrvkllojuhzbqokettk0u2b1whglldp35-o1zgt_jlem2z2odwedj0z9sgtukvikdowcuan-0fj5wn/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314535/; classtype:trojan-activity;sid:82177635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314537)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqvbpr6y2jjnkxfpcwt9uv7pqycg6vdoowr-xnakhtl9ns4tk44rpa91em8usoc992uqyrpn6ucy5ep/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314537/; classtype:trojan-activity;sid:82177637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314526)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq8kqm4rsobvbpga8ncnzs-1xulwuezfri9x1ktowpiijctqe1uq0iged6iq7sa5zuhnh56egsebkoj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314526/; classtype:trojan-activity;sid:82177626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287391)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtecbrofm9hcrdmzz8g7ktneypnrpr1s7bvyoit3r8jd7rjanmysk9yyuhvzmdp3dmkd-xss7kpyffa/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287391/; classtype:trojan-activity;sid:82150491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287387)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt544w_wvxhvfskbx2zio7pht-jzhb1nvr7y1qhtxccjopcfxzhm1mottjhjsdudpgs9lfrjcqzoi8n/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287387/; classtype:trojan-activity;sid:82150487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287378)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtcfdv_0srlqbmtfzi6hivmikknsfqd5bubuem-s-mzpzfsva62zyncoy-phkzysuhuddl0yhlyajye/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287378/; classtype:trojan-activity;sid:82150478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287373)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrtnhy8ipm82egefg7zhukj5qwbit31-jlhdsxovff8rcefw2uhpndpuclv_ffrqqdjhxyxympj3ame/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287373/; classtype:trojan-activity;sid:82150473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287333)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt4iy9nlwuov8hsmpykbfkn1fh1ydp7ms8dudg2ldfjgxf8rumdtzgiw7ukoifo3ap-pb7ybzlcdfqi/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287333/; classtype:trojan-activity;sid:82150433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278913)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtyg409rjv4omi3oujyjsc6ajzflluuz37ofzbpjjihmrewoh2ehp2pwbfllgyy_yzqdrldwcaejvd5/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278913/; classtype:trojan-activity;sid:82142013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278910)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr1e4kzyqneoh2tjc5rh_unlfwjdo31gedrveg0wdyrprmm3yfdxjqxdvyy535adzu5p9m4mrvdau9v/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278910/; classtype:trojan-activity;sid:82142010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278905)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrvmutaxfc2ewkvy_l_cewfjwv4md_uadqlv4onmlyc0frnp7jod3ru93sm6y-tmoj0nrvbfylt739z/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278905/; classtype:trojan-activity;sid:82142005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278895)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtpholmraa4dir0lg8z5yhqljwbzp0qkypc3jax6d3l0hs6n23kpm2iqgccjvbvug5th443jjbzs2uv/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278895/; classtype:trojan-activity;sid:82141995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278896)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq6nr-yg49vldzzxliqvpupbajoss2nfxsnsk3khaixmvqydl20mxhttp-qa7mojkwa4osepa76nnbl/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278896/; classtype:trojan-activity;sid:82141996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278899)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqyowyoxata2couqa6uc3gwi59sq5maualr7yfmq6luzvtefqopogncbli8hx6vubkt2b65qerqhzy8/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278899/; classtype:trojan-activity;sid:82141999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278586)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j5fxvrf3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278586/; classtype:trojan-activity;sid:82141686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1265914)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_21; reference:url, urlhaus.abuse.ch/url/1265914/; classtype:trojan-activity;sid:82129014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1252888)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v1jcezvd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_18; reference:url, urlhaus.abuse.ch/url/1252888/; classtype:trojan-activity;sid:82115988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1252886)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gz3wxtar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_18; reference:url, urlhaus.abuse.ch/url/1252886/; classtype:trojan-activity;sid:82115986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1230008)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jnljbghz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1230008/; classtype:trojan-activity;sid:82093108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228819)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=140vkyfrfhbqkukc2hnw-gsvi5wjw6iyi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228819/; classtype:trojan-activity;sid:82091919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1223625)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/reqfy21x"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1223625/; classtype:trojan-activity;sid:82086725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1198558)"; flow:established,from_client; content:"GET"; http_method; content:"/view/59bmj3vj18vh2/drive/storage/a/files/download|3f|id=625899581658508733"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"sites.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1198558/; classtype:trojan-activity;sid:82061658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1138786)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_04_19; reference:url, urlhaus.abuse.ch/url/1138786/; classtype:trojan-activity;sid:82001886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1104248)"; flow:established,from_client; content:"GET"; http_method; content:"/z1/tlf_50_30_67_14.pdf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.236.147.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_08; reference:url, urlhaus.abuse.ch/url/1104248/; classtype:trojan-activity;sid:81967348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1104221)"; flow:established,from_client; content:"GET"; http_method; content:"/z1/etl_050_638_0247.pdf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"192.236.147.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_08; reference:url, urlhaus.abuse.ch/url/1104221/; classtype:trojan-activity;sid:81967321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1103573)"; flow:established,from_client; content:"GET"; http_method; content:"/z1/etl_050_60_47.pdf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"192.236.147.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_07; reference:url, urlhaus.abuse.ch/url/1103573/; classtype:trojan-activity;sid:81966673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1061608)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/nemesy13.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dl.packetstormsecurity.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2021_03_11; reference:url, urlhaus.abuse.ch/url/1061608/; classtype:trojan-activity;sid:81924708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040535)"; flow:established,from_client; content:"GET"; http_method; content:"/agha25.tar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spaceframe.mobi.space-frame.co.za"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040535/; classtype:trojan-activity;sid:81903635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1010244)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bew39lta"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1010244/; classtype:trojan-activity;sid:81873344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (984502)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g7vaue54"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_30; reference:url, urlhaus.abuse.ch/url/984502/; classtype:trojan-activity;sid:81847602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (961009)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/00aujclx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_14; reference:url, urlhaus.abuse.ch/url/961009/; classtype:trojan-activity;sid:81824109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; content:"GET"; http_method; content:"/u0eukz.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"abissnet.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (792747)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"23.254.228.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_11_06; reference:url, urlhaus.abuse.ch/url/792747/; classtype:trojan-activity;sid:81655847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (792160)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.x86"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"23.254.228.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_11_06; reference:url, urlhaus.abuse.ch/url/792160/; classtype:trojan-activity;sid:81655260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (788214)"; flow:established,from_client; content:"GET"; http_method; content:"/v2x2vexx.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yzkzixun.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_11_05; reference:url, urlhaus.abuse.ch/url/788214/; classtype:trojan-activity;sid:81651314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (765703)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/7cfvaaa9jo/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/765703/; classtype:trojan-activity;sid:81628803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (763354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hkhchyzdynzpebzcre0lq3l2ddjizwk4f7/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"xuezha.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/763354/; classtype:trojan-activity;sid:81626454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756747)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/rrrv7ilgm2dzpohaklkhewb8rkju15bmqeewccglap/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756747/; classtype:trojan-activity;sid:81619847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756736)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/4ld2g8w3rrmhtgvvvpeq2orlcqm71yyxveriw5rzitvii3/"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756736/; classtype:trojan-activity;sid:81619836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (733429)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/n/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gordon-and-son.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_22; reference:url, urlhaus.abuse.ch/url/733429/; classtype:trojan-activity;sid:81596529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (698460)"; flow:established,from_client; content:"GET"; http_method; content:"/content/inc/laljbjzxrefspp/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"gordon-and-son.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_15; reference:url, urlhaus.abuse.ch/url/698460/; classtype:trojan-activity;sid:81561560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658290)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658290/; classtype:trojan-activity;sid:81521390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658273)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658273/; classtype:trojan-activity;sid:81521373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658266)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658266/; classtype:trojan-activity;sid:81521366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658267)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658267/; classtype:trojan-activity;sid:81521367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658235)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658235/; classtype:trojan-activity;sid:81521335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658228)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658228/; classtype:trojan-activity;sid:81521328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658222)"; flow:established,from_client; content:"GET"; http_method; content:"/[cpu]"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658222/; classtype:trojan-activity;sid:81521322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658223)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.armv61"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658223/; classtype:trojan-activity;sid:81521323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (658224)"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_10_06; reference:url, urlhaus.abuse.ch/url/658224/; classtype:trojan-activity;sid:81521324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (613088)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_26; reference:url, urlhaus.abuse.ch/url/613088/; classtype:trojan-activity;sid:81476188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (610777)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/etrac/qqlox3lvjh/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_24; reference:url, urlhaus.abuse.ch/url/610777/; classtype:trojan-activity;sid:81473877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (593578)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/jquery/jquery.js"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"chuguadventures.co.tz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_09_22; reference:url, urlhaus.abuse.ch/url/593578/; classtype:trojan-activity;sid:81456678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (549365)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/549365/; classtype:trojan-activity;sid:81412465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453216)"; flow:established,from_client; content:"GET"; http_method; content:"/enteihacking/mt/master/asycivic.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453216/; classtype:trojan-activity;sid:81316316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453035)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g_x0a_gnyxai5glsipkq1b2mqknanuw8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453035/; classtype:trojan-activity;sid:81316135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (452177)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14muad9cmj6mxsd9lrccuo1egxyf5f-ty"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_03; reference:url, urlhaus.abuse.ch/url/452177/; classtype:trojan-activity;sid:81315277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (451466)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yrmkzxf4rmy9utrikbh6rgvsokehbmeo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_02; reference:url, urlhaus.abuse.ch/url/451466/; classtype:trojan-activity;sid:81314566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (447394)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sm7b9902i8v4yitepf6gzomqc84ltloi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_31; reference:url, urlhaus.abuse.ch/url/447394/; classtype:trojan-activity;sid:81310494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (446803)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gavcby-nhlq22ohbgm530exffsrg1aub"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_30; reference:url, urlhaus.abuse.ch/url/446803/; classtype:trojan-activity;sid:81309903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439853)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439853/; classtype:trojan-activity;sid:81302953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439852)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439852/; classtype:trojan-activity;sid:81302952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439850)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439850/; classtype:trojan-activity;sid:81302950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439846)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439846/; classtype:trojan-activity;sid:81302946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439845)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439845/; classtype:trojan-activity;sid:81302945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439844)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439844/; classtype:trojan-activity;sid:81302944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439843)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439843/; classtype:trojan-activity;sid:81302943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439842)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439842/; classtype:trojan-activity;sid:81302942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439841)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439841/; classtype:trojan-activity;sid:81302941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438357)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/maint/documentation/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438357/; classtype:trojan-activity;sid:81301457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438230)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/closed-disk/guarded-space/0870725-raadiviu/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"yongtai.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438230/; classtype:trojan-activity;sid:81301330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436557)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vctie/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"yongtai.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436557/; classtype:trojan-activity;sid:81299657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434311)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/xofsl/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434311/; classtype:trojan-activity;sid:81297411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (433042)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/documentation/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/433042/; classtype:trojan-activity;sid:81296142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432722)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/xofsl/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432722/; classtype:trojan-activity;sid:81295822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (430532)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cg1-70urc-761/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/430532/; classtype:trojan-activity;sid:81293632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429290)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/overview/sw94b26/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429290/; classtype:trojan-activity;sid:81292390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428089)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/8o4054361916emn7j49of5zb3bgzbw29zx/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428089/; classtype:trojan-activity;sid:81291189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427444)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/invoice/ujn3me8cye/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427444/; classtype:trojan-activity;sid:81290544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426310)"; flow:established,from_client; content:"GET"; http_method; content:"/covid19/statement/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"schenckel.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426310/; classtype:trojan-activity;sid:81289410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (424629)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kdgxnbhp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_05; reference:url, urlhaus.abuse.ch/url/424629/; classtype:trojan-activity;sid:81287729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/ly944myw/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hitstation.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (417815)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/znhs8f1m"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_22; reference:url, urlhaus.abuse.ch/url/417815/; classtype:trojan-activity;sid:81280915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (417814)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6xgqcgx8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_22; reference:url, urlhaus.abuse.ch/url/417814/; classtype:trojan-activity;sid:81280914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (412922)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-keys.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hotel-city.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_14; reference:url, urlhaus.abuse.ch/url/412922/; classtype:trojan-activity;sid:81276022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (410755)"; flow:established,from_client; content:"GET"; http_method; content:"/d35ha/processhide/master/bins/processhide32.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_10; reference:url, urlhaus.abuse.ch/url/410755/; classtype:trojan-activity;sid:81273855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (398898)"; flow:established,from_client; content:"GET"; http_method; content:"/viewpoint_support.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"support.viewpoint.fr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_06_18; reference:url, urlhaus.abuse.ch/url/398898/; classtype:trojan-activity;sid:81261998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394943/; classtype:trojan-activity;sid:81258043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394942/; classtype:trojan-activity;sid:81258042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394941/; classtype:trojan-activity;sid:81258041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394940/; classtype:trojan-activity;sid:81258040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394937/; classtype:trojan-activity;sid:81258037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394935/; classtype:trojan-activity;sid:81258035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394933/; classtype:trojan-activity;sid:81258033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394930/; classtype:trojan-activity;sid:81258030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394929)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394929/; classtype:trojan-activity;sid:81258029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394927/; classtype:trojan-activity;sid:81258027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (394921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/httpxop2prty.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_17; reference:url, urlhaus.abuse.ch/url/394921/; classtype:trojan-activity;sid:81258021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (393811)"; flow:established,from_client; content:"GET"; http_method; content:"/rkpxprior.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.236.146.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_16; reference:url, urlhaus.abuse.ch/url/393811/; classtype:trojan-activity;sid:81256911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390013)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1am1ztjjhswzwdbvue5tke5mbkwjud0w5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390013/; classtype:trojan-activity;sid:81253113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390009)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hd7ffgig6btbzuy2_2kds_t4u637qxjn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390009/; classtype:trojan-activity;sid:81253109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (374230)"; flow:established,from_client; content:"GET"; http_method; content:"/mmjbbs/673484/nqad_673484_01062020.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"xn--b1afiqif6c.xn--p1ai"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_06_02; reference:url, urlhaus.abuse.ch/url/374230/; classtype:trojan-activity;sid:81237330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (366549)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pyl4hq8sbp5qatm1zz9vmsze1cuy2uzw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_22; reference:url, urlhaus.abuse.ch/url/366549/; classtype:trojan-activity;sid:81229649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (355363)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1osjrfvjdy1vblk4fya98jp5jlnk7rutv|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_01; reference:url, urlhaus.abuse.ch/url/355363/; classtype:trojan-activity;sid:81218463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352013)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352013/; classtype:trojan-activity;sid:81215113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352012)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352012/; classtype:trojan-activity;sid:81215112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352011/; classtype:trojan-activity;sid:81215111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352010/; classtype:trojan-activity;sid:81215110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352009/; classtype:trojan-activity;sid:81215109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352008/; classtype:trojan-activity;sid:81215108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352007/; classtype:trojan-activity;sid:81215107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352006/; classtype:trojan-activity;sid:81215106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352005/; classtype:trojan-activity;sid:81215105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352004/; classtype:trojan-activity;sid:81215104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (352003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lotmot.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.174.197.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_04_27; reference:url, urlhaus.abuse.ch/url/352003/; classtype:trojan-activity;sid:81215103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (351490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nndvq_2_7doyyuqvcvwmory_4lyrplb7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_04_26; reference:url, urlhaus.abuse.ch/url/351490/; classtype:trojan-activity;sid:81214590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336481)"; flow:established,from_client; content:"GET"; http_method; content:"/fwdfvf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336481/; classtype:trojan-activity;sid:81199581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336460)"; flow:established,from_client; content:"GET"; http_method; content:"/vvglma"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336460/; classtype:trojan-activity;sid:81199560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336450)"; flow:established,from_client; content:"GET"; http_method; content:"/lnkfmx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336450/; classtype:trojan-activity;sid:81199550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336428)"; flow:established,from_client; content:"GET"; http_method; content:"/ajoomk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336428/; classtype:trojan-activity;sid:81199528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336366)"; flow:established,from_client; content:"GET"; http_method; content:"/razdzn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336366/; classtype:trojan-activity;sid:81199466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (336354)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.15.36.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_04_08; reference:url, urlhaus.abuse.ch/url/336354/; classtype:trojan-activity;sid:81199454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (326350)"; flow:established,from_client; content:"GET"; http_method; content:"/builds/offers/12.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"softcatalog.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_18; reference:url, urlhaus.abuse.ch/url/326350/; classtype:trojan-activity;sid:81189450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318947)"; flow:established,from_client; content:"GET"; http_method; content:"/bero1985/berotinypascal/e34bd4164f4b7c27e7cf667dffd9274d33d6dfbe/bin/btpc.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318947/; classtype:trojan-activity;sid:81182047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314465)"; flow:established,from_client; content:"GET"; http_method; content:"/fta.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314465/; classtype:trojan-activity;sid:81177565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314464)"; flow:established,from_client; content:"GET"; http_method; content:"/documeynt9897.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314464/; classtype:trojan-activity;sid:81177564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314463)"; flow:established,from_client; content:"GET"; http_method; content:"/fvs.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314463/; classtype:trojan-activity;sid:81177563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (308942)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-lm9-32/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_05; reference:url, urlhaus.abuse.ch/url/308942/; classtype:trojan-activity;sid:81172042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (306649)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/3waa9-ke38h-15/"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_03; reference:url, urlhaus.abuse.ch/url/306649/; classtype:trojan-activity;sid:81169749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (304070)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/file/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_31; reference:url, urlhaus.abuse.ch/url/304070/; classtype:trojan-activity;sid:81167170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (303582)"; flow:established,from_client; content:"GET"; http_method; content:"/com1/files/severstal_map.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"111101111.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_31; reference:url, urlhaus.abuse.ch/url/303582/; classtype:trojan-activity;sid:81166682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (302960)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/payment/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zapchast-gazkotel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_30; reference:url, urlhaus.abuse.ch/url/302960/; classtype:trojan-activity;sid:81166060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (299048)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/private_resource/interior_mgzeu_1nsltpydj/aqxdrigqe_e4k6usnwxrg/"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"www.xyffqh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_27; reference:url, urlhaus.abuse.ch/url/299048/; classtype:trojan-activity;sid:81162148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (288508)"; flow:established,from_client; content:"GET"; http_method; content:"/omlakdj17fkcjfsd/common_module/security_lkveb9o0tx_wd3lhz42yf1slt/tlcs2lwhd3vo_38wyy7/"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"owlcity.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_14; reference:url, urlhaus.abuse.ch/url/288508/; classtype:trojan-activity;sid:81151608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272267)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/closed_08597_xwbav/51578533_ixwt6qqxha0o_space/h7uvgaa_hfeywxam/"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"amuletweb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272267/; classtype:trojan-activity;sid:81135367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272221)"; flow:established,from_client; content:"GET"; http_method; content:"/about/lm/5oj0ss1de/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dezcom.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272221/; classtype:trojan-activity;sid:81135321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (267913)"; flow:established,from_client; content:"GET"; http_method; content:"/index_soubory/common_sector/external_area/61551354147_t4d0ky73jjywffgy/"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"oknoplastik.sk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_12_12; reference:url, urlhaus.abuse.ch/url/267913/; classtype:trojan-activity;sid:81131013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (267838)"; flow:established,from_client; content:"GET"; http_method; content:"/photoblog/lli9c05hrj/2bwx-901909-89178267-5c5xr-qfvwc/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"olingerphoto.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_12_12; reference:url, urlhaus.abuse.ch/url/267838/; classtype:trojan-activity;sid:81130938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254738)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723382710/9.915787746614242.jpg"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254738/; classtype:trojan-activity;sid:81117838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (250781)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cfvi8aejp75ekq0swtl31sx3jti/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.rbcfort.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_01; reference:url, urlhaus.abuse.ch/url/250781/; classtype:trojan-activity;sid:81113881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (247651)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/rd62/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.rbcfort.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_10_22; reference:url, urlhaus.abuse.ch/url/247651/; classtype:trojan-activity;sid:81110751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (244544)"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hx86"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"192.236.154.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_10_14; reference:url, urlhaus.abuse.ch/url/244544/; classtype:trojan-activity;sid:81107644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240568/; classtype:trojan-activity;sid:81103668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240426/; classtype:trojan-activity;sid:81103526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240123/; classtype:trojan-activity;sid:81103223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.170.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240096/; classtype:trojan-activity;sid:81103196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/239981/; classtype:trojan-activity;sid:81103081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238008/; classtype:trojan-activity;sid:81101108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (236532)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ouija.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_30; reference:url, urlhaus.abuse.ch/url/236532/; classtype:trojan-activity;sid:81099632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (236529)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ouija.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_30; reference:url, urlhaus.abuse.ch/url/236529/; classtype:trojan-activity;sid:81099629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (236527)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ouija.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_30; reference:url, urlhaus.abuse.ch/url/236527/; classtype:trojan-activity;sid:81099627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (236523)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ouija.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_30; reference:url, urlhaus.abuse.ch/url/236523/; classtype:trojan-activity;sid:81099623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (236519)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ouija.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_30; reference:url, urlhaus.abuse.ch/url/236519/; classtype:trojan-activity;sid:81099619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (236518)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ouija.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_30; reference:url, urlhaus.abuse.ch/url/236518/; classtype:trojan-activity;sid:81099618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (236513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ouija.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_30; reference:url, urlhaus.abuse.ch/url/236513/; classtype:trojan-activity;sid:81099613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (231932)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/poseidon/inc/customizer/functions/index.html"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"smeetspost.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_16; reference:url, urlhaus.abuse.ch/url/231932/; classtype:trojan-activity;sid:81095032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (227535)"; flow:established,from_client; content:"GET"; http_method; content:"/ouija_bins/ouija.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_28; reference:url, urlhaus.abuse.ch/url/227535/; classtype:trojan-activity;sid:81090635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (227532)"; flow:established,from_client; content:"GET"; http_method; content:"/ouija_bins/ouija.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_28; reference:url, urlhaus.abuse.ch/url/227532/; classtype:trojan-activity;sid:81090632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (227531)"; flow:established,from_client; content:"GET"; http_method; content:"/ouija_bins/ouija.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_28; reference:url, urlhaus.abuse.ch/url/227531/; classtype:trojan-activity;sid:81090631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (227528)"; flow:established,from_client; content:"GET"; http_method; content:"/ouija_bins/ouija.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_28; reference:url, urlhaus.abuse.ch/url/227528/; classtype:trojan-activity;sid:81090628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (227524)"; flow:established,from_client; content:"GET"; http_method; content:"/ouija_bins/ouija.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.11.193.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_28; reference:url, urlhaus.abuse.ch/url/227524/; classtype:trojan-activity;sid:81090624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (227362)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d418a4b9682b.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_27; reference:url, urlhaus.abuse.ch/url/227362/; classtype:trojan-activity;sid:81090462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (224805)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.7.01/fmt_01.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_15; reference:url, urlhaus.abuse.ch/url/224805/; classtype:trojan-activity;sid:81087905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222972)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5c8b08b37a426.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222972/; classtype:trojan-activity;sid:81086072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222463)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.31/mini_02.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_05; reference:url, urlhaus.abuse.ch/url/222463/; classtype:trojan-activity;sid:81085563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222263)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.konsor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222263/; classtype:trojan-activity;sid:81085363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222259)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"konsor.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222259/; classtype:trojan-activity;sid:81085359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222056)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/news/v1.0.7.31/news_01.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222056/; classtype:trojan-activity;sid:81085156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222054)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.31/mini_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222054/; classtype:trojan-activity;sid:81085154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/mini/v1.0.7.16/mini_04.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222026/; classtype:trojan-activity;sid:81085126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222010)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.7.31/fmt_02.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222010/; classtype:trojan-activity;sid:81085110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221599)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/news/v1.0.7.16/news_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221599/; classtype:trojan-activity;sid:81084699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221598)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/mini/v1.0.7.31/mini_04.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221598/; classtype:trojan-activity;sid:81084698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221595)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/news2/v1.0.7.31/news2_02.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221595/; classtype:trojan-activity;sid:81084695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220541)"; flow:established,from_client; content:"GET"; http_method; content:"/25072019_0963.xls"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_07_29; reference:url, urlhaus.abuse.ch/url/220541/; classtype:trojan-activity;sid:81083641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220223)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/news/v1.0.7.01/news_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_07_27; reference:url, urlhaus.abuse.ch/url/220223/; classtype:trojan-activity;sid:81083323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220221)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.01/mini_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_07_27; reference:url, urlhaus.abuse.ch/url/220221/; classtype:trojan-activity;sid:81083321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (219275)"; flow:established,from_client; content:"GET"; http_method; content:"/0996938c001/6e8a2a4f-40ac-464f-9a70-7c67f0a0da19.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"files.constantcontact.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_07_24; reference:url, urlhaus.abuse.ch/url/219275/; classtype:trojan-activity;sid:81082375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217608)"; flow:established,from_client; content:"GET"; http_method; content:"/2018/06/201806065969_1243.doc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"data.kaoyany.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217608/; classtype:trojan-activity;sid:81080708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210525)"; flow:established,from_client; content:"GET"; http_method; content:"/20.06.2019_130.22.doc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210525/; classtype:trojan-activity;sid:81073625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; content:"GET"; http_method; content:"/opolis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.opolis.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (207761)"; flow:established,from_client; content:"GET"; http_method; content:"/monex%20swift%20_11.06.2019.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"tcgroup.com.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_06_11; reference:url, urlhaus.abuse.ch/url/207761/; classtype:trojan-activity;sid:81070861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (206183)"; flow:established,from_client; content:"GET"; http_method; content:"/~golgo13ex/c964732.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.cc9.ne.jp"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_05; reference:url, urlhaus.abuse.ch/url/206183/; classtype:trojan-activity;sid:81069283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hseda.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201410)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivos/nfe.sfx.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.caravella.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201410/; classtype:trojan-activity;sid:81064510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201067)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivos/nfe.sfx.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"caravella.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201067/; classtype:trojan-activity;sid:81064167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197376)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/g1gc04s1woz64tp6ugkcifwtu7pk0_l0pue-9898692635/"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"itcomsrv.kz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197376/; classtype:trojan-activity;sid:81060476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195172)"; flow:established,from_client; content:"GET"; http_method; content:"/eypipe/pipefile/adpopup/adpopup_1382523956.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"goto.stnts.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_13; reference:url, urlhaus.abuse.ch/url/195172/; classtype:trojan-activity;sid:81058272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (192670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/genisis.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.236.161.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_08; reference:url, urlhaus.abuse.ch/url/192670/; classtype:trojan-activity;sid:81055770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (192662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/genisis.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.236.161.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_08; reference:url, urlhaus.abuse.ch/url/192662/; classtype:trojan-activity;sid:81055762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (190885)"; flow:established,from_client; content:"GET"; http_method; content:"/lnkfmx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.236.161.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_05; reference:url, urlhaus.abuse.ch/url/190885/; classtype:trojan-activity;sid:81053985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (187650)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orphic.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.236.161.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_04_30; reference:url, urlhaus.abuse.ch/url/187650/; classtype:trojan-activity;sid:81050750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (186282)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/1003b/patch/patch_data/patch_0.3300/1003b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"dl.1003b.56a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_27; reference:url, urlhaus.abuse.ch/url/186282/; classtype:trojan-activity;sid:81049382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (185713)"; flow:established,from_client; content:"GET"; http_method; content:"/qrtb.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xiaoma-10021647.file.myqcloud.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_04_26; reference:url, urlhaus.abuse.ch/url/185713/; classtype:trojan-activity;sid:81048813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (184801)"; flow:established,from_client; content:"GET"; http_method; content:"/tqpjo/scan/uftruaemi2h/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"redlk.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_04_25; reference:url, urlhaus.abuse.ch/url/184801/; classtype:trojan-activity;sid:81047901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (176091)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/css/msg.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_12; reference:url, urlhaus.abuse.ch/url/176091/; classtype:trojan-activity;sid:81039191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175833)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/html/com_contact/category/hp.gf"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175833/; classtype:trojan-activity;sid:81038933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173971)"; flow:established,from_client; content:"GET"; http_method; content:"/file/support/trust/en/042019/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"brightworks.cz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_04_09; reference:url, urlhaus.abuse.ch/url/173971/; classtype:trojan-activity;sid:81037071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173425)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ewbnm-h00hvr2ptu3kyyr_yavlsniuf-a0u/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"solutelco.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_08; reference:url, urlhaus.abuse.ch/url/173425/; classtype:trojan-activity;sid:81036525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170262)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170262/; classtype:trojan-activity;sid:81033362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170260)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170260/; classtype:trojan-activity;sid:81033360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (168797)"; flow:established,from_client; content:"GET"; http_method; content:"/images/1754808353/avbq-nqp_gipxnq-ip/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"writerartist.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_29; reference:url, urlhaus.abuse.ch/url/168797/; classtype:trojan-activity;sid:81031897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165504)"; flow:established,from_client; content:"GET"; http_method; content:"/i203611254b019514581.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"programandojuntos.us.tempcloudsite.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165504/; classtype:trojan-activity;sid:81028604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (164277)"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/new_invoice/1033530/hijmq-jo_uqgwdlyf-8e/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164277/; classtype:trojan-activity;sid:81027377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (161757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomatoleizhutizy/tomatoleizhutizy.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl2.360tpcdn.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_19; reference:url, urlhaus.abuse.ch/url/161757/; classtype:trojan-activity;sid:81024857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (158942)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-03/27/pub/4d8ee54db371e.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p5.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_14; reference:url, urlhaus.abuse.ch/url/158942/; classtype:trojan-activity;sid:81022042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (157610)"; flow:established,from_client; content:"GET"; http_method; content:"/stats/f06bn-kgh24-ncoviajp/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_12; reference:url, urlhaus.abuse.ch/url/157610/; classtype:trojan-activity;sid:81020710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154627)"; flow:established,from_client; content:"GET"; http_method; content:"/za.ebali"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mitreart.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154627/; classtype:trojan-activity;sid:81017727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154059)"; flow:established,from_client; content:"GET"; http_method; content:"/mz5qeapm.hta"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dl.asis.io"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154059/; classtype:trojan-activity;sid:81017159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (151907)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/kegy9-vkn3d7-vjunj.view/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"adver.com.br"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_04; reference:url, urlhaus.abuse.ch/url/151907/; classtype:trojan-activity;sid:81015007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (146376)"; flow:established,from_client; content:"GET"; http_method; content:"/sendincsec/legal/secure/en/022019/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_25; reference:url, urlhaus.abuse.ch/url/146376/; classtype:trojan-activity;sid:81009476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143834)"; flow:established,from_client; content:"GET"; http_method; content:"/hl2dm/hl2dm_updater.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"update.bruss.org.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143834/; classtype:trojan-activity;sid:81006934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143833)"; flow:established,from_client; content:"GET"; http_method; content:"/hl2dm/hl2dm%5fupdater.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"update.bruss.org.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143833/; classtype:trojan-activity;sid:81006933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143301)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/raw/master/win.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143301/; classtype:trojan-activity;sid:81006401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143068)"; flow:established,from_client; content:"GET"; http_method; content:"/copy_receipt/kppte-noyz_tjl-kww/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_22; reference:url, urlhaus.abuse.ch/url/143068/; classtype:trojan-activity;sid:81006168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (142841)"; flow:established,from_client; content:"GET"; http_method; content:"/company/account/open/file/jnpvoliu3gcmmwttlpocikgwpnx/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"energy63.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_22; reference:url, urlhaus.abuse.ch/url/142841/; classtype:trojan-activity;sid:81005941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (141151)"; flow:established,from_client; content:"GET"; http_method; content:"/secure/business/open/read/6ejw2ylnjos64gujbzyd/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/141151/; classtype:trojan-activity;sid:81004251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140791)"; flow:established,from_client; content:"GET"; http_method; content:"/bv5eh1ierp/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"augsburg-auto.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140791/; classtype:trojan-activity;sid:81003891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140721)"; flow:established,from_client; content:"GET"; http_method; content:"/llc/pymn-4tz_mul-r1/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"energy63.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140721/; classtype:trojan-activity;sid:81003821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140156)"; flow:established,from_client; content:"GET"; http_method; content:"/1465810408079_502.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"static.topxgun.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_19; reference:url, urlhaus.abuse.ch/url/140156/; classtype:trojan-activity;sid:81003256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (124794)"; flow:established,from_client; content:"GET"; http_method; content:"/info/invoice/pbxt-q6sq_xs-1b/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_14; reference:url, urlhaus.abuse.ch/url/124794/; classtype:trojan-activity;sid:80987894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122975)"; flow:established,from_client; content:"GET"; http_method; content:"/data/box.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dusttv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122975/; classtype:trojan-activity;sid:80986075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122898)"; flow:established,from_client; content:"GET"; http_method; content:"/u1yk11gr/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122898/; classtype:trojan-activity;sid:80985998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122545)"; flow:established,from_client; content:"GET"; http_method; content:"/sec.accounts.send.com/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"grikom.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_12; reference:url, urlhaus.abuse.ch/url/122545/; classtype:trojan-activity;sid:80985645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (118737)"; flow:established,from_client; content:"GET"; http_method; content:"/us_us/info/invoice_notice/04742192589/tlpp-l3mt_mdyhk-fp3/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"onlinetanecni.cz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_06; reference:url, urlhaus.abuse.ch/url/118737/; classtype:trojan-activity;sid:80981837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (116990)"; flow:established,from_client; content:"GET"; http_method; content:"/ltbx_h3dtc-obppcj/maj/messages/2019-02/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"airlife.bget.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_02_04; reference:url, urlhaus.abuse.ch/url/116990/; classtype:trojan-activity;sid:80980090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115231)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115231/; classtype:trojan-activity;sid:80978331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (114988)"; flow:established,from_client; content:"GET"; http_method; content:"/6iywkl5i_mg/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pobedastaff.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_31; reference:url, urlhaus.abuse.ch/url/114988/; classtype:trojan-activity;sid:80978088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112779)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112779/; classtype:trojan-activity;sid:80975879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112648)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112648/; classtype:trojan-activity;sid:80975748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112647)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112647/; classtype:trojan-activity;sid:80975747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112642)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112642/; classtype:trojan-activity;sid:80975742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (111691)"; flow:established,from_client; content:"GET"; http_method; content:"/files/haeum.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"haeum.nfile.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_28; reference:url, urlhaus.abuse.ch/url/111691/; classtype:trojan-activity;sid:80974791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110142)"; flow:established,from_client; content:"GET"; http_method; content:"/%d3%b2%bc%fe%d0%c5%cf%a2%b2%e9%bf%b4%c6%f7.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"down.54nb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110142/; classtype:trojan-activity;sid:80973242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110132)"; flow:established,from_client; content:"GET"; http_method; content:"/gcld/updates_tw/gcmgr_tw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"static.ilclock.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110132/; classtype:trojan-activity;sid:80973232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (109220)"; flow:established,from_client; content:"GET"; http_method; content:"/de_de/tejqsyf3366492/ger/rechnungszahlung/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"blogs.sokun.jp"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_24; reference:url, urlhaus.abuse.ch/url/109220/; classtype:trojan-activity;sid:80972320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (108283)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/4qnwtdd-4xsuuy1xlrmzcibqjfu/ihdzyo55cus7ds4lmmkxpa"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_01_23; reference:url, urlhaus.abuse.ch/url/108283/; classtype:trojan-activity;sid:80971383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106006)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin128.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106006/; classtype:trojan-activity;sid:80969106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106002)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd156.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106002/; classtype:trojan-activity;sid:80969102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106000)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin130.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106000/; classtype:trojan-activity;sid:80969100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105999)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin142.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105999/; classtype:trojan-activity;sid:80969099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105998)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd124.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105998/; classtype:trojan-activity;sid:80969098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105997)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin141.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105997/; classtype:trojan-activity;sid:80969097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105996)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd127.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105996/; classtype:trojan-activity;sid:80969096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105992)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd145.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105992/; classtype:trojan-activity;sid:80969092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105991)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin140.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105991/; classtype:trojan-activity;sid:80969091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105988)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd144.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105988/; classtype:trojan-activity;sid:80969088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105985)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd136.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105985/; classtype:trojan-activity;sid:80969085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105976)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin139.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105976/; classtype:trojan-activity;sid:80969076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105975)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd137.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105975/; classtype:trojan-activity;sid:80969075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105946)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.1.17/fmt_01.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105946/; classtype:trojan-activity;sid:80969046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105407)"; flow:established,from_client; content:"GET"; http_method; content:"/hkhe3fktc/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"atkcgnew.evgeni7e.beget.tech"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105407/; classtype:trojan-activity;sid:80968507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104181)"; flow:established,from_client; content:"GET"; http_method; content:"/cfjy-2q9i_yq-se/comet/signs/payment/notification/01/16/2019/en/open-past-due-orders/"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104181/; classtype:trojan-activity;sid:80967281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104016)"; flow:established,from_client; content:"GET"; http_method; content:"/drop/css/obr.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.myvcart.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104016/; classtype:trojan-activity;sid:80967116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (103702)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/pridmag/ttt/161485502.doc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"sdvgpro.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_01_15; reference:url, urlhaus.abuse.ch/url/103702/; classtype:trojan-activity;sid:80966802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (103393)"; flow:established,from_client; content:"GET"; http_method; content:"/vp1bgrvz9v/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.mixturro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_01_15; reference:url, urlhaus.abuse.ch/url/103393/; classtype:trojan-activity;sid:80966493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102706)"; flow:established,from_client; content:"GET"; http_method; content:"/autoguarder/autoguarder_2.3.7.350.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl4.360.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_12; reference:url, urlhaus.abuse.ch/url/102706/; classtype:trojan-activity;sid:80965806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102548)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/tips/v1.0.1.11/tips_01.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102548/; classtype:trojan-activity;sid:80965648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102545)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/fmt/v1.0.1.11/fmt_01.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102545/; classtype:trojan-activity;sid:80965645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98628)"; flow:established,from_client; content:"GET"; http_method; content:"/6nqq.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.hostingcloud.science"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2018_12_21; reference:url, urlhaus.abuse.ch/url/98628/; classtype:trojan-activity;sid:80961728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98115)"; flow:established,from_client; content:"GET"; http_method; content:"/pvvwe-5ve_e-avu/invoicecodechanges/us/service-invoice"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_20; reference:url, urlhaus.abuse.ch/url/98115/; classtype:trojan-activity;sid:80961215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96660)"; flow:established,from_client; content:"GET"; http_method; content:"/l5ecamtdy/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96660/; classtype:trojan-activity;sid:80959760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96625)"; flow:established,from_client; content:"GET"; http_method; content:"/iuia-qgkdtq2rfbxd7z_ljiaengvq-4cy/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.ardguisser.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96625/; classtype:trojan-activity;sid:80959725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95728)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/shiqi/2003/06/20030620.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95728/; classtype:trojan-activity;sid:80958828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95727)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/200305252.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95727/; classtype:trojan-activity;sid:80958827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95726)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mu/2003/07/20030721.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95726/; classtype:trojan-activity;sid:80958826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95634)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/guochang/setup_tvplayer.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95634/; classtype:trojan-activity;sid:80958734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95550)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/20030520.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95550/; classtype:trojan-activity;sid:80958650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95509)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95509/; classtype:trojan-activity;sid:80958609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95209)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95209/; classtype:trojan-activity;sid:80958309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95078)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95078/; classtype:trojan-activity;sid:80958178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/20140812/14078161556897.rar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"static.3001.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94199)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94199/; classtype:trojan-activity;sid:80957299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (93513)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/telekom/rechnungonline/112018/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"artscreenstudio.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_12; reference:url, urlhaus.abuse.ch/url/93513/; classtype:trojan-activity;sid:80956613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92351)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/2"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92351/; classtype:trojan-activity;sid:80955451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92344)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92344/; classtype:trojan-activity;sid:80955444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91936)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-11/17/pub/4ce336b4661fd.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91936/; classtype:trojan-activity;sid:80955036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91935)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-11/04/pub/4cd2620ce3f10.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91935/; classtype:trojan-activity;sid:80955035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91933)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-08/11/pub/4e4334b150fcf.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91933/; classtype:trojan-activity;sid:80955033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91931)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-10/14/1121109/4e97e74d5dd8e.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91931/; classtype:trojan-activity;sid:80955031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91928)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/03/519808/4cf8bc6362f34.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91928/; classtype:trojan-activity;sid:80955028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91927)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/12/pub/4d043cebf1e0b.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91927/; classtype:trojan-activity;sid:80955027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-10/22/1164339/4ea2a4c43df54.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_08; reference:url, urlhaus.abuse.ch/url/91881/; classtype:trojan-activity;sid:80954981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86730)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_29; reference:url, urlhaus.abuse.ch/url/86730/; classtype:trojan-activity;sid:80949830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86203)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/86203/; classtype:trojan-activity;sid:80949303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/rc1veeex.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85901)"; flow:established,from_client; content:"GET"; http_method; content:"/tekiwanatain/installer.rar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85901/; classtype:trojan-activity;sid:80949001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/a9to40e7.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/06/98428/07c9mfhe.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84160)"; flow:established,from_client; content:"GET"; http_method; content:"/709rru/ach/business"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.uralmetalloprokat.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84160/; classtype:trojan-activity;sid:80947260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84040)"; flow:established,from_client; content:"GET"; http_method; content:"/0415jbrob/sep/smallbusiness"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.udobrit.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84040/; classtype:trojan-activity;sid:80947140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84037)"; flow:established,from_client; content:"GET"; http_method; content:"/5zbqf/wire/personal"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.tobeart.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84037/; classtype:trojan-activity;sid:80947137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79623)"; flow:established,from_client; content:"GET"; http_method; content:"/urzfhrbbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vagler.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79623/; classtype:trojan-activity;sid:80942723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79342)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/1gpusd8uwnakepjjehixnayfekq/kbdjubux_j-nvjot1z-mdw"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79342/; classtype:trojan-activity;sid:80942442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (71185)"; flow:established,from_client; content:"GET"; http_method; content:"/nykol16/kepek.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_26; reference:url, urlhaus.abuse.ch/url/71185/; classtype:trojan-activity;sid:80934285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67439)"; flow:established,from_client; content:"GET"; http_method; content:"/zoolatogato/xruhbmzvlaghfnqcerrv.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_12; reference:url, urlhaus.abuse.ch/url/67439/; classtype:trojan-activity;sid:80930539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66694)"; flow:established,from_client; content:"GET"; http_method; content:"/autoup/client/aqclient.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pay.aqiu6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_10_11; reference:url, urlhaus.abuse.ch/url/66694/; classtype:trojan-activity;sid:80929794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66274)"; flow:established,from_client; content:"GET"; http_method; content:"/toneraruhaz/wp-admin/network/installer.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66274/; classtype:trojan-activity;sid:80929374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (64681)"; flow:established,from_client; content:"GET"; http_method; content:"/85nojvodyz/biz/business"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kamin-premium.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_10_04; reference:url, urlhaus.abuse.ch/url/64681/; classtype:trojan-activity;sid:80927781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (59247)"; flow:established,from_client; content:"GET"; http_method; content:"/vqd0d5/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_09_23; reference:url, urlhaus.abuse.ch/url/59247/; classtype:trojan-activity;sid:80922347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57935)"; flow:established,from_client; content:"GET"; http_method; content:"/factures-09-2018/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hasalltalent.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_09_19; reference:url, urlhaus.abuse.ch/url/57935/; classtype:trojan-activity;sid:80921035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57059)"; flow:established,from_client; content:"GET"; http_method; content:"/document/en/need-to-send-the-attachment"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_17; reference:url, urlhaus.abuse.ch/url/57059/; classtype:trojan-activity;sid:80920159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (56449)"; flow:established,from_client; content:"GET"; http_method; content:"/7mn5zo8d/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_14; reference:url, urlhaus.abuse.ch/url/56449/; classtype:trojan-activity;sid:80919549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (45270)"; flow:established,from_client; content:"GET"; http_method; content:"/022bzx/swift/us"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"merctransfers.gradycares.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2018_08_21; reference:url, urlhaus.abuse.ch/url/45270/; classtype:trojan-activity;sid:80908370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (44461)"; flow:established,from_client; content:"GET"; http_method; content:"/5805773c/payment/personal"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ct3-24.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_08_20; reference:url, urlhaus.abuse.ch/url/44461/; classtype:trojan-activity;sid:80907561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (44113)"; flow:established,from_client; content:"GET"; http_method; content:"/663752sludgz/oamo/us/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ct3-24.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_08_17; reference:url, urlhaus.abuse.ch/url/44113/; classtype:trojan-activity;sid:80907213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (40811)"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/en_us/status/deposit"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bankgarantia.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_10; reference:url, urlhaus.abuse.ch/url/40811/; classtype:trojan-activity;sid:80903911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38013)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/gxfqfem5m813nva/firefox_67.3.39.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38013/; classtype:trojan-activity;sid:80901113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38011)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/dqrsgzlf8jeefw0/firefox_67.3.45.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38011/; classtype:trojan-activity;sid:80901111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38009)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/g4is5u674v6l2yy/firefox_67.3.16.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38009/; classtype:trojan-activity;sid:80901109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36522)"; flow:established,from_client; content:"GET"; http_method; content:"/files/en/statement/invoice/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_28; reference:url, urlhaus.abuse.ch/url/36522/; classtype:trojan-activity;sid:80899622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36154)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en_us/invoice-for-sent/invoice/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_26; reference:url, urlhaus.abuse.ch/url/36154/; classtype:trojan-activity;sid:80899254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34267)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/account/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34267/; classtype:trojan-activity;sid:80897367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34227)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-07/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34227/; classtype:trojan-activity;sid:80897327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34178)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-07-2018/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"asl-company.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34178/; classtype:trojan-activity;sid:80897278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34102)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/account/auditor-of-state-notification-of-eft-deposit"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34102/; classtype:trojan-activity;sid:80897202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (33107)"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/us_us/file/invoice-604371/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"kuzina-teatr.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_07_16; reference:url, urlhaus.abuse.ch/url/33107/; classtype:trojan-activity;sid:80896207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (28277)"; flow:established,from_client; content:"GET"; http_method; content:"/mc_setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"crimefreesoftware.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2018_07_04; reference:url, urlhaus.abuse.ch/url/28277/; classtype:trojan-activity;sid:80891377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (24594)"; flow:established,from_client; content:"GET"; http_method; content:"/past-due-invoices"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kakhun.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_06_28; reference:url, urlhaus.abuse.ch/url/24594/; classtype:trojan-activity;sid:80887694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (24379)"; flow:established,from_client; content:"GET"; http_method; content:"/past-due-invoices/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kakhun.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_06_28; reference:url, urlhaus.abuse.ch/url/24379/; classtype:trojan-activity;sid:80887479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (16630)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/past-due-invoice/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_07; reference:url, urlhaus.abuse.ch/url/16630/; classtype:trojan-activity;sid:80879730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (15711)"; flow:established,from_client; content:"GET"; http_method; content:"/status/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_05; reference:url, urlhaus.abuse.ch/url/15711/; classtype:trojan-activity;sid:80878811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (14715)"; flow:established,from_client; content:"GET"; http_method; content:"/admim/mine001.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.tirtasentosa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2018_06_03; reference:url, urlhaus.abuse.ch/url/14715/; classtype:trojan-activity;sid:80877815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8434)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros002.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8434/; classtype:trojan-activity;sid:80871534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8433)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros001.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8433/; classtype:trojan-activity;sid:80871533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8432)"; flow:established,from_client; content:"GET"; http_method; content:"/give/prin001.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8432/; classtype:trojan-activity;sid:80871532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8431)"; flow:established,from_client; content:"GET"; http_method; content:"/give/obi001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8431/; classtype:trojan-activity;sid:80871531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8430)"; flow:established,from_client; content:"GET"; http_method; content:"/give/jon001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8430/; classtype:trojan-activity;sid:80871530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8053)"; flow:established,from_client; content:"GET"; http_method; content:"/give/was001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_02; reference:url, urlhaus.abuse.ch/url/8053/; classtype:trojan-activity;sid:80871153; rev:1;)
# Number of entries: 32093